diff options
author | Lachlan McIlroy <lachlan@sgi.com> | 2008-08-13 01:42:10 -0400 |
---|---|---|
committer | Lachlan McIlroy <lachlan@redback.melbourne.sgi.com> | 2008-08-13 01:42:10 -0400 |
commit | 3790689fa3c771bba6bafb7dee3e8389dd0b55bc (patch) | |
tree | 1445885f92de7f14034f4f5a647ea3e5ea6b43d8 /fs/xfs/linux-2.6 | |
parent | 79071eb0b2f142b9cc6531d04fa2915943938b5e (diff) |
[XFS] Do not access buffers after dropping reference count
We should not access a buffer after dropping it's reference count
otherwise we could race with another thread that releases the final
reference count and frees the buffer causing us to access potentially
unmapped memory. The bug this change fixes only occured on DEBUG XFS since
the offending code was in an ASSERT.
SGI-PV: 984429
SGI-Modid: xfs-linux-melb:xfs-kern:31715a
Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>
Signed-off-by: David Chinner <david@fromorbit.com>
Diffstat (limited to 'fs/xfs/linux-2.6')
-rw-r--r-- | fs/xfs/linux-2.6/xfs_buf.c | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/fs/xfs/linux-2.6/xfs_buf.c b/fs/xfs/linux-2.6/xfs_buf.c index 9cc8f0213095..9f45c74f1a84 100644 --- a/fs/xfs/linux-2.6/xfs_buf.c +++ b/fs/xfs/linux-2.6/xfs_buf.c | |||
@@ -838,6 +838,7 @@ xfs_buf_rele( | |||
838 | return; | 838 | return; |
839 | } | 839 | } |
840 | 840 | ||
841 | ASSERT(atomic_read(&bp->b_hold) > 0); | ||
841 | if (atomic_dec_and_lock(&bp->b_hold, &hash->bh_lock)) { | 842 | if (atomic_dec_and_lock(&bp->b_hold, &hash->bh_lock)) { |
842 | if (bp->b_relse) { | 843 | if (bp->b_relse) { |
843 | atomic_inc(&bp->b_hold); | 844 | atomic_inc(&bp->b_hold); |
@@ -851,11 +852,6 @@ xfs_buf_rele( | |||
851 | spin_unlock(&hash->bh_lock); | 852 | spin_unlock(&hash->bh_lock); |
852 | xfs_buf_free(bp); | 853 | xfs_buf_free(bp); |
853 | } | 854 | } |
854 | } else { | ||
855 | /* | ||
856 | * Catch reference count leaks | ||
857 | */ | ||
858 | ASSERT(atomic_read(&bp->b_hold) >= 0); | ||
859 | } | 855 | } |
860 | } | 856 | } |
861 | 857 | ||