Btrfs: fix possible empty list access when flushing the delalloc inodes

We didn't have a lock to protect the access to the delalloc inodes list, that is
we might access a empty delalloc inodes list if someone start flushing delalloc
inodes because the delalloc inodes were moved into a other list temporarily.
Fix it by wrapping the access with a lock.

Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
Signed-off-by: Josef Bacik <jbacik@fb.com>

diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h
index 5f4921554f0aa801498015d7b9b23e609a2c67cc..2a9d32e193a5f9c7b10f8f8f1d3b8abb8ede9bb6 100644 (file)
--- a/fs/btrfs/ctree.h
+++ b/fs/btrfs/ctree.h
@@ -1490,6 +1490,7 @@ struct btrfs_fs_info {
         */
        struct list_head ordered_roots;
 
+       struct mutex delalloc_root_mutex;
        spinlock_t delalloc_root_lock;
        /* all fs/file tree roots that have delalloc inodes. */
        struct list_head delalloc_roots;
@@ -1805,6 +1806,7 @@ struct btrfs_root {
        spinlock_t root_item_lock;
        atomic_t refs;
 
+       struct mutex delalloc_mutex;
        spinlock_t delalloc_lock;
        /*
         * all of the inodes that have delalloc bytes.  It is possible for

diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
index 237b5b5a2200236da709c2475f0af78897289990..d9698fda2d12c086edd5d0390202f809cd5c46ef 100644 (file)
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -1221,6 +1221,7 @@ static void __setup_root(u32 nodesize, u32 leafsize, u32 sectorsize,
        mutex_init(&root->objectid_mutex);
        mutex_init(&root->log_mutex);
        mutex_init(&root->ordered_extent_mutex);
+       mutex_init(&root->delalloc_mutex);
        init_waitqueue_head(&root->log_writer_wait);
        init_waitqueue_head(&root->log_commit_wait[0]);
        init_waitqueue_head(&root->log_commit_wait[1]);
@@ -2209,6 +2210,7 @@ int open_ctree(struct super_block *sb,
        spin_lock_init(&fs_info->buffer_lock);
        rwlock_init(&fs_info->tree_mod_log_lock);
        mutex_init(&fs_info->reloc_mutex);
+       mutex_init(&fs_info->delalloc_root_mutex);
        seqlock_init(&fs_info->profiles_lock);
 
        init_completion(&fs_info->kobj_unregister);

diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index fbaf1ac3941b5e05fa68681a3fa5b82fffaeedba..0ec876657923511ff21184f8dcfbc191e0c5b9d5 100644 (file)
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -8450,6 +8450,7 @@ static int __start_delalloc_inodes(struct btrfs_root *root, int delay_iput,
        INIT_LIST_HEAD(&works);
        INIT_LIST_HEAD(&splice);
 
+       mutex_lock(&root->delalloc_mutex);
        spin_lock(&root->delalloc_lock);
        list_splice_init(&root->delalloc_inodes, &splice);
        while (!list_empty(&splice)) {
@@ -8495,6 +8496,7 @@ static int __start_delalloc_inodes(struct btrfs_root *root, int delay_iput,
                list_splice_tail(&splice, &root->delalloc_inodes);
                spin_unlock(&root->delalloc_lock);
        }
+       mutex_unlock(&root->delalloc_mutex);
        return ret;
 }
 
@@ -8536,6 +8538,7 @@ int btrfs_start_delalloc_roots(struct btrfs_fs_info *fs_info, int delay_iput,
 
        INIT_LIST_HEAD(&splice);
 
+       mutex_lock(&fs_info->delalloc_root_mutex);
        spin_lock(&fs_info->delalloc_root_lock);
        list_splice_init(&fs_info->delalloc_roots, &splice);
        while (!list_empty(&splice) && nr) {
@@ -8575,6 +8578,7 @@ out:
                list_splice_tail(&splice, &fs_info->delalloc_roots);
                spin_unlock(&fs_info->delalloc_root_lock);
        }
+       mutex_unlock(&fs_info->delalloc_root_mutex);
        return ret;
 }