Btrfs: Fix race in btrfs_mark_extent_written
authorYan Zheng <zheng.yan@oracle.com>
Wed, 12 Nov 2008 19:19:50 +0000 (14:19 -0500)
committerChris Mason <chris.mason@oracle.com>
Wed, 12 Nov 2008 19:19:50 +0000 (14:19 -0500)
When extent needs to be split, btrfs_mark_extent_written truncates the extent
first, then inserts a new extent and increases the reference count.

The race happens if someone else deletes the old extent before the new extent
is inserted. The fix here is increase the reference count in advance. This race
is similar to the race in btrfs_drop_extents that was recently fixed.

Signed-off-by: Yan Zheng <zheng.yan@oracle.com>
fs/btrfs/file.c

index 934bc094bf17f6297ba827c519d5739457b3608f..1e8c024c69c37b9f61c454fbf329fb32c4129a84 100644 (file)
@@ -746,6 +746,7 @@ int btrfs_mark_extent_written(struct btrfs_trans_handle *trans,
        u64 other_end;
        u64 split = start;
        u64 locked_end = end;
+       u64 orig_parent;
        int extent_type;
        int split_end = 1;
        int ret;
@@ -890,6 +891,12 @@ again:
        }
 
        btrfs_mark_buffer_dirty(leaf);
+
+       orig_parent = leaf->start;
+       ret = btrfs_inc_extent_ref(trans, root, bytenr, num_bytes,
+                                  orig_parent, root->root_key.objectid,
+                                  trans->transid, inode->i_ino);
+       BUG_ON(ret);
        btrfs_release_path(root, path);
 
        key.offset = start;
@@ -910,10 +917,13 @@ again:
        btrfs_set_file_extent_encryption(leaf, fi, 0);
        btrfs_set_file_extent_other_encoding(leaf, fi, 0);
 
-       ret = btrfs_inc_extent_ref(trans, root, bytenr, num_bytes,
-                                  leaf->start, root->root_key.objectid,
-                                  trans->transid, inode->i_ino);
-       BUG_ON(ret);
+       if (orig_parent != leaf->start) {
+               ret = btrfs_update_extent_ref(trans, root, bytenr,
+                                             orig_parent, leaf->start,
+                                             root->root_key.objectid,
+                                             trans->transid, inode->i_ino);
+               BUG_ON(ret);
+       }
 done:
        btrfs_mark_buffer_dirty(leaf);
        btrfs_release_path(root, path);