[PATCH] procfs bug exposed by cdev changes

fs/inode.c assumes that any ->delete_inode() will call clear_inode(). procfs instance doesn't. It had passed unpunished for a while; cdev changes combined with ALSA creating character devices in procfs made it fatal. Patch follows. It had fixed ALSA-triggered memory corruption here - what happens in vanilla 2.5.70 is that clear_inode() is not called when procfs character device inodes are freed. That leaves a freed inode on a cyclic list, with obvious unpleasantness following when we try to traverse it (e.g. when unregistering a device).
author: Alexander Viro <viro@parcelfarce.linux.theplanet.co.uk> 2003-05-27 04:13:21 -0700
committer: Arnaldo Carvalho de Melo <acme@conectiva.com.br> 2003-05-27 04:13:21 -0700
commit: cb13b1587c838d5fdf4d6069f474edf0e23f396c (patch)
tree: ed7f83b0d4784134b388ede4de60644cf4e8b008 /fs
parent: fc2dcf95e9148b68974cbe071a65a664104af937 (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/fs/proc/inode.c b/fs/proc/inode.c
index ec0bc6aadd2c..cc29f792f149 100644
--- a/fs/proc/inode.c
+++ b/fs/proc/inode.c
@@ -61,8 +61,6 @@ static void proc_delete_inode(struct inode *inode)
 	struct proc_dir_entry *de;
 	struct task_struct *tsk;
 
-	inode->i_state = I_CLEAR;
-
 	/* Let go of any associated process */
 	tsk = PROC_I(inode)->task;
 	if (tsk)
@@ -75,6 +73,7 @@ static void proc_delete_inode(struct inode *inode)
 			module_put(de->owner);
 		de_put(de);
 	}
+	clear_inode(inode);
 }
 
 struct vfsmount *proc_mnt;
author	Alexander Viro <viro@parcelfarce.linux.theplanet.co.uk>	2003-05-27 04:13:21 -0700
committer	Arnaldo Carvalho de Melo <acme@conectiva.com.br>	2003-05-27 04:13:21 -0700
commit	cb13b1587c838d5fdf4d6069f474edf0e23f396c (patch)
tree	ed7f83b0d4784134b388ede4de60644cf4e8b008 /fs
parent	fc2dcf95e9148b68974cbe071a65a664104af937 (diff)