btrfs: btrfs_evict_inode must clear all inodes
diff mbox

Message ID c38b2527-899f-9be2-87e5-6b4048e17217@suse.com
State New
Headers show

Commit Message

Jeff Mahoney Jan. 29, 2018, 4:46 p.m. UTC
btrfs_evict_inode must clear all inodes or we'll hit a BUG_ON in evict().

Fixes: 3d48d9810de (btrfs: Handle uninitialised inode eviction)
Cc: Nikolay Borisov <nborisov@suse.com>
Cc: <stable@vger.kernel.org> # v4.8+
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
---
 fs/btrfs/inode.c |    1 +
 1 file changed, 1 insertion(+)

Comments

Nikolay Borisov Jan. 29, 2018, 4:48 p.m. UTC | #1
On 29.01.2018 18:46, Jeff Mahoney wrote:
> btrfs_evict_inode must clear all inodes or we'll hit a BUG_ON in evict().
> 
> Fixes: 3d48d9810de (btrfs: Handle uninitialised inode eviction)
> Cc: Nikolay Borisov <nborisov@suse.com>
> Cc: <stable@vger.kernel.org> # v4.8+
> Signed-off-by: Jeff Mahoney <jeffm@suse.com>


Yep, this is a genuine bug, however Liu Bo already sent a fix for that:

Btrfs: fix btrfs_evict_inode to handle abnormal inodes correctly

> ---
>  fs/btrfs/inode.c |    1 +
>  1 file changed, 1 insertion(+)
> 
> --- a/fs/btrfs/inode.c
> +++ b/fs/btrfs/inode.c
> @@ -5282,6 +5282,7 @@ void btrfs_evict_inode(struct inode *ino
>  	trace_btrfs_inode_evict(inode);
>  
>  	if (!root) {
> +		clear_inode(inode);
>  		kmem_cache_free(btrfs_inode_cachep, BTRFS_I(inode));
>  		return;
>  	}
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Liu Bo Jan. 29, 2018, 7:58 p.m. UTC | #2
On Mon, Jan 29, 2018 at 11:46:28AM -0500, Jeff Mahoney wrote:
> btrfs_evict_inode must clear all inodes or we'll hit a BUG_ON in evict().
> 
> Fixes: 3d48d9810de (btrfs: Handle uninitialised inode eviction)
> Cc: Nikolay Borisov <nborisov@suse.com>
> Cc: <stable@vger.kernel.org> # v4.8+
> Signed-off-by: Jeff Mahoney <jeffm@suse.com>
> ---
>  fs/btrfs/inode.c |    1 +
>  1 file changed, 1 insertion(+)
> 
> --- a/fs/btrfs/inode.c
> +++ b/fs/btrfs/inode.c
> @@ -5282,6 +5282,7 @@ void btrfs_evict_inode(struct inode *ino
>  	trace_btrfs_inode_evict(inode);
>  
>  	if (!root) {
> +		clear_inode(inode);
>  		kmem_cache_free(btrfs_inode_cachep, BTRFS_I(inode));

I had a patch for this, and also kmem_cache_free() is not supposed to
be called here, but in ->destroy_inode().

Thanks,

-liubo
>  		return;
>  	}
> 
> -- 
> Jeff Mahoney
> SUSE Labs
> --
> To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Jeff Mahoney Jan. 29, 2018, 8:03 p.m. UTC | #3
On 1/29/18 2:58 PM, Liu Bo wrote:
> On Mon, Jan 29, 2018 at 11:46:28AM -0500, Jeff Mahoney wrote:
>> btrfs_evict_inode must clear all inodes or we'll hit a BUG_ON in evict().
>>
>> Fixes: 3d48d9810de (btrfs: Handle uninitialised inode eviction)
>> Cc: Nikolay Borisov <nborisov@suse.com>
>> Cc: <stable@vger.kernel.org> # v4.8+
>> Signed-off-by: Jeff Mahoney <jeffm@suse.com>
>> ---
>>  fs/btrfs/inode.c |    1 +
>>  1 file changed, 1 insertion(+)
>>
>> --- a/fs/btrfs/inode.c
>> +++ b/fs/btrfs/inode.c
>> @@ -5282,6 +5282,7 @@ void btrfs_evict_inode(struct inode *ino
>>  	trace_btrfs_inode_evict(inode);
>>  
>>  	if (!root) {
>> +		clear_inode(inode);
>>  		kmem_cache_free(btrfs_inode_cachep, BTRFS_I(inode));
> 
> I had a patch for this, and also kmem_cache_free() is not supposed to
> be called here, but in ->destroy_inode().

Yep, that too.

Thanks,

-Jeff

Patch
diff mbox

--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -5282,6 +5282,7 @@  void btrfs_evict_inode(struct inode *ino
 	trace_btrfs_inode_evict(inode);
 
 	if (!root) {
+		clear_inode(inode);
 		kmem_cache_free(btrfs_inode_cachep, BTRFS_I(inode));
 		return;
 	}