f2fs: fix a race condition in next_free_nid
authorHuang Ying <ying.huang@intel.com>
Fri, 12 Sep 2014 11:21:11 +0000 (19:21 +0800)
committerJaegeuk Kim <jaegeuk@kernel.org>
Tue, 16 Sep 2014 11:10:46 +0000 (04:10 -0700)
The nm_i->fcnt checking is executed before spin_lock, so if another
thread delete the last free_nid from the list, the wrong nid may be
gotten.  So fix the race condition by moving the nm_i->fnct checking
into spin_lock.

Signed-off-by: Huang, Ying <ying.huang@intel.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
fs/f2fs/node.h

index b24f588a0fe4dfe88f758b0aa8c00be49e8427dd..324917d757f78327bc7d9ca3548543fd4bc346b7 100644 (file)
@@ -115,9 +115,11 @@ static inline int next_free_nid(struct f2fs_sb_info *sbi, nid_t *nid)
        struct f2fs_nm_info *nm_i = NM_I(sbi);
        struct free_nid *fnid;
 
-       if (nm_i->fcnt <= 0)
-               return -1;
        spin_lock(&nm_i->free_nid_list_lock);
+       if (nm_i->fcnt <= 0) {
+               spin_unlock(&nm_i->free_nid_list_lock);
+               return -1;
+       }
        fnid = list_entry(nm_i->free_nid_list.next, struct free_nid, list);
        *nid = fnid->nid;
        spin_unlock(&nm_i->free_nid_list_lock);