summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLachlan McIlroy <lachlan@sgi.com>2008-10-30 06:53:38 +0100
committerLachlan McIlroy <lachlan@sgi.com>2008-10-30 06:53:38 +0100
commitf338f9036400e453ab553b16639a9cc838b02d44 (patch)
tree785513701e6bbe3d7061f6f1a3ac1440fef0b178
parent[XFS] Fix use-after-free with log and quotas (diff)
downloadlinux-f338f9036400e453ab553b16639a9cc838b02d44.tar.xz
linux-f338f9036400e453ab553b16639a9cc838b02d44.zip
[XFS] Unlock inode before calling xfs_idestroy()
Lock debugging reported the ilock was being destroyed without being unlocked. We don't need to lock the inode until we are going to insert it into the radix tree. SGI-PV: 987246 SGI-Modid: xfs-linux-melb:xfs-kern:32159a Signed-off-by: Lachlan McIlroy <lachlan@sgi.com> Signed-off-by: Christoph Hellwig <hch@infradead.org>
-rw-r--r--fs/xfs/xfs_iget.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/fs/xfs/xfs_iget.c b/fs/xfs/xfs_iget.c
index 5be89d760a9a..4c92d190b3bd 100644
--- a/fs/xfs/xfs_iget.c
+++ b/fs/xfs/xfs_iget.c
@@ -210,9 +210,6 @@ finish_inode:
xfs_itrace_exit_tag(ip, "xfs_iget.alloc");
- if (lock_flags)
- xfs_ilock(ip, lock_flags);
-
if ((ip->i_d.di_mode == 0) && !(flags & XFS_IGET_CREATE)) {
xfs_idestroy(ip);
xfs_put_perag(mp, pag);
@@ -228,6 +225,10 @@ finish_inode:
delay(1);
goto again;
}
+
+ if (lock_flags)
+ xfs_ilock(ip, lock_flags);
+
mask = ~(((XFS_INODE_CLUSTER_SIZE(mp) >> mp->m_sb.sb_inodelog)) - 1);
first_index = agino & mask;
write_lock(&pag->pag_ici_lock);
@@ -239,6 +240,8 @@ finish_inode:
BUG_ON(error != -EEXIST);
write_unlock(&pag->pag_ici_lock);
radix_tree_preload_end();
+ if (lock_flags)
+ xfs_iunlock(ip, lock_flags);
xfs_idestroy(ip);
XFS_STATS_INC(xs_ig_dup);
goto again;