kernel-ark/fs
Artem B. Bityuckiy 4120db4719 [PATCH] bugfix: two read_inode() calls without clear_inode() call between
Bug symptoms
~~~~~~~~~~~~
For the same inode VFS calls read_inode() twice and doesn't call
clear_inode() between the two read_inode() invocations.

Bug description
~~~~~~~~~~~~~~~
Suppose we have an inode which has zero reference count but is still in
the inode cache. Suppose kswapd invokes shrink_icache_memory() to free
some RAM. In prune_icache() inodes are removed from i_hash. prune_icache
() is then going to call clear_inode(), but drops the inode_lock
spinlock before this. If in this moment another task calls iget() for an
inode which was just removed from i_hash by prune_icache(), then iget()
invokes read_inode() for this inode, because it is *already removed*
from i_hash.

The end result is: we call iget(#N) then iput(#N); inode #N has zero
i_count now and is in the inode cache; kswapd starts. kswapd removes the
inode #N from i_hash ans is preempted; we call iget(#N) again;
read_inode() is invoked as the result; but we expect clear_inode()
before.

Fix
~~~~~~~
To fix the bug I remove inodes from i_hash later, when clear_inode() is
actually called. I remove them from i_hash under spinlock protection.
Since the i_state is set to I_FREEING, it is safe to do this. The others
will sleep waiting for the inode state change.

I also postpone removing inodes from i_sb_list. It is not compulsory to
do so but I do it for readability reasons. Inodes are added/removed to
the lists together everywhere in the code and there is no point to
change this rule. This is harmless because the only user of i_sb_list
which somehow may interfere with me (invalidate_list()) is excluded by
the iprune_sem mutex.

The same race is possible in invalidate_list() so I do the same for it.

Acked-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-12 16:00:59 -07:00
..
adfs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
affs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
afs [PATCH] Cleanup patch for process freezing 2005-06-25 17:10:13 -07:00
autofs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
autofs4 [PATCH] autofs4: mistake in debug print 2005-07-07 18:23:46 -07:00
befs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
bfs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
cifs [CIFS] Fix cifs update of page cache. Write at correct offset when out of memory 2005-06-09 14:44:07 -07:00
coda [PATCH] class: convert the remaining class_simple users in the kernel to usee the new class api 2005-06-20 15:15:11 -07:00
cramfs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
debugfs [PATCH] remove duplicate get_dentry functions in various places 2005-06-23 09:45:20 -07:00
devfs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
devpts Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
efs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
exportfs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ext2 [PATCH] xip: reduce code duplication 2005-06-24 00:06:41 -07:00
ext3 [PATCH] ext3 xattr: Don't write to the in-inode xattr space of reserved inodes 2005-07-07 18:23:46 -07:00
fat [PATCH] fatfs sectioning fix 2005-06-30 22:29:48 -07:00
freevxfs [PATCH] freevxfs: minor cleanups 2005-06-30 08:45:12 -07:00
hfs [PATCH] hfs, hfsplus: don't leak s_fs_info and fix an oops 2005-05-01 08:59:16 -07:00
hfsplus [PATCH] hfs, hfsplus: don't leak s_fs_info and fix an oops 2005-05-01 08:59:16 -07:00
hostfs [PATCH] uml: remove 2_5compat.h 2005-05-28 16:46:11 -07:00
hpfs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
hppfs [PATCH] uml: restore hppfs support 2005-07-07 18:23:44 -07:00
hugetlbfs [PATCH] Avoiding mmap fragmentation 2005-06-21 18:46:16 -07:00
isofs [PATCH] isofs: show hidden files, add granularity for assoc/hidden files flags 2005-06-21 19:07:38 -07:00
jbd [PATCH] Cleanup patch for process freezing 2005-06-25 17:10:13 -07:00
jffs [PATCH] fs/jffs/: cleanups 2005-06-25 16:25:04 -07:00
jffs2 [JFFS2] Simplify the tree insert code. 2005-07-06 18:30:00 +02:00
jfs [PATCH] Cleanup patch for process freezing 2005-06-25 17:10:13 -07:00
lockd [PATCH] Cleanup patch for process freezing 2005-06-25 17:10:13 -07:00
minix Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
msdos Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ncpfs [PATCH] fs/ncpfs/: remove unused #ifdef USE_OLD_SLOW_DIRECTORY_LISTING code 2005-06-25 16:25:04 -07:00
nfs [PATCH] really remove xattr_acl.h 2005-06-28 21:20:31 -07:00
nfs_common [PATCH] NFSD: Add server support for NFSv3 ACLs. 2005-06-22 16:07:23 -04:00
nfsd [PATCH] nfsd4: fix fh_expire_type 2005-07-07 18:24:11 -07:00
nls [PATCH] make some things static 2005-05-05 16:36:47 -07:00
ntfs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
openpromfs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
partitions [PATCH] small partitions/msdos cleanups 2005-06-25 16:24:59 -07:00
proc [PATCH] kdump: Parse elf32 headers and export through /proc/vmcore 2005-06-25 16:24:53 -07:00
qnx4 [PATCH] fs/qnx4/*: fix sparse warnings 2005-06-24 14:14:24 -07:00
