FS-Cache: The object-available state can't rely on the cookie to be available
authorDavid Howells <dhowells@redhat.com>
Thu, 19 Nov 2009 18:11:22 +0000 (18:11 +0000)
committerDavid Howells <dhowells@redhat.com>
Thu, 19 Nov 2009 18:11:22 +0000 (18:11 +0000)
The object-available state in the object processing state machine (as
processed by fscache_object_available()) can't rely on the cookie to be
available because the FSCACHE_COOKIE_CREATING bit may have been cleared by
fscache_obtained_object() prior to the object being put into the
FSCACHE_OBJECT_AVAILABLE state.

Clearing the FSCACHE_COOKIE_CREATING bit on a cookie permits
__fscache_relinquish_cookie() to proceed and detach the cookie from the
object.

To deal with this, we don't dereference object->cookie in
fscache_object_available() if the object has already been detached.

In addition, a couple of assertions are added into fscache_drop_object() to
make sure the object is unbound from the cookie before it gets there.

Signed-off-by: David Howells <dhowells@redhat.com>
fs/fscache/object.c

index 0d65c0c92b4646e5d7b4ecbd511dc539106ccdc5..1a1afa82f7981a73decfb5c72947e31f4943bb7c 100644 (file)
@@ -158,7 +158,8 @@ static void fscache_object_state_machine(struct fscache_object *object)
 
                spin_lock(&object->lock);
                object->state = FSCACHE_OBJECT_DYING;
-               if (test_and_clear_bit(FSCACHE_COOKIE_CREATING,
+               if (object->cookie &&
+                   test_and_clear_bit(FSCACHE_COOKIE_CREATING,
                                       &object->cookie->flags))
                        wake_up_bit(&object->cookie->flags,
                                    FSCACHE_COOKIE_CREATING);
@@ -594,7 +595,8 @@ static void fscache_object_available(struct fscache_object *object)
 
        spin_lock(&object->lock);
 
-       if (test_and_clear_bit(FSCACHE_COOKIE_CREATING, &object->cookie->flags))
+       if (object->cookie &&
+           test_and_clear_bit(FSCACHE_COOKIE_CREATING, &object->cookie->flags))
                wake_up_bit(&object->cookie->flags, FSCACHE_COOKIE_CREATING);
 
        fscache_done_parent_op(object);
@@ -631,6 +633,9 @@ static void fscache_drop_object(struct fscache_object *object)
 
        _enter("{OBJ%x,%d}", object->debug_id, object->n_children);
 
+       ASSERTCMP(object->cookie, ==, NULL);
+       ASSERT(hlist_unhashed(&object->cookie_link));
+
        spin_lock(&cache->object_list_lock);
        list_del_init(&object->cache_link);
        spin_unlock(&cache->object_list_lock);