projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cac7f24)
xfs: bulkstat doesn't release AGI buffer on error
authorDave Chinner <dchinner@redhat.com>
Tue, 28 Oct 2014 21:22:18 +0000 (08:22 +1100)
committerDave Chinner <david@fromorbit.com>
Tue, 28 Oct 2014 21:22:18 +0000 (08:22 +1100)
The recent refactoring of the bulkstat code left a small landmine in
the code. If a inobt read fails, then the tree walk is aborted and
returns without releasing the AGI buffer or freeing the cursor. This
can lead to a subsequent bulkstat call hanging trying to grab the
AGI buffer again.

cc: <stable@vger.kernel.org>
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
fs/xfs/xfs_itable.c patch | blob | blame | history

diff --git a/fs/xfs/xfs_itable.c b/fs/xfs/xfs_itable.c
index f1deb961a296a300add3a6333eebd47619a2100c..ef8ea05897803dcd1518322223e317050bff6b84 100644 (file)
--- a/fs/xfs/xfs_itable.c
+++ b/fs/xfs/xfs_itable.c
@@ -427,7 +427,7 @@ xfs_bulkstat(
 
                        error = xfs_bulkstat_grab_ichunk(cur, agino, &icount, &r);
                        if (error)
-                               break;
+                               goto del_cursor;
                        if (icount) {
                                irbp->ir_startino = r.ir_startino;
                                irbp->ir_freecount = r.ir_freecount;
@@ -442,7 +442,7 @@ xfs_bulkstat(
                        error = xfs_inobt_lookup(cur, 0, XFS_LOOKUP_GE, &tmp);
                }
                if (error)
-                       break;
+                       goto del_cursor;
 
                /*
                 * Loop through inode btree records in this ag,
@@ -454,7 +454,7 @@ xfs_bulkstat(
                        error = xfs_inobt_get_rec(cur, &r, &i);
                        if (error || i == 0) {
                                end_of_ag = 1;
-                               break;
+                               goto del_cursor;
                        }
 
                        /*
@@ -476,13 +476,17 @@ xfs_bulkstat(
                        error = xfs_btree_increment(cur, 0, &tmp);
                        cond_resched();
                }
+
                /*
-                * Drop the btree buffers and the agi buffer.
-                * We can't hold any of the locks these represent
-                * when calling iget.
+                * Drop the btree buffers and the agi buffer as we can't hold any
+                * of the locks these represent when calling iget. If there is a
+                * pending error, then we are done.
                 */
+del_cursor:
                xfs_btree_del_cursor(cur, XFS_BTREE_NOERROR);
                xfs_buf_relse(agbp);
+               if (error)
+                       break;
                /*
                 * Now format all the good inodes into the user's buffer.
                 */