tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

[PATCH] fix deadlock in ext2

Fix a deadlock possible in the ext2 file system implementation. This
deadlock occurs when a file is removed from an ext2 file system which was
mounted with the "sync" mount option.

The problem is that ext2_xattr_delete_inode() was invoking the routine,
sync_dirty_buffer(), using a buffer head which was previously locked via
lock_buffer(). The first thing that sync_dirty_buffer() does is to lock
the buffer head that it was passed. It does this via lock_buffer(). Oops.

The solution is to unlock the buffer head in ext2_xattr_delete_inode()
before invoking sync_dirty_buffer(). This makes the code in
ext2_xattr_delete_inode() obey the same locking rules as all other callers
of sync_dirty_buffer() in the ext2 file system implementation.

Signed-off-by: Peter Staubach <staubach@redhat.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

authored by Peter Staubach and committed by Linus Torvalds b2f49033 614f8f50

+4 -2
unified split
+4 -2
fs/ext2/xattr.c
··· 792 792 ext2_free_blocks(inode, EXT2_I(inode)->i_file_acl, 1); 793 793 get_bh(bh); 794 794 bforget(bh); 795 + unlock_buffer(bh); 795 796 } else { 796 797 HDR(bh)->h_refcount = cpu_to_le32( 797 798 le32_to_cpu(HDR(bh)->h_refcount) - 1); 798 799 if (ce) 799 800 mb_cache_entry_release(ce); 801 + ea_bdebug(bh, "refcount now=%d", 802 + le32_to_cpu(HDR(bh)->h_refcount)); 803 + unlock_buffer(bh); 800 804 mark_buffer_dirty(bh); 801 805 if (IS_SYNC(inode)) 802 806 sync_dirty_buffer(bh); 803 807 DQUOT_FREE_BLOCK(inode, 1); 804 808 } 805 - ea_bdebug(bh, "refcount now=%d", le32_to_cpu(HDR(bh)->h_refcount) - 1); 806 - unlock_buffer(bh); 807 809 EXT2_I(inode)->i_file_acl = 0; 808 810 809 811 cleanup: