diff options
author | Peter Staubach <staubach@redhat.com> | 2006-02-17 13:52:36 -0800 |
---|---|---|
committer | Chris Wright <chrisw@sous-sol.org> | 2006-03-01 14:36:35 -0800 |
commit | 8fef8ea2a1f28a7611ad0b8ff7b48ceb38db9535 (patch) | |
tree | ebf820dfff1eb8aadc354d5807d45821a48c6214 | |
parent | 80a16577362b3eafa2f390d5e1ffb268464ccedb (diff) |
[PATCH] fix deadlock in ext2
Fix a deadlock possible in the ext2 file system implementation. This
deadlock occurs when a file is removed from an ext2 file system which was
mounted with the "sync" mount option.
The problem is that ext2_xattr_delete_inode() was invoking the routine,
sync_dirty_buffer(), using a buffer head which was previously locked via
lock_buffer(). The first thing that sync_dirty_buffer() does is to lock
the buffer head that it was passed. It does this via lock_buffer(). Oops.
The solution is to unlock the buffer head in ext2_xattr_delete_inode()
before invoking sync_dirty_buffer(). This makes the code in
ext2_xattr_delete_inode() obey the same locking rules as all other callers
of sync_dirty_buffer() in the ext2 file system implementation.
Signed-off-by: Peter Staubach <staubach@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r-- | fs/ext2/xattr.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/fs/ext2/xattr.c b/fs/ext2/xattr.c index 0099462d427..ab674f702e5 100644 --- a/fs/ext2/xattr.c +++ b/fs/ext2/xattr.c @@ -796,18 +796,20 @@ ext2_xattr_delete_inode(struct inode *inode) ext2_free_blocks(inode, EXT2_I(inode)->i_file_acl, 1); get_bh(bh); bforget(bh); + unlock_buffer(bh); } else { HDR(bh)->h_refcount = cpu_to_le32( le32_to_cpu(HDR(bh)->h_refcount) - 1); if (ce) mb_cache_entry_release(ce); + ea_bdebug(bh, "refcount now=%d", + le32_to_cpu(HDR(bh)->h_refcount)); + unlock_buffer(bh); mark_buffer_dirty(bh); if (IS_SYNC(inode)) sync_dirty_buffer(bh); DQUOT_FREE_BLOCK(inode, 1); } - ea_bdebug(bh, "refcount now=%d", le32_to_cpu(HDR(bh)->h_refcount) - 1); - unlock_buffer(bh); EXT2_I(inode)->i_file_acl = 0; cleanup: |