Commit f2e9ad21 authored by Omar Sandoval's avatar Omar Sandoval Committed by Darrick J. Wong

xfs: check for race with xfs_reclaim_inode() in xfs_ifree_cluster()

After xfs_ifree_cluster() finds an inode in the radix tree and verifies
that the inode number is what it expected, xfs_reclaim_inode() can swoop
in and free it. xfs_ifree_cluster() will then happily continue working
on the freed inode. Most importantly, it will mark the inode stale,
which will probably be overwritten when the inode slab object is
reallocated, but if it has already been reallocated then we can end up
with an inode spuriously marked stale.

In 8a17d7dd ("xfs: mark reclaimed inodes invalid earlier") we added
a second check to xfs_iflush_cluster() to detect this race, but the
similar RCU lookup in xfs_ifree_cluster() needs the same treatment.
Signed-off-by: default avatarOmar Sandoval <osandov@fb.com>
Reviewed-by: default avatarBrian Foster <bfoster@redhat.com>
Reviewed-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
parent 799ea9e9
...@@ -1124,11 +1124,11 @@ xfs_reclaim_inode( ...@@ -1124,11 +1124,11 @@ xfs_reclaim_inode(
* Because we use RCU freeing we need to ensure the inode always appears * Because we use RCU freeing we need to ensure the inode always appears
* to be reclaimed with an invalid inode number when in the free state. * to be reclaimed with an invalid inode number when in the free state.
* We do this as early as possible under the ILOCK so that * We do this as early as possible under the ILOCK so that
* xfs_iflush_cluster() can be guaranteed to detect races with us here. * xfs_iflush_cluster() and xfs_ifree_cluster() can be guaranteed to
* By doing this, we guarantee that once xfs_iflush_cluster has locked * detect races with us here. By doing this, we guarantee that once
* XFS_ILOCK that it will see either a valid, flushable inode that will * xfs_iflush_cluster() or xfs_ifree_cluster() has locked XFS_ILOCK that
* serialise correctly, or it will see a clean (and invalid) inode that * it will see either a valid inode that will serialise correctly, or it
* it can skip. * will see an invalid inode that it can skip.
*/ */
spin_lock(&ip->i_flags_lock); spin_lock(&ip->i_flags_lock);
ip->i_flags = XFS_IRECLAIM; ip->i_flags = XFS_IRECLAIM;
......
...@@ -2359,12 +2359,25 @@ xfs_ifree_cluster( ...@@ -2359,12 +2359,25 @@ xfs_ifree_cluster(
* already marked stale. If we can't lock it, back off * already marked stale. If we can't lock it, back off
* and retry. * and retry.
*/ */
if (ip != free_ip && if (ip != free_ip) {
!xfs_ilock_nowait(ip, XFS_ILOCK_EXCL)) { if (!xfs_ilock_nowait(ip, XFS_ILOCK_EXCL)) {
rcu_read_unlock(); rcu_read_unlock();
delay(1); delay(1);
goto retry; goto retry;
} }
/*
* Check the inode number again in case we're
* racing with freeing in xfs_reclaim_inode().
* See the comments in that function for more
* information as to why the initial check is
* not sufficient.
*/
if (ip->i_ino != inum + i) {
xfs_iunlock(ip, XFS_ILOCK_EXCL);
continue;
}
}
rcu_read_unlock(); rcu_read_unlock();
xfs_iflock(ip); xfs_iflock(ip);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment