Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 573bfb72 authored by Miao Xie's avatar Miao Xie Committed by Josef Bacik
Browse files

Btrfs: fix possible empty list access when flushing the delalloc inodes 



We didn't have a lock to protect the access to the delalloc inodes list, that is
we might access a empty delalloc inodes list if someone start flushing delalloc
inodes because the delalloc inodes were moved into a other list temporarily.
Fix it by wrapping the access with a lock.

Signed-off-by: default avatarMiao Xie <miaox@cn.fujitsu.com>
Signed-off-by: default avatarJosef Bacik <jbacik@fb.com>
parent 31f3d255

fs/btrfs/ctree.h

+2 −0
Original line number Diff line number Diff line
@@ -1490,6 +1490,7 @@ struct btrfs_fs_info { 
	 */

	struct list_head ordered_roots;



	struct mutex delalloc_root_mutex;

	spinlock_t delalloc_root_lock;

	/* all fs/file tree roots that have delalloc inodes. */

	struct list_head delalloc_roots;
@@ -1805,6 +1806,7 @@ struct btrfs_root { 
	spinlock_t root_item_lock;

	atomic_t refs;



	struct mutex delalloc_mutex;

	spinlock_t delalloc_lock;

	/*

	 * all of the inodes that have delalloc bytes.  It is possible for

fs/btrfs/disk-io.c

+2 −0
Original line number Diff line number Diff line
@@ -1221,6 +1221,7 @@ static void __setup_root(u32 nodesize, u32 leafsize, u32 sectorsize, 
	mutex_init(&root->objectid_mutex);

	mutex_init(&root->log_mutex);

	mutex_init(&root->ordered_extent_mutex);

	mutex_init(&root->delalloc_mutex);

	init_waitqueue_head(&root->log_writer_wait);

	init_waitqueue_head(&root->log_commit_wait[0]);

	init_waitqueue_head(&root->log_commit_wait[1]);
@@ -2209,6 +2210,7 @@ int open_ctree(struct super_block *sb, 
	spin_lock_init(&fs_info->buffer_lock);

	rwlock_init(&fs_info->tree_mod_log_lock);

	mutex_init(&fs_info->reloc_mutex);

	mutex_init(&fs_info->delalloc_root_mutex);

	seqlock_init(&fs_info->profiles_lock);



	init_completion(&fs_info->kobj_unregister);

fs/btrfs/inode.c

+4 −0
Original line number Diff line number Diff line
@@ -8450,6 +8450,7 @@ static int __start_delalloc_inodes(struct btrfs_root *root, int delay_iput, 
	INIT_LIST_HEAD(&works);

	INIT_LIST_HEAD(&splice);



	mutex_lock(&root->delalloc_mutex);

	spin_lock(&root->delalloc_lock);

	list_splice_init(&root->delalloc_inodes, &splice);

	while (!list_empty(&splice)) {
@@ -8495,6 +8496,7 @@ static int __start_delalloc_inodes(struct btrfs_root *root, int delay_iput, 
		list_splice_tail(&splice, &root->delalloc_inodes);

		spin_unlock(&root->delalloc_lock);

	}

	mutex_unlock(&root->delalloc_mutex);

	return ret;

}
@@ -8536,6 +8538,7 @@ int btrfs_start_delalloc_roots(struct btrfs_fs_info *fs_info, int delay_iput, 


	INIT_LIST_HEAD(&splice);



	mutex_lock(&fs_info->delalloc_root_mutex);

	spin_lock(&fs_info->delalloc_root_lock);

	list_splice_init(&fs_info->delalloc_roots, &splice);

	while (!list_empty(&splice) && nr) {
@@ -8575,6 +8578,7 @@ int btrfs_start_delalloc_roots(struct btrfs_fs_info *fs_info, int delay_iput, 
		list_splice_tail(&splice, &fs_info->delalloc_roots);

		spin_unlock(&fs_info->delalloc_root_lock);

	}

	mutex_unlock(&fs_info->delalloc_root_mutex);

	return ret;

}