• Alexander Viro's avatar
    [PATCH] fix for prune_icache()/forced final iput() races · 991114c6
    Alexander Viro authored
    Based on analysis and a patch from Russ Weight <rweight@us.ibm.com>
    There is a race condition that can occur if an inode is allocated and then
    released (using iput) during the ->fill_super functions.  The race
    condition is between kswapd and mount.
    For most filesystems this can only happen in an error path when kswapd is
    running concurrently.  For isofs, however, the error can occur in a more
    common code path (which is how the bug was found).
    The logic here is "we want final iput() to free inode *now* instead of
    letting it sit in cache if fs is going down or had not quite come up".  The
    problem is with kswapd seeing such inodes in the middle of being killed and
    happily taking over.
    The clean solution would be to tell kswapd to leave those inodes alone and
    let our final iput deal with them.  I.e.  add a new flag
    (I_FORCED_FREEING), set it before write_inode_now() there and make
    prune_icache() leave those alone.
    Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
inode.c 34.5 KB