aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDave Chinner <david@fromorbit.com>2010-01-11 06:45:21 -0500
committerAlex Elder <aelder@sgi.com>2010-01-15 14:46:02 -0500
commit4b6a46882cca8349e8942e2650c33b11bc571c92 (patch)
tree5a5ab0783340fa4acd75a172d857d0077a527809
parent126976c7c17d3bdfbc1fe9e0af8bee9f62d14cc6 (diff)
xfs: fix stale inode flush avoidance
When reclaiming stale inodes, we need to guarantee that inodes are unpinned before returning with a "clean" status. If we don't we can reclaim inodes that are pinned, leading to use after free in the transaction subsystem as transactions complete. Signed-off-by: Dave Chinner <david@fromorbit.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Alex Elder <aelder@sgi.com>
-rw-r--r--fs/xfs/xfs_inode.c21
1 files changed, 15 insertions, 6 deletions
diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c
index 391d36b0e68c..ef77fd88c8e3 100644
--- a/fs/xfs/xfs_inode.c
+++ b/fs/xfs/xfs_inode.c
@@ -2842,13 +2842,9 @@ xfs_iflush(
2842 2842
2843 /* 2843 /*
2844 * If the inode isn't dirty, then just release the inode flush lock and 2844 * If the inode isn't dirty, then just release the inode flush lock and
2845 * do nothing. Treat stale inodes the same; we cannot rely on the 2845 * do nothing.
2846 * backing buffer remaining stale in cache for the remaining life of
2847 * the stale inode and so xfs_itobp() below may give us a buffer that
2848 * no longer contains inodes below. Doing this stale check here also
2849 * avoids forcing the log on pinned, stale inodes.
2850 */ 2846 */
2851 if (xfs_inode_clean(ip) || xfs_iflags_test(ip, XFS_ISTALE)) { 2847 if (xfs_inode_clean(ip)) {
2852 xfs_ifunlock(ip); 2848 xfs_ifunlock(ip);
2853 return 0; 2849 return 0;
2854 } 2850 }
@@ -2872,6 +2868,19 @@ xfs_iflush(
2872 xfs_iunpin_wait(ip); 2868 xfs_iunpin_wait(ip);
2873 2869
2874 /* 2870 /*
2871 * For stale inodes we cannot rely on the backing buffer remaining
2872 * stale in cache for the remaining life of the stale inode and so
2873 * xfs_itobp() below may give us a buffer that no longer contains
2874 * inodes below. We have to check this after ensuring the inode is
2875 * unpinned so that it is safe to reclaim the stale inode after the
2876 * flush call.
2877 */
2878 if (xfs_iflags_test(ip, XFS_ISTALE)) {
2879 xfs_ifunlock(ip);
2880 return 0;
2881 }
2882
2883 /*
2875 * This may have been unpinned because the filesystem is shutting 2884 * This may have been unpinned because the filesystem is shutting
2876 * down forcibly. If that's the case we must not write this inode 2885 * down forcibly. If that's the case we must not write this inode
2877 * to disk, because the log record didn't make it to disk! 2886 * to disk, because the log record didn't make it to disk!