Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fb46f341 authored by Lepton Wu's avatar Lepton Wu Committed by Linus Torvalds
Browse files

reiserfs: workaround for dead loop in finish_unfinished 



There is possible dead loop in finish_unfinished function.

In most situation, the call chain iput -> ...  -> reiserfs_delete_inode ->
remove_save_link will success.  But for some reason such as data
corruption, reiserfs_delete_inode fails on reiserfs_do_truncate ->
search_for_position_by_key.

Then remove_save_link won't be called.  We always get the same
"save_link_key" in the while loop in finish_unfinished function.  The
following patch adds a check for the possible dead loop and just remove
save link when deap loop.

[akpm@linux-foundation.org: cleanups]
Signed-off-by: default avatarLepton Wu <ytht.net@gmail.com>
Cc: Chris Mason <chris.mason@oracle.com>
Cc: Jeff Mahoney <jeffm@suse.com>
Cc: "Vladimir V. Saveliev" <vs@namesys.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent b9ec0339

fs/reiserfs/super.c

+15 −3
Original line number Diff line number Diff line
@@ -145,7 +145,7 @@ static int finish_unfinished(struct super_block *s) 
{

	INITIALIZE_PATH(path);

	struct cpu_key max_cpu_key, obj_key;

	struct reiserfs_key save_link_key;

	struct reiserfs_key save_link_key, last_inode_key;

	int retval = 0;

	struct item_head *ih;

	struct buffer_head *bh;
@@ -166,6 +166,8 @@ static int finish_unfinished(struct super_block *s) 
	set_cpu_key_k_offset(&max_cpu_key, ~0U);

	max_cpu_key.key_length = 3;



	memset(&last_inode_key, 0, sizeof(last_inode_key));



#ifdef CONFIG_QUOTA

	/* Needed for iput() to work correctly and not trash data */

	if (s->s_flags & MS_ACTIVE) {
@@ -278,8 +280,18 @@ static int finish_unfinished(struct super_block *s) 
			REISERFS_I(inode)->i_flags |= i_link_saved_unlink_mask;

			/* not completed unlink (rmdir) found */

			reiserfs_info(s, "Removing %k..", INODE_PKEY(inode));

			if (memcmp(&last_inode_key, INODE_PKEY(inode),

					sizeof(last_inode_key))){

				last_inode_key = *INODE_PKEY(inode);

				/* removal gets completed in iput */

				retval = 0;

			} else {

				reiserfs_warning(s, "Dead loop in "

						"finish_unfinished detected, "

						"just remove save link\n");

				retval = remove_save_link_only(s,

							&save_link_key, 0);

			}

		}



		iput(inode);