[XFS] Do not access buffers after dropping reference count

We should not access a buffer after dropping it's reference count otherwise we could race with another thread that releases the final reference count and frees the buffer causing us to access potentially unmapped memory. The bug this change fixes only occured on DEBUG XFS since the offending code was in an ASSERT. SGI-PV: 984429 SGI-Modid: xfs-linux-melb:xfs-kern:31715a Signed-off-by: N Lachlan McIlroy <lachlan@sgi.com> Signed-off-by: N David Chinner <david@fromorbit.com>

[XFS] Do not access buffers after dropping reference count
We should not access a buffer after dropping it's reference count otherwise we could race with another thread that releases the final reference count and frees the buffer causing us to access potentially unmapped memory. The bug this change fixes only occured on DEBUG XFS since the offending code was in an ASSERT. SGI-PV: 984429 SGI-Modid: xfs-linux-melb:xfs-kern:31715a Signed-off-by: N Lachlan McIlroy <lachlan@sgi.com> Signed-off-by: N David Chinner <david@fromorbit.com>
3790689f · Lachlan McIlroy · Lachlan McIlroy · 79071eb0 · 3790689f
隐藏空白更改
内联并排

Showing with 1 addition and 5 deletion

fs/xfs/linux-2.6/xfs_buf.c fs/xfs/linux-2.6/xfs_buf.c +1 -5

未找到文件。
--- a/fs/xfs/linux-2.6/xfs_buf.c
+++ b/fs/xfs/linux-2.6/xfs_buf.c
@@ -838,6 +838,7 @@ xfs_buf_rele(
 		return;
 	}

+	ASSERT(atomic_read(&bp->b_hold) > 0);
 	if (atomic_dec_and_lock(&bp->b_hold, &hash->bh_lock)) {
 		if (bp->b_relse) {
 			atomic_inc(&bp->b_hold);
@@ -851,11 +852,6 @@ xfs_buf_rele(
 			spin_unlock(&hash->bh_lock);
 			xfs_buf_free(bp);
 		}
-	} else {
-		/*
-		 * Catch reference count leaks
-		 */
-		ASSERT(atomic_read(&bp->b_hold) >= 0);
 	}
 }