| Message ID | 20180125180256.10844-6-bo.li.liu@oracle.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 25.01.2018 20:02, Liu Bo wrote: > This regression is introduced in > commit 3d48d9810de4 ("btrfs: Handle uninitialised inode eviction"). > > There are two problems, > > a) it is ->destroy_inode() that does the final free on inode, not > ->evict_inode(), > b) clear_inode() must be called before ->evict_inode() returns. > > This could end up hitting BUG_ON(inode->i_state != (I_FREEING | I_CLEAR)); > in evict() because I_CLEAR is set in clear_inode(). > Oops, It seems I've missed that when I wrote the original patch. Reviewed-by: Nikolay Borisov <nborisov@suse.com> > Fixes: commit 3d48d9810de4 ("btrfs: Handle uninitialised inode eviction") > Cc: <stable@vger.kernel.org> # v4.7-rc6+ > Signed-off-by: Liu Bo <bo.li.liu@oracle.com> > --- > fs/btrfs/inode.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c > index 281a250..bc6ef73 100644 > --- a/fs/btrfs/inode.c > +++ b/fs/btrfs/inode.c > @@ -5286,7 +5286,7 @@ void btrfs_evict_inode(struct inode *inode) > trace_btrfs_inode_evict(inode); > > if (!root) { > - kmem_cache_free(btrfs_inode_cachep, BTRFS_I(inode)); > + clear_inode(inode); > return; > } > > -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Thu, Jan 25, 2018 at 11:02:53AM -0700, Liu Bo wrote: > This regression is introduced in > commit 3d48d9810de4 ("btrfs: Handle uninitialised inode eviction"). > > There are two problems, > > a) it is ->destroy_inode() that does the final free on inode, not > ->evict_inode(), > b) clear_inode() must be called before ->evict_inode() returns. > > This could end up hitting BUG_ON(inode->i_state != (I_FREEING | I_CLEAR)); > in evict() because I_CLEAR is set in clear_inode(). > > Fixes: commit 3d48d9810de4 ("btrfs: Handle uninitialised inode eviction") > Cc: <stable@vger.kernel.org> # v4.7-rc6+ > Signed-off-by: Liu Bo <bo.li.liu@oracle.com> > --- Reviewed-by: Josef Bacik <jbacik@fb.com> Thanks, Josef -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 281a250..bc6ef73 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -5286,7 +5286,7 @@ void btrfs_evict_inode(struct inode *inode) trace_btrfs_inode_evict(inode); if (!root) { - kmem_cache_free(btrfs_inode_cachep, BTRFS_I(inode)); + clear_inode(inode); return; }
This regression is introduced in commit 3d48d9810de4 ("btrfs: Handle uninitialised inode eviction"). There are two problems, a) it is ->destroy_inode() that does the final free on inode, not ->evict_inode(), b) clear_inode() must be called before ->evict_inode() returns. This could end up hitting BUG_ON(inode->i_state != (I_FREEING | I_CLEAR)); in evict() because I_CLEAR is set in clear_inode(). Fixes: commit 3d48d9810de4 ("btrfs: Handle uninitialised inode eviction") Cc: <stable@vger.kernel.org> # v4.7-rc6+ Signed-off-by: Liu Bo <bo.li.liu@oracle.com> --- fs/btrfs/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)