[patch 17/39] [PATCH] fix deadlock in ext2

From: Chris Wright
Date: Mon Feb 27 2006 - 17:42:24 EST

Next message: Chris Wright: "[patch 18/39] [PATCH] sys_mbind sanity checking"
Previous message: Chris Wright: "[patch 16/39] [PATCH] fix zap_threads ptrace related problems"
In reply to: Chris Wright: "[patch 16/39] [PATCH] fix zap_threads ptrace related problems"
Next in thread: Chris Wright: "[patch 18/39] [PATCH] sys_mbind sanity checking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-stable review patch. If anyone has any objections, please let us know.
------------------

Fix a deadlock possible in the ext2 file system implementation. This
deadlock occurs when a file is removed from an ext2 file system which was
mounted with the "sync" mount option.

The problem is that ext2_xattr_delete_inode() was invoking the routine,
sync_dirty_buffer(), using a buffer head which was previously locked via
lock_buffer(). The first thing that sync_dirty_buffer() does is to lock
the buffer head that it was passed. It does this via lock_buffer(). Oops.

The solution is to unlock the buffer head in ext2_xattr_delete_inode()
before invoking sync_dirty_buffer(). This makes the code in
ext2_xattr_delete_inode() obey the same locking rules as all other callers
of sync_dirty_buffer() in the ext2 file system implementation.

Signed-off-by: Peter Staubach <staubach@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>
---

fs/ext2/xattr.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)

--- linux-2.6.15.4.orig/fs/ext2/xattr.c
+++ linux-2.6.15.4/fs/ext2/xattr.c
@@ -796,18 +796,20 @@ ext2_xattr_delete_inode(struct inode *in
ext2_free_blocks(inode, EXT2_I(inode)->i_file_acl, 1);
get_bh(bh);
bforget(bh);
+ unlock_buffer(bh);
} else {
HDR(bh)->h_refcount = cpu_to_le32(
le32_to_cpu(HDR(bh)->h_refcount) - 1);
if (ce)
mb_cache_entry_release(ce);
+ ea_bdebug(bh, "refcount now=%d",
+ le32_to_cpu(HDR(bh)->h_refcount));
+ unlock_buffer(bh);
mark_buffer_dirty(bh);
if (IS_SYNC(inode))
sync_dirty_buffer(bh);
DQUOT_FREE_BLOCK(inode, 1);
}
- ea_bdebug(bh, "refcount now=%d", le32_to_cpu(HDR(bh)->h_refcount) - 1);
- unlock_buffer(bh);
EXT2_I(inode)->i_file_acl = 0;

cleanup:

--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Wright: "[patch 18/39] [PATCH] sys_mbind sanity checking"
Previous message: Chris Wright: "[patch 16/39] [PATCH] fix zap_threads ptrace related problems"
In reply to: Chris Wright: "[patch 16/39] [PATCH] fix zap_threads ptrace related problems"
Next in thread: Chris Wright: "[patch 18/39] [PATCH] sys_mbind sanity checking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]