diff options
| author | Dave Chinner <dchinner@redhat.com> | 2014-10-29 08:22:18 +1100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2014-11-14 10:10:40 -0800 |
| commit | bf3017d073bfa205275bfadb912053e8160e06ba (patch) | |
| tree | f85bae0a7cee6729993d02611b0f99fcf85d101d | |
| parent | 535a914975e79ef24b3b519c52fad351f56a6f08 (diff) | |
xfs: bulkstat doesn't release AGI buffer on error
commit a6bbce54efa9145dbcf3029c885549f7ebc40a3b upstream.
The recent refactoring of the bulkstat code left a small landmine in
the code. If a inobt read fails, then the tree walk is aborted and
returns without releasing the AGI buffer or freeing the cursor. This
can lead to a subsequent bulkstat call hanging trying to grab the
AGI buffer again.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | fs/xfs/xfs_itable.c | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/fs/xfs/xfs_itable.c b/fs/xfs/xfs_itable.c index f1deb961a296..ef8ea0589780 100644 --- a/fs/xfs/xfs_itable.c +++ b/fs/xfs/xfs_itable.c @@ -427,7 +427,7 @@ xfs_bulkstat( error = xfs_bulkstat_grab_ichunk(cur, agino, &icount, &r); if (error) - break; + goto del_cursor; if (icount) { irbp->ir_startino = r.ir_startino; irbp->ir_freecount = r.ir_freecount; @@ -442,7 +442,7 @@ xfs_bulkstat( error = xfs_inobt_lookup(cur, 0, XFS_LOOKUP_GE, &tmp); } if (error) - break; + goto del_cursor; /* * Loop through inode btree records in this ag, @@ -454,7 +454,7 @@ xfs_bulkstat( error = xfs_inobt_get_rec(cur, &r, &i); if (error || i == 0) { end_of_ag = 1; - break; + goto del_cursor; } /* @@ -476,13 +476,17 @@ xfs_bulkstat( error = xfs_btree_increment(cur, 0, &tmp); cond_resched(); } + /* - * Drop the btree buffers and the agi buffer. - * We can't hold any of the locks these represent - * when calling iget. + * Drop the btree buffers and the agi buffer as we can't hold any + * of the locks these represent when calling iget. If there is a + * pending error, then we are done. */ +del_cursor: xfs_btree_del_cursor(cur, XFS_BTREE_NOERROR); xfs_buf_relse(agbp); + if (error) + break; /* * Now format all the good inodes into the user's buffer. */ |