From patchwork Thu Jun 9 10:02:51 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Sterba X-Patchwork-Id: 863852 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter1.kernel.org (8.14.4/8.14.4) with ESMTP id p59A313g008581 for ; Thu, 9 Jun 2011 10:03:01 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753724Ab1FIKC6 (ORCPT ); Thu, 9 Jun 2011 06:02:58 -0400 Received: from cantor.suse.de ([195.135.220.2]:38613 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752468Ab1FIKC5 (ORCPT ); Thu, 9 Jun 2011 06:02:57 -0400 Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.221.2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.suse.de (Postfix) with ESMTP id 9BB0A6CB00; Thu, 9 Jun 2011 12:02:56 +0200 (CEST) Received: by ds.suse.cz (Postfix, from userid 10065) id 0EDD3747E1; Thu, 9 Jun 2011 12:02:55 +0200 (CEST) From: David Sterba To: linux-btrfs@vger.kernel.org Cc: chris.mason@oracle.com, David Sterba Subject: [PATCH] btrfs: fix unlocked access of delalloc_inodes Date: Thu, 9 Jun 2011 12:02:51 +0200 Message-Id: <1307613771-7729-1-git-send-email-dsterba@suse.cz> X-Mailer: git-send-email 1.7.5.2.353.g5df3e Sender: linux-btrfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.6 (demeter1.kernel.org [140.211.167.41]); Thu, 09 Jun 2011 10:03:01 +0000 (UTC) list_splice_init will make delalloc_inodes empty, but without a spinlock around, this may produce corrupted list head, accessed in many placess, The race window is very tight and nobody seems to have hit it so far. Signed-off-by: David Sterba --- fs/btrfs/disk-io.c | 3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c index 98b6a71..11dda73 100644 --- a/fs/btrfs/disk-io.c +++ b/fs/btrfs/disk-io.c @@ -2911,9 +2911,8 @@ static int btrfs_destroy_delalloc_inodes(struct btrfs_root *root) INIT_LIST_HEAD(&splice); - list_splice_init(&root->fs_info->delalloc_inodes, &splice); - spin_lock(&root->fs_info->delalloc_lock); + list_splice_init(&root->fs_info->delalloc_inodes, &splice); while (!list_empty(&splice)) { btrfs_inode = list_entry(splice.next, struct btrfs_inode,