git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Chia-Ming Chang <chiamingc@synology.com>
	Tue, 24 Feb 2026 09:34:42 +0000 (17:34 +0800)
committer	Jan Kara <jack@suse.cz>
	Thu, 26 Feb 2026 14:11:50 +0000 (15:11 +0100)
commit	6a320935fa4293e9e599ec9f85dc9eb3be7029f8
tree	9d9c0c5518a1dec44f60f2ac149576290a26ea97	tree \| snapshot
parent	f4d0ec0aa20d49f09dc01d82894ce80d72de0560	commit \| diff

inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails

When fsnotify_add_inode_mark_locked() fails in inotify_new_watch(),
the error path calls inotify_remove_from_idr() but does not call
dec_inotify_watches() to undo the preceding inc_inotify_watches().
This leaks a watch count, and repeated failures can exhaust the
max_user_watches limit with -ENOSPC even when no watches are active.

Prior to commit 1cce1eea0aff ("inotify: Convert to using per-namespace
limits"), the watch count was incremented after fsnotify_add_mark_locked()
succeeded, so this path was not affected. The conversion moved
inc_inotify_watches() before the mark insertion without adding the
corresponding rollback.

Add the missing dec_inotify_watches() call in the error path.

Fixes: 1cce1eea0aff ("inotify: Convert to using per-namespace limits")
Cc: stable@vger.kernel.org
Signed-off-by: Chia-Ming Chang <chiamingc@synology.com>
Signed-off-by: robbieko <robbieko@synology.com>
Reviewed-by: Nikolay Borisov <nik.borisov@suse.com>
Link: https://patch.msgid.link/20260224093442.3076294-1-chiamingc@synology.com
Signed-off-by: Jan Kara <jack@suse.cz>