Kernel: Synchronize removals from TmpFS inode map

Previously we were uncaching inodes from TmpFSInode::one_ref_left(). This was not safe, since one_ref_left() was effectively being called on a raw pointer after decrementing the local ref count and observing it become 1. There was a race here where someone else could trigger the destructor by unreffing to 0 before one_ref_left() got called, causing us to call one_ref_left() on a deleted inode. We fix this by using the new remove_from_secondary_lists() mechanism in ListedRefCounted and synchronizing all access to the TmpFS inode map with the main Inode::all_instances() lock. There's probably a nicer way to solve this.
author: Andreas Kling <kling@serenityos.org> 2022-01-11 00:51:05 +0100
committer: Andreas Kling <kling@serenityos.org> 2022-01-11 01:12:16 +0100
commit: 08e927f084cec99586b50fafa2ba03d5c70c6992 (patch)
tree: d19275295e31cd87bebaa93578eda059a0979344 /Kernel/FileSystem/Inode.h
parent: 3550f12543d851fcfe5b477dd0569839c467d3e8 (diff)
download: serenity-08e927f084cec99586b50fafa2ba03d5c70c6992.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/Kernel/FileSystem/Inode.h b/Kernel/FileSystem/Inode.h
index 6ad3d0dd81..a502b6dc8b 100644
--- a/Kernel/FileSystem/Inode.h
+++ b/Kernel/FileSystem/Inode.h
@@ -31,7 +31,7 @@ class Inode : public ListedRefCounted<Inode, LockType::Spinlock>
 public:
     virtual ~Inode();
 
-    virtual void one_ref_left() { }
+    virtual void remove_from_secondary_lists() { }
 
     FileSystem& fs() { return m_file_system; }
     FileSystem const& fs() const { return m_file_system; }
author	Andreas Kling <kling@serenityos.org>	2022-01-11 00:51:05 +0100
committer	Andreas Kling <kling@serenityos.org>	2022-01-11 01:12:16 +0100
commit	08e927f084cec99586b50fafa2ba03d5c70c6992 (patch)
tree	d19275295e31cd87bebaa93578eda059a0979344 /Kernel/FileSystem/Inode.h
parent	3550f12543d851fcfe5b477dd0569839c467d3e8 (diff)
download	serenity-08e927f084cec99586b50fafa2ba03d5c70c6992.zip