GFS2: Update master statfs buffer with sd_statfs_spin locked

Before this patch, function update_statfs called gfs2_statfs_change_out
to update the master statfs buffer without the sd_statfs_spin held.
In theory, another process could call gfs2_statfs_sync, which takes
the sd_statfs_spin lock and re-reads m_sc from the buffer. So there's
a theoretical timing window in which one process could write the
master statfs buffer, then another comes along and re-reads it, wiping
out the changes.

Signed-off-by: Bob Peterson <rpeterso@redhat.com>

diff --git a/fs/gfs2/super.c b/fs/gfs2/super.c
index 64f03c821b5dbfcb461887c3331ca42fa49b0df3..03fa155f703ed3cd309d1d5d62fc36b5032f7957 100644 (file)
--- a/fs/gfs2/super.c
+++ b/fs/gfs2/super.c
@@ -556,6 +556,7 @@ void update_statfs(struct gfs2_sbd *sdp, struct buffer_head *m_bh,
        struct gfs2_statfs_change_host *l_sc = &sdp->sd_statfs_local;
 
        gfs2_trans_add_meta(l_ip->i_gl, l_bh);
+       gfs2_trans_add_meta(m_ip->i_gl, m_bh);
 
        spin_lock(&sdp->sd_statfs_spin);
        m_sc->sc_total += l_sc->sc_total;
@@ -564,10 +565,8 @@ void update_statfs(struct gfs2_sbd *sdp, struct buffer_head *m_bh,
        memset(l_sc, 0, sizeof(struct gfs2_statfs_change));
        memset(l_bh->b_data + sizeof(struct gfs2_dinode),
               0, sizeof(struct gfs2_statfs_change));
-       spin_unlock(&sdp->sd_statfs_spin);
-
-       gfs2_trans_add_meta(m_ip->i_gl, m_bh);
        gfs2_statfs_change_out(m_sc, m_bh->b_data + sizeof(struct gfs2_dinode));
+       spin_unlock(&sdp->sd_statfs_spin);
 }
 
 int gfs2_statfs_sync(struct super_block *sb, int type)