Commit c6e48930 authored Sep 12, 2014 by Huang Ying Committed by Jaegeuk Kim Sep 16, 2014

f2fs: fix a race condition in next_free_nid



The nm_i->fcnt checking is executed before spin_lock, so if another
thread delete the last free_nid from the list, the wrong nid may be
gotten.  So fix the race condition by moving the nm_i->fnct checking
into spin_lock.

Signed-off-by: Huang, Ying <ying.huang@intel.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>

parent 77041823

fs/f2fs/node.h

+4 −2

Original line number	Diff line number	Diff line
		@@ -115,9 +115,11 @@ static inline int next_free_nid(struct f2fs_sb_info sbi, nid_t nid)
		struct f2fs_nm_info *nm_i = NM_I(sbi);
		struct free_nid *fnid;

		if (nm_i->fcnt <= 0)
		return -1;
		spin_lock(&nm_i->free_nid_list_lock);
		if (nm_i->fcnt <= 0) {
		spin_unlock(&nm_i->free_nid_list_lock);
		return -1;
		}
		fnid = list_entry(nm_i->free_nid_list.next, struct free_nid, list);
		*nid = fnid->nid;
		spin_unlock(&nm_i->free_nid_list_lock);