reiserfs: Force inode evictions before umount to avoid crash
authorJeff Mahoney <jeffm@suse.com>
Wed, 21 Dec 2011 20:18:43 +0000 (21:18 +0100)
committerGreg Kroah-Hartman <gregkh@suse.de>
Thu, 12 Jan 2012 19:35:05 +0000 (11:35 -0800)
commit a9e36da655e54545c3289b2a0700b5c443de0edd upstream.

This patch fixes a crash in reiserfs_delete_xattrs during umount.

When shrink_dcache_for_umount clears the dcache from
generic_shutdown_super, delayed evictions are forced to disk. If an
evicted inode has extended attributes associated with it, it will
need to walk the xattr tree to locate and remove them.

But since shrink_dcache_for_umount will BUG if it encounters active
dentries, the xattr tree must be released before it's called or it will
crash during every umount.

This patch forces the evictions to occur before generic_shutdown_super
by calling shrink_dcache_sb first. The additional evictions caused
by the removal of each associated xattr file and dir will be automatically
handled as they're added to the LRU list.

CC: reiserfs-devel@vger.kernel.org
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
fs/reiserfs/super.c

index a19a9f5b55ee264486fca3f5690758bc8b670cc2..f19dfbf60002efa4c84ecabd09e3c9cb10ce23a7 100644 (file)
@@ -453,16 +453,20 @@ int remove_save_link(struct inode *inode, int truncate)
 static void reiserfs_kill_sb(struct super_block *s)
 {
        if (REISERFS_SB(s)) {
-               if (REISERFS_SB(s)->xattr_root) {
-                       d_invalidate(REISERFS_SB(s)->xattr_root);
-                       dput(REISERFS_SB(s)->xattr_root);
-                       REISERFS_SB(s)->xattr_root = NULL;
-               }
-               if (REISERFS_SB(s)->priv_root) {
-                       d_invalidate(REISERFS_SB(s)->priv_root);
-                       dput(REISERFS_SB(s)->priv_root);
-                       REISERFS_SB(s)->priv_root = NULL;
-               }
+               /*
+                * Force any pending inode evictions to occur now. Any
+                * inodes to be removed that have extended attributes
+                * associated with them need to clean them up before
+                * we can release the extended attribute root dentries.
+                * shrink_dcache_for_umount will BUG if we don't release
+                * those before it's called so ->put_super is too late.
+                */
+               shrink_dcache_sb(s);
+
+               dput(REISERFS_SB(s)->xattr_root);
+               REISERFS_SB(s)->xattr_root = NULL;
+               dput(REISERFS_SB(s)->priv_root);
+               REISERFS_SB(s)->priv_root = NULL;
        }
 
        kill_block_super(s);