diff options
| author | Jeff Mahoney <jeffm@jeffreymahoney.com> | 2010-03-29 15:12:39 -0400 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@suse.de> | 2010-04-26 10:47:47 -0400 |
| commit | 14d209ccb3a6eb7916f1d282e586afe8fd01b1dd (patch) | |
| tree | 686d991ea8933b2b9ea3255cba43abfb6752fe82 /fs | |
| parent | 59849d29a6d4dca434d2589e72e28d0c0ac99fcc (diff) | |
reiserfs: Fix locking BUG during mount failure
commit b7b7fa43103a9fb30dbcc60cbd5161fdfc25f904 upstream.
Commit 8ebc423238341b52912c7295b045a32477b33f09 (reiserfs: kill-the-BKL)
introduced a bug in the mount failure case.
The error label releases the lock before calling journal_release_error,
but it requires that the lock be held. do_journal_release unlocks and
retakes it. When it releases it without it held, we trigger a BUG().
The error_alloc label skips the unlock since the lock isn't held yet
but none of the other conditions that are clean up exist yet either.
This patch returns immediately after the kzalloc failure and moves
the reiserfs_write_unlock after the journal_release_error call.
This was reported in https://bugzilla.novell.com/show_bug.cgi?id=591807
Reported-by: Thomas Siedentopf <thomas.siedentopf@novell.com>
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Cc: Thomas Siedentopf <thomas.siedentopf@novell.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Frederic Weisbecker <fweisbec@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/reiserfs/super.c | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/fs/reiserfs/super.c b/fs/reiserfs/super.c index b4a7dd03bdb9..33bc410c6689 100644 --- a/fs/reiserfs/super.c +++ b/fs/reiserfs/super.c | |||
| @@ -1619,10 +1619,8 @@ static int reiserfs_fill_super(struct super_block *s, void *data, int silent) | |||
| 1619 | save_mount_options(s, data); | 1619 | save_mount_options(s, data); |
| 1620 | 1620 | ||
| 1621 | sbi = kzalloc(sizeof(struct reiserfs_sb_info), GFP_KERNEL); | 1621 | sbi = kzalloc(sizeof(struct reiserfs_sb_info), GFP_KERNEL); |
| 1622 | if (!sbi) { | 1622 | if (!sbi) |
| 1623 | errval = -ENOMEM; | 1623 | return -ENOMEM; |
| 1624 | goto error_alloc; | ||
| 1625 | } | ||
| 1626 | s->s_fs_info = sbi; | 1624 | s->s_fs_info = sbi; |
| 1627 | /* Set default values for options: non-aggressive tails, RO on errors */ | 1625 | /* Set default values for options: non-aggressive tails, RO on errors */ |
| 1628 | REISERFS_SB(s)->s_mount_opt |= (1 << REISERFS_SMALLTAIL); | 1626 | REISERFS_SB(s)->s_mount_opt |= (1 << REISERFS_SMALLTAIL); |
| @@ -1879,12 +1877,12 @@ static int reiserfs_fill_super(struct super_block *s, void *data, int silent) | |||
| 1879 | return (0); | 1877 | return (0); |
| 1880 | 1878 | ||
| 1881 | error: | 1879 | error: |
| 1882 | reiserfs_write_unlock(s); | ||
| 1883 | error_alloc: | ||
| 1884 | if (jinit_done) { /* kill the commit thread, free journal ram */ | 1880 | if (jinit_done) { /* kill the commit thread, free journal ram */ |
| 1885 | journal_release_error(NULL, s); | 1881 | journal_release_error(NULL, s); |
| 1886 | } | 1882 | } |
| 1887 | 1883 | ||
| 1884 | reiserfs_write_unlock(s); | ||
| 1885 | |||
| 1888 | reiserfs_free_bitmap_cache(s); | 1886 | reiserfs_free_bitmap_cache(s); |
| 1889 | if (SB_BUFFER_WITH_SB(s)) | 1887 | if (SB_BUFFER_WITH_SB(s)) |
| 1890 | brelse(SB_BUFFER_WITH_SB(s)); | 1888 | brelse(SB_BUFFER_WITH_SB(s)); |