On Mon, Oct 30, 2017 at 3:00 PM, Jan Kara <jack@xxxxxxx> wrote: > On Wed 25-10-17 10:41:36, Miklos Szeredi wrote: >> After having gone through a ref-unref for the mark, dereferencing the group >> (e.g. in fsnotify_compare_groups()) is wrong since the group may be >> completely gone by that time. So before continuing to traverse the mark >> list, check if the mark is still attached. > > Are you sure this can happen? The thing is: Group reference from mark is > dropped only in fsnotify_final_mark_destroy(). That gets called after SRCU > period is finished from fsnotify_mark_destroy_workfn(). And SRCU period in > which we have dropped our mark reference in fsnotify_finish_user_wait() has > not yet ended. What am I missing? Ah, missed that fact that mark holds a ref on the group until it's destroyed. Yes, the patch is unnecessary in this case. Thanks, Miklos
