reiserfs: Force inode evictions before umount to avoid crash
authorJeff Mahoney <jeffm@suse.com>
Wed, 21 Dec 2011 20:18:43 +0000 (21:18 +0100)
committerJan Kara <jack@suse.cz>
Mon, 9 Jan 2012 12:52:09 +0000 (13:52 +0100)
This patch fixes a crash in reiserfs_delete_xattrs during umount.

When shrink_dcache_for_umount clears the dcache from
generic_shutdown_super, delayed evictions are forced to disk. If an
evicted inode has extended attributes associated with it, it will
need to walk the xattr tree to locate and remove them.

But since shrink_dcache_for_umount will BUG if it encounters active
dentries, the xattr tree must be released before it's called or it will
crash during every umount.

This patch forces the evictions to occur before generic_shutdown_super
by calling shrink_dcache_sb first. The additional evictions caused
by the removal of each associated xattr file and dir will be automatically
handled as they're added to the LRU list.

CC: reiserfs-devel@vger.kernel.org
CC: stable@kernel.org
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Jan Kara <jack@suse.cz>
fs/reiserfs/super.c

index f9eaa4a4f5f319f4b0e7a6b398183a5b2060a959..5e3527be11468b9ea29cadc87ebba7a96e404310 100644 (file)
@@ -453,16 +453,20 @@ int remove_save_link(struct inode *inode, int truncate)
 static void reiserfs_kill_sb(struct super_block *s)
 {
        if (REISERFS_SB(s)) {
-               if (REISERFS_SB(s)->xattr_root) {
-                       d_invalidate(REISERFS_SB(s)->xattr_root);
-                       dput(REISERFS_SB(s)->xattr_root);
-                       REISERFS_SB(s)->xattr_root = NULL;
-               }
-               if (REISERFS_SB(s)->priv_root) {
-                       d_invalidate(REISERFS_SB(s)->priv_root);
-                       dput(REISERFS_SB(s)->priv_root);
-                       REISERFS_SB(s)->priv_root = NULL;
-               }
+               /*
+                * Force any pending inode evictions to occur now. Any
+                * inodes to be removed that have extended attributes
+                * associated with them need to clean them up before
+                * we can release the extended attribute root dentries.
+                * shrink_dcache_for_umount will BUG if we don't release
+                * those before it's called so ->put_super is too late.
+                */
+               shrink_dcache_sb(s);
+
+               dput(REISERFS_SB(s)->xattr_root);
+               REISERFS_SB(s)->xattr_root = NULL;
+               dput(REISERFS_SB(s)->priv_root);
+               REISERFS_SB(s)->priv_root = NULL;
        }
 
        kill_block_super(s);