On Mon, Aug 20, 2018 at 3:32 PM Jan Kara <jack@xxxxxxx> wrote:
>
> When inode is getting deleted and someone else holds reference to a mark
> attached to the inode, we just detach the connector from the inode. In
> that case fsnotify_put_mark() called from fsnotify_destroy_marks() will
> decide to recalculate mask for the inode and __fsnotify_recalc_mask()
> will WARN about invalid connector type:
>
> WARNING: CPU: 1 PID: 12015 at fs/notify/mark.c:139
> __fsnotify_recalc_mask+0x2d7/0x350 fs/notify/mark.c:139
>
> Actually there's no reason to warn about detached connector in
> __fsnotify_recalc_mask() so just silently skip updating the mask in such
> case.
>
> Reported-by: syzbot+c34692a51b9a6ca93540@xxxxxxxxxxxxxxxxxxxxxxxxx
> Fixes: 3ac70bfcde81 ("fsnotify: add helper to get mask from connector")
> Signed-off-by: Jan Kara <jack@xxxxxxx>
> ---
> fs/notify/mark.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> I plan to merge this fix through my tree for 4.19-rc2.
>
looks good.
Thanks.
> diff --git a/fs/notify/mark.c b/fs/notify/mark.c
> index 05506d60131c..59cdb27826de 100644
> --- a/fs/notify/mark.c
> +++ b/fs/notify/mark.c
> @@ -132,13 +132,13 @@ static void __fsnotify_recalc_mask(struct fsnotify_mark_connector *conn)
> struct fsnotify_mark *mark;
>
> assert_spin_locked(&conn->lock);
> + /* We can get detached connector here when inode is getting unlinked. */
> + if (!fsnotify_valid_obj_type(conn->type))
> + return;
> hlist_for_each_entry(mark, &conn->list, obj_list) {
> if (mark->flags & FSNOTIFY_MARK_FLAG_ATTACHED)
> new_mask |= mark->mask;
> }
> - if (WARN_ON(!fsnotify_valid_obj_type(conn->type)))
> - return;
> -
> *fsnotify_conn_mask_p(conn) = new_mask;
> }
>
> --
> 2.16.4
>
