xfs: remove log item from AIL in xfs_iflush after a shutdown

If a filesystem has been forced shutdown we are never going to write inodes to disk, which means the inode items will stay in the AIL until we free the inode. Currently that is not a problem, but a pending change requires us to empty the AIL before shutting down the filesystem. In that case leaving the inode in the AIL is lethal. Make sure to remove the log item from the AIL to allow emptying the AIL on shutdown filesystems. Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Mark Tinguely <tinguely@sgi.com> Signed-off-by: Ben Myers <bpm@sgi.com>
author: Christoph Hellwig <hch@infradead.org> 2012-04-23 01:58:32 -0400
committer: Ben Myers <bpm@sgi.com> 2012-05-14 17:20:25 -0400
commit: 32ce90a4b79155a155de2b284d8b69023e5e8fea (patch)
tree: 1280a85dea9061a8089a39fccc8a5ce0fc222e62
parent: dea9609527a55b65638a6323894269334dfe6ec5 (diff)
4 files changed, 12 insertions, 27 deletions
diff --git a/fs/xfs/xfs_dquot.c b/fs/xfs/xfs_dquot.c
index e2f6f7c877db..786a61e1cccd 100644
--- a/fs/xfs/xfs_dquot.c
+++ b/fs/xfs/xfs_dquot.c
@@ -915,8 +915,7 @@ xfs_qm_dqflush(
                spin_lock(&mp->m_ail->xa_lock);
                if (lip->li_flags & XFS_LI_IN_AIL)
-                        xfs_trans_ail_delete(mp->m_ail, lip,
+                        xfs_trans_ail_delete(mp->m_ail, lip);
-                                             SHUTDOWN_CORRUPT_INCORE);
                else
                        spin_unlock(&mp->m_ail->xa_lock);
diff --git a/fs/xfs/xfs_iget.c b/fs/xfs/xfs_iget.c
index bcc6c249b2c7..ab89ca7fdb95 100644
--- a/fs/xfs/xfs_iget.c
+++ b/fs/xfs/xfs_iget.c
@@ -123,23 +123,7 @@ xfs_inode_free(
                xfs_idestroy_fork(ip, XFS_ATTR_FORK);
        if (ip->i_itemp) {
-                /*
+                ASSERT(!(ip->i_itemp->ili_item.li_flags & XFS_LI_IN_AIL));
-                 * Only if we are shutting down the fs will we see an
-                 * inode still in the AIL. If it is there, we should remove
-                 * it to prevent a use-after-free from occurring.
-                 */
-                xfs_log_item_t  *lip = &ip->i_itemp->ili_item;
-                struct xfs_ail  *ailp = lip->li_ailp;
-                ASSERT(((lip->li_flags & XFS_LI_IN_AIL) == 0) ||
-                                       XFS_FORCED_SHUTDOWN(ip->i_mount));
-                if (lip->li_flags & XFS_LI_IN_AIL) {
-                        spin_lock(&ailp->xa_lock);
-                        if (lip->li_flags & XFS_LI_IN_AIL)
-                                xfs_trans_ail_delete(ailp, lip);
-                        else
-                                spin_unlock(&ailp->xa_lock);
-                }
                xfs_inode_item_destroy(ip);
                ip->i_itemp = NULL;
        }
diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c
index bc46c0a133d3..00f9c2f34e1f 100644
--- a/fs/xfs/xfs_inode.c
+++ b/fs/xfs/xfs_inode.c
@@ -2397,7 +2397,6 @@ xfs_iflush(
        xfs_inode_t             *ip,
        uint                    flags)
 {
-        xfs_inode_log_item_t    *iip;
        xfs_buf_t               *bp;
        xfs_dinode_t            *dip;
        xfs_mount_t             *mp;
@@ -2410,7 +2409,6 @@ xfs_iflush(
        ASSERT(ip->i_d.di_format != XFS_DINODE_FMT_BTREE ||
               ip->i_d.di_nextents > XFS_IFORK_MAXEXT(ip, XFS_DATA_FORK));
-        iip = ip->i_itemp;
        mp = ip->i_mount;
        /*
@@ -2447,13 +2445,14 @@ xfs_iflush(
        /*
         * This may have been unpinned because the filesystem is shutting
         * down forcibly. If that's the case we must not write this inode
-         * to disk, because the log record didn't make it to disk!
+         * to disk, because the log record didn't make it to disk.
+         *
+         * We also have to remove the log item from the AIL in this case,
+         * as we wait for an empty AIL as part of the unmount process.
         */
        if (XFS_FORCED_SHUTDOWN(mp)) {
-                if (iip)
+                error = XFS_ERROR(EIO);
-                        iip->ili_fields = 0;
+                goto abort_out;
-                xfs_ifunlock(ip);
-                return XFS_ERROR(EIO);
        }
        /*
@@ -2500,11 +2499,13 @@ corrupt_out:
        xfs_buf_relse(bp);
        xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_INCORE);
 cluster_corrupt_out:
+        error = XFS_ERROR(EFSCORRUPTED);
+abort_out:
        /*
         * Unlocks the flush lock
         */
        xfs_iflush_abort(ip);
-        return XFS_ERROR(EFSCORRUPTED);
+        return error;
 }
diff --git a/fs/xfs/xfs_sync.c b/fs/xfs/xfs_sync.c
index c318d8a4a631..7648776e0a9e 100644
--- a/fs/xfs/xfs_sync.c
+++ b/fs/xfs/xfs_sync.c
@@ -782,6 +782,7 @@ restart:
                goto reclaim;
        if (XFS_FORCED_SHUTDOWN(ip->i_mount)) {
                xfs_iunpin_wait(ip);
+                xfs_iflush_abort(ip);
                goto reclaim;
        }
        if (xfs_ipincount(ip)) {
author	Christoph Hellwig <hch@infradead.org>	2012-04-23 01:58:32 -0400
committer	Ben Myers <bpm@sgi.com>	2012-05-14 17:20:25 -0400
commit	32ce90a4b79155a155de2b284d8b69023e5e8fea (patch)
tree	1280a85dea9061a8089a39fccc8a5ce0fc222e62
parent	dea9609527a55b65638a6323894269334dfe6ec5 (diff)