f2fs: reposition unlock_new_inode to prevent accessing invalid inode

As the race condition on the inode cache, following scenario can appear: [Thread a] [Thread b] ->f2fs_mkdir ->f2fs_add_link ->__f2fs_add_link ->init_inode_metadata failed here ->gc_thread_func ->f2fs_gc ->do_garbage_collect ->gc_data_segment ->f2fs_iget ->iget_locked ->wait_on_inode ->unlock_new_inode ->move_data_page ->make_bad_inode ->iput When we fail in create/symlink/mkdir/mknod/tmpfile, the new allocated inode should be set as bad to avoid being accessed by other thread. But in above scenario, it allows f2fs to access the invalid inode before this inode was set as bad. This patch fix the potential problem, and this issue was found by code review. change log from v1: o Add condition judgment in gc_data_segment() suggested by Changman Lee. o use iget_failed to simplify code. Signed-off-by: Chao Yu <chao2.yu@samsung.com> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
author: Chao Yu <chao2.yu@samsung.com> 2014-08-29 21:52:34 -0400
committer: Jaegeuk Kim <jaegeuk@kernel.org> 2014-09-02 03:22:24 -0400
commit: b73e52824c8920a5ff754e3c8ff68466a7dd61f9 (patch)
tree: 9f3d869cb4e7cb96b6992da333e9daec987ca86b /fs
parent: 3304b56401c4509ffaa74705b49edc9e13cee195 (diff)
2 files changed, 6 insertions, 16 deletions
diff --git a/fs/f2fs/gc.c b/fs/f2fs/gc.c
index e8507b1c8759..943a31db7cc3 100644
--- a/fs/f2fs/gc.c
+++ b/fs/f2fs/gc.c
@@ -593,7 +593,7 @@ next_step:
                if (phase == 2) {
                        inode = f2fs_iget(sb, dni.ino);
-                        if (IS_ERR(inode))
+                        if (IS_ERR(inode) || is_bad_inode(inode))
                                continue;
                        start_bidx = start_bidx_of_node(nofs, F2FS_I(inode));
diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c
index 6b53ce924d95..ee103fd7283c 100644
--- a/fs/f2fs/namei.c
+++ b/fs/f2fs/namei.c
@@ -134,9 +134,7 @@ static int f2fs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
        return 0;
 out:
        clear_nlink(inode);
-        unlock_new_inode(inode);
+        iget_failed(inode);
-        make_bad_inode(inode);
-        iput(inode);
        alloc_nid_failed(sbi, ino);
        return err;
 }
@@ -267,9 +265,7 @@ static int f2fs_symlink(struct inode *dir, struct dentry *dentry,
        return err;
 out:
        clear_nlink(inode);
-        unlock_new_inode(inode);
+        iget_failed(inode);
-        make_bad_inode(inode);
-        iput(inode);
        alloc_nid_failed(sbi, inode->i_ino);
        return err;
 }
@@ -308,9 +304,7 @@ static int f2fs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
 out_fail:
        clear_inode_flag(F2FS_I(inode), FI_INC_LINK);
        clear_nlink(inode);
-        unlock_new_inode(inode);
+        iget_failed(inode);
-        make_bad_inode(inode);
-        iput(inode);
        alloc_nid_failed(sbi, inode->i_ino);
        return err;
 }
@@ -354,9 +348,7 @@ static int f2fs_mknod(struct inode *dir, struct dentry *dentry,
        return 0;
 out:
        clear_nlink(inode);
-        unlock_new_inode(inode);
+        iget_failed(inode);
-        make_bad_inode(inode);
-        iput(inode);
        alloc_nid_failed(sbi, inode->i_ino);
        return err;
 }
@@ -688,9 +680,7 @@ release_out:
 out:
        f2fs_unlock_op(sbi);
        clear_nlink(inode);
-        unlock_new_inode(inode);
+        iget_failed(inode);
-        make_bad_inode(inode);
-        iput(inode);
        alloc_nid_failed(sbi, inode->i_ino);
        return err;
 }
author	Chao Yu <chao2.yu@samsung.com>	2014-08-29 21:52:34 -0400
committer	Jaegeuk Kim <jaegeuk@kernel.org>	2014-09-02 03:22:24 -0400
commit	b73e52824c8920a5ff754e3c8ff68466a7dd61f9 (patch)
tree	9f3d869cb4e7cb96b6992da333e9daec987ca86b /fs
parent	3304b56401c4509ffaa74705b49edc9e13cee195 (diff)