• Chao Yu's avatar
    f2fs: reposition unlock_new_inode to prevent accessing invalid inode · b73e5282
    Chao Yu authored
    As the race condition on the inode cache, following scenario can appear:
    [Thread a]				[Thread b]
    					->f2fs_mkdir
    					  ->f2fs_add_link
    					    ->__f2fs_add_link
    					      ->init_inode_metadata failed here
    ->gc_thread_func
      ->f2fs_gc
        ->do_garbage_collect
          ->gc_data_segment
            ->f2fs_iget
              ->iget_locked
                ->wait_on_inode
    					  ->unlock_new_inode
            ->move_data_page
    					  ->make_bad_inode
    					  ->iput
    
    When we fail in create/symlink/mkdir/mknod/tmpfile, the new allocated inode
    should be set as bad to avoid being accessed by other thread. But in above
    scenario, it allows f2fs to access the invalid inode before this inode was set
    as bad.
    This patch fix the potential problem, and this issue was found by code review.
    
    change log from v1:
     o Add condition judgment in gc_data_segment() suggested by Changman Lee.
     o use iget_failed to simplify code.
    Signed-off-by: default avatarChao Yu <chao2.yu@samsung.com>
    Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
    b73e5282
namei.c 16.6 KB