diff options
author | Dave Chinner <david@fromorbit.com> | 2010-01-11 06:45:21 -0500 |
---|---|---|
committer | Alex Elder <aelder@sgi.com> | 2010-01-15 14:46:02 -0500 |
commit | 4b6a46882cca8349e8942e2650c33b11bc571c92 (patch) | |
tree | 5a5ab0783340fa4acd75a172d857d0077a527809 | |
parent | 126976c7c17d3bdfbc1fe9e0af8bee9f62d14cc6 (diff) |
xfs: fix stale inode flush avoidance
When reclaiming stale inodes, we need to guarantee that inodes are
unpinned before returning with a "clean" status. If we don't we can
reclaim inodes that are pinned, leading to use after free in the
transaction subsystem as transactions complete.
Signed-off-by: Dave Chinner <david@fromorbit.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Alex Elder <aelder@sgi.com>
-rw-r--r-- | fs/xfs/xfs_inode.c | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c index 391d36b0e68c..ef77fd88c8e3 100644 --- a/fs/xfs/xfs_inode.c +++ b/fs/xfs/xfs_inode.c | |||
@@ -2842,13 +2842,9 @@ xfs_iflush( | |||
2842 | 2842 | ||
2843 | /* | 2843 | /* |
2844 | * If the inode isn't dirty, then just release the inode flush lock and | 2844 | * If the inode isn't dirty, then just release the inode flush lock and |
2845 | * do nothing. Treat stale inodes the same; we cannot rely on the | 2845 | * do nothing. |
2846 | * backing buffer remaining stale in cache for the remaining life of | ||
2847 | * the stale inode and so xfs_itobp() below may give us a buffer that | ||
2848 | * no longer contains inodes below. Doing this stale check here also | ||
2849 | * avoids forcing the log on pinned, stale inodes. | ||
2850 | */ | 2846 | */ |
2851 | if (xfs_inode_clean(ip) || xfs_iflags_test(ip, XFS_ISTALE)) { | 2847 | if (xfs_inode_clean(ip)) { |
2852 | xfs_ifunlock(ip); | 2848 | xfs_ifunlock(ip); |
2853 | return 0; | 2849 | return 0; |
2854 | } | 2850 | } |
@@ -2872,6 +2868,19 @@ xfs_iflush( | |||
2872 | xfs_iunpin_wait(ip); | 2868 | xfs_iunpin_wait(ip); |
2873 | 2869 | ||
2874 | /* | 2870 | /* |
2871 | * For stale inodes we cannot rely on the backing buffer remaining | ||
2872 | * stale in cache for the remaining life of the stale inode and so | ||
2873 | * xfs_itobp() below may give us a buffer that no longer contains | ||
2874 | * inodes below. We have to check this after ensuring the inode is | ||
2875 | * unpinned so that it is safe to reclaim the stale inode after the | ||
2876 | * flush call. | ||
2877 | */ | ||
2878 | if (xfs_iflags_test(ip, XFS_ISTALE)) { | ||
2879 | xfs_ifunlock(ip); | ||
2880 | return 0; | ||
2881 | } | ||
2882 | |||
2883 | /* | ||
2875 | * This may have been unpinned because the filesystem is shutting | 2884 | * This may have been unpinned because the filesystem is shutting |
2876 | * down forcibly. If that's the case we must not write this inode | 2885 | * down forcibly. If that's the case we must not write this inode |
2877 | * to disk, because the log record didn't make it to disk! | 2886 | * to disk, because the log record didn't make it to disk! |