ramfs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
reiserfs [PATCH] reiserfs: handle_attrs() fix 2005-06-30 08:45:13 -07:00
romfs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
smbfs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sysfs [PATCH] DocBook: update comments 2005-06-24 00:06:40 -07:00
sysv Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
udf [PATCH] udf_find_entry() cleanup 2005-06-30 08:45:11 -07:00
ufs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
umsdos Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
vfat Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
xfs [PATCH] Cleanup patch for process freezing 2005-06-25 17:10:13 -07:00
aio.c [PATCH] aio-retry-fix: fix aio retry work queueing 2005-06-28 21:20:32 -07:00
attr.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
bad_inode.c [PATCH] make some things static 2005-05-05 16:36:47 -07:00
binfmt_aout.c [PATCH] Avoiding mmap fragmentation 2005-06-21 18:46:16 -07:00
binfmt_elf_fdpic.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
binfmt_elf.c [PATCH] Avoiding mmap fragmentation 2005-06-21 18:46:16 -07:00
binfmt_em86.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
binfmt_flat.c [PATCH] binfmt_flat mmap flag fix 2005-06-06 14:57:51 -07:00
binfmt_misc.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
binfmt_script.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
binfmt_som.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
bio.c [PATCH] mostly_read data section 2005-07-07 18:23:46 -07:00
block_dev.c [PATCH] block: add unlocked_ioctl support for block devices 2005-06-23 09:45:32 -07:00
buffer.c [PATCH] page_uptodate locking scalability 2005-07-07 18:23:45 -07:00
char_dev.c [PATCH] fix semaphore handling in __unregister_chrdev_region 2005-06-28 21:20:29 -07:00
compat_ioctl.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
compat.c [PATCH] NFS4: Don't use __user with compat_uptr_t 2005-04-27 15:39:03 -07:00
dcache.c [PATCH] make some things static 2005-05-05 16:36:47 -07:00
dcookies.c [PATCH] dcookies.c: use proper refcounting functions 2005-07-07 18:23:52 -07:00
direct-io.c [PATCH] pass iocb to dio_iodone_t 2005-06-24 00:05:19 -07:00
dnotify.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
dquot.c [PATCH] list_for_each_entry: fs-dquot.c 2005-06-25 16:25:11 -07:00
eventpoll.c [PATCH] Remove eventpoll macro obfuscation 2005-06-23 09:45:30 -07:00
exec.c [PATCH] setuid core dump 2005-06-23 09:45:26 -07:00
fcntl.c [PATCH] convert that currently tests _NSIG directly to use valid_signal() 2005-05-01 08:59:14 -07:00
fifo.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
file_table.c [PATCH] Fix of bogus file max limit messages 2005-06-23 09:45:26 -07:00
file.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
filesystems.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
fs-writeback.c [PATCH] O(1) sb list traversing on syncs 2005-06-23 09:45:27 -07:00
inode.c [PATCH] bugfix: two read_inode() calls without clear_inode() call between 2005-07-12 16:00:59 -07:00
ioctl.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ioprio.c [PATCH] move ioprio syscalls into syscalls.h 2005-07-07 18:23:37 -07:00
Kconfig Merge master.kernel.org:/pub/scm/linux/kernel/git/tglx/mtd-2.6 2005-07-11 10:18:18 -07:00
Kconfig.binfmt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
libfs.c [PATCH] fix fsync(dir) return value for ram-based filesystems 2005-06-25 16:24:38 -07:00
locks.c [PATCH] coverity: fs/locks.c flp null check 2005-07-07 18:23:47 -07:00
Makefile [PATCH] Update cfq io scheduler to time sliced design 2005-06-27 14:33:29 -07:00
mbcache.c [PATCH] make some things static 2005-05-05 16:36:47 -07:00
mpage.c [PATCH] mpage_end_io_write() I/O error handling fix 2005-06-04 17:12:59 -07:00
namei.c [PATCH] namespace: rename _mntput to mntput_no_expire 2005-07-07 18:23:52 -07:00
namespace.c [PATCH] namespace: rename mnt_fslink to mnt_expire 2005-07-07 18:23:52 -07:00
nfsctl.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
open.c [PATCH] xip: fs/mm: execute in place 2005-06-24 00:06:41 -07:00
pipe.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
posix_acl.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
quota_v1.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
quota_v2.c [PATCH] quota: possible bug in quota format v2 support 2005-04-16 15:25:47 -07:00
quota.c [PATCH] O(1) sb list traversing on syncs 2005-06-23 09:45:27 -07:00
read_write.c [PATCH] aio: fix do_sync_(read|write) to properly handle aio retries 2005-06-23 09:45:34 -07:00
readdir.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
select.c [PATCH] make some things static 2005-05-05 16:36:47 -07:00
seq_file.c [PATCH] DocBook: fix some descriptions 2005-05-01 08:59:26 -07:00
stat.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
super.c [PATCH] set mnt_namespace in the correct place 2005-07-07 18:23:52 -07:00
xattr_acl.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
xattr.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00