diff options
author | Josef Bacik <josef@redhat.com> | 2012-03-09 09:51:43 -0500 |
---|---|---|
committer | Chris Mason <chris.mason@oracle.com> | 2012-03-26 16:51:08 -0400 |
commit | 115391d2315239164e400a8259b26392afccf3bd (patch) | |
tree | 83f6bd7698b5bfddbe3be57d6411a120eced2399 | |
parent | 4f2de97acee6532b36dd6e995b858343771ad126 (diff) | |
download | op-kernel-dev-115391d2315239164e400a8259b26392afccf3bd.zip op-kernel-dev-115391d2315239164e400a8259b26392afccf3bd.tar.gz |
Btrfs: only use the existing eb if it's count isn't 0
We can run into a problem where we find an eb for our existing page already on
the radix tree but it has a ref count of 0. It hasn't yet been removed by RCU
yet so this can cause issues where we will use the EB after free. So do
atomic_inc_not_zero on the exists->refs and if it is zero just do
synchronize_rcu() and try again. We won't have to worry about new allocators
coming in since they will block on the page lock at this point. Thanks,
Signed-off-by: Josef Bacik <josef@redhat.com>
-rw-r--r-- | fs/btrfs/extent_io.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 0381b60..0f74262 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -3750,7 +3750,7 @@ struct extent_buffer *alloc_extent_buffer(struct extent_io_tree *tree, } if (uptodate) set_bit(EXTENT_BUFFER_UPTODATE, &eb->bflags); - +again: ret = radix_tree_preload(GFP_NOFS & ~__GFP_HIGHMEM); if (ret) goto free_eb; @@ -3760,7 +3760,13 @@ struct extent_buffer *alloc_extent_buffer(struct extent_io_tree *tree, if (ret == -EEXIST) { exists = radix_tree_lookup(&tree->buffer, start >> PAGE_CACHE_SHIFT); - atomic_inc(&exists->refs); + if (!atomic_inc_not_zero(&exists->refs)) { + spin_unlock(&tree->buffer_lock); + radix_tree_preload_end(); + synchronize_rcu(); + exists = NULL; + goto again; + } spin_unlock(&tree->buffer_lock); radix_tree_preload_end(); goto free_eb; |