diff options
| author | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-02-11 11:53:39 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-02-11 11:53:39 -0800 |
| commit | 958b7f37ee0fb2846c8d44310a68ae9605614ff9 (patch) | |
| tree | b1644d08d2e2a8d408c66c6d21a89fd815e16015 /fs/xfs/xfs_inode.c | |
| parent | d68798374bcf5cd4a19105b86d96121651b3c8cb (diff) | |
| parent | e7ff6aed8761b2c86cd9ab7083e512de2b8cfa48 (diff) | |
Merge git://oss.sgi.com:8090/xfs/xfs-2.6
* git://oss.sgi.com:8090/xfs/xfs-2.6: (33 commits)
[XFS] Don't use kmap in xfs_iozero.
[XFS] Remove a bunch of unused functions from XFS.
[XFS] Remove unused arguments from the XFS_BTREE_*_ADDR macros.
[XFS] Remove unused header files for MAC and CAP checking functionality.
[XFS] Make freeze code a little cleaner.
[XFS] Remove unused argument to xfs_bmap_finish
[XFS] Clean up use of VFS attr flags
[XFS] Remove useless memory barrier
[XFS] XFS sysctl cleanups
[XFS] Fix assertion in xfs_attr_shortform_remove().
[XFS] Fix callers of xfs_iozero() to zero the correct range.
[XFS] Ensure a frozen filesystem has a clean log before writing the dummy
[XFS] Fix sub-block zeroing for buffered writes into unwritten extents.
[XFS] Re-initialize the per-cpu superblock counters after recovery.
[XFS] Fix block reservation changes for non-SMP systems.
[XFS] Fix block reservation mechanism.
[XFS] Make growfs work for amounts greater than 2TB
[XFS] Fix inode log item use-after-free on forced shutdown
[XFS] Fix attr2 corruption with btree data extents
[XFS] Workaround log space issue by increasing XFS_TRANS_PUSH_AIL_RESTARTS
...
Diffstat (limited to 'fs/xfs/xfs_inode.c')
| -rw-r--r-- | fs/xfs/xfs_inode.c | 30 |
1 files changed, 21 insertions, 9 deletions
diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c index 44dfac52128..3da9829c19d 100644 --- a/fs/xfs/xfs_inode.c +++ b/fs/xfs/xfs_inode.c @@ -47,7 +47,6 @@ #include "xfs_utils.h" #include "xfs_dir2_trace.h" #include "xfs_quota.h" -#include "xfs_mac.h" #include "xfs_acl.h" @@ -1699,8 +1698,7 @@ xfs_itruncate_finish( * Duplicate the transaction that has the permanent * reservation and commit the old transaction. */ - error = xfs_bmap_finish(tp, &free_list, first_block, - &committed); + error = xfs_bmap_finish(tp, &free_list, &committed); ntp = *tp; if (error) { /* @@ -1810,7 +1808,7 @@ xfs_igrow_start( * and any blocks between the old and new file sizes. */ error = xfs_zero_eof(XFS_ITOV(ip), &ip->i_iocore, new_size, - ip->i_d.di_size, new_size); + ip->i_d.di_size); return error; } @@ -2125,7 +2123,7 @@ xfs_iunlink_remove( return 0; } -static __inline__ int xfs_inode_clean(xfs_inode_t *ip) +STATIC_INLINE int xfs_inode_clean(xfs_inode_t *ip) { return (((ip->i_itemp == NULL) || !(ip->i_itemp->ili_format.ilf_fields & XFS_ILOG_ALL)) && @@ -2707,10 +2705,24 @@ xfs_idestroy( ktrace_free(ip->i_dir_trace); #endif if (ip->i_itemp) { - /* XXXdpd should be able to assert this but shutdown - * is leaving the AIL behind. */ - ASSERT(((ip->i_itemp->ili_item.li_flags & XFS_LI_IN_AIL) == 0) || - XFS_FORCED_SHUTDOWN(ip->i_mount)); + /* + * Only if we are shutting down the fs will we see an + * inode still in the AIL. If it is there, we should remove + * it to prevent a use-after-free from occurring. + */ + xfs_mount_t *mp = ip->i_mount; + xfs_log_item_t *lip = &ip->i_itemp->ili_item; + int s; + + ASSERT(((lip->li_flags & XFS_LI_IN_AIL) == 0) || + XFS_FORCED_SHUTDOWN(ip->i_mount)); + if (lip->li_flags & XFS_LI_IN_AIL) { + AIL_LOCK(mp, s); + if (lip->li_flags & XFS_LI_IN_AIL) + xfs_trans_delete_ail(mp, lip, s); + else + AIL_UNLOCK(mp, s); + } xfs_inode_item_destroy(ip); } kmem_zone_free(xfs_inode_zone, ip); |