Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 115391d2 authored by Josef Bacik's avatar Josef Bacik Committed by Chris Mason
Browse files

Btrfs: only use the existing eb if it's count isn't 0 



We can run into a problem where we find an eb for our existing page already on
the radix tree but it has a ref count of 0.  It hasn't yet been removed by RCU
yet so this can cause issues where we will use the EB after free.  So do
atomic_inc_not_zero on the exists->refs and if it is zero just do
synchronize_rcu() and try again.  We won't have to worry about new allocators
coming in since they will block on the page lock at this point.  Thanks,

Signed-off-by: default avatarJosef Bacik <josef@redhat.com>
parent 4f2de97a

fs/btrfs/extent_io.c

+8 −2
Original line number Diff line number Diff line
@@ -3750,7 +3750,7 @@ struct extent_buffer *alloc_extent_buffer(struct extent_io_tree *tree, 
	}

	if (uptodate)

		set_bit(EXTENT_BUFFER_UPTODATE, &eb->bflags);



again:

	ret = radix_tree_preload(GFP_NOFS & ~__GFP_HIGHMEM);

	if (ret)

		goto free_eb;
@@ -3760,7 +3760,13 @@ struct extent_buffer *alloc_extent_buffer(struct extent_io_tree *tree, 
	if (ret == -EEXIST) {

		exists = radix_tree_lookup(&tree->buffer,

						start >> PAGE_CACHE_SHIFT);

		atomic_inc(&exists->refs);

		if (!atomic_inc_not_zero(&exists->refs)) {

			spin_unlock(&tree->buffer_lock);

			radix_tree_preload_end();

			synchronize_rcu();

			exists = NULL;

			goto again;

		}

		spin_unlock(&tree->buffer_lock);

		radix_tree_preload_end();

		goto free_eb;