GFS2: Prevent double brelse in gfs2_meta_indirect_buffer
authorBob Peterson <rpeterso@redhat.com>
Mon, 3 Jul 2017 16:37:02 +0000 (11:37 -0500)
committerBob Peterson <rpeterso@redhat.com>
Mon, 17 Jul 2017 13:39:48 +0000 (08:39 -0500)
commit61eaadcd52924b8015ee57b9abd3844c5f9e03a8
tree080229cc8a6b808d5bb471685281b1ab4e9a8dd7
parentda029c11e6b12f321f36dac8771e833b65cec962
GFS2: Prevent double brelse in gfs2_meta_indirect_buffer

Before this patch, problems reading in indirect buffers would send
an IO error back to the caller, and release the buffer_head with
brelse() in function gfs2_meta_indirect_buffer, however, it would
still return the address of the buffer_head it released. After the
error was discovered, function gfs2_block_map would call function
release_metapath to free all buffers. That checked:
if (mp->mp_bh[i] == NULL) but since the value was set after the
error, it was non-zero, so brelse was called a second time. This
resulted in the following error:

kernel: WARNING: at fs/buffer.c:1224 __brelse+0x3a/0x40() (Tainted: G        W  -- ------------   )
kernel: Hardware name: RHEV Hypervisor
kernel: VFS: brelse: Trying to free free buffer

This patch changes gfs2_meta_indirect_buffer so it only sets
the buffer_head pointer in cases where it isn't released.

Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Acked-by: Steven Whitehouse <swhiteho@redhat.com>
fs/gfs2/meta_io.c