提交 115391d2 编写于 作者: J Josef Bacik 提交者: Chris Mason

Btrfs: only use the existing eb if it's count isn't 0

We can run into a problem where we find an eb for our existing page already on
the radix tree but it has a ref count of 0.  It hasn't yet been removed by RCU
yet so this can cause issues where we will use the EB after free.  So do
atomic_inc_not_zero on the exists->refs and if it is zero just do
synchronize_rcu() and try again.  We won't have to worry about new allocators
coming in since they will block on the page lock at this point.  Thanks,
Signed-off-by: NJosef Bacik <josef@redhat.com>
上级 4f2de97a
...@@ -3750,7 +3750,7 @@ struct extent_buffer *alloc_extent_buffer(struct extent_io_tree *tree, ...@@ -3750,7 +3750,7 @@ struct extent_buffer *alloc_extent_buffer(struct extent_io_tree *tree,
} }
if (uptodate) if (uptodate)
set_bit(EXTENT_BUFFER_UPTODATE, &eb->bflags); set_bit(EXTENT_BUFFER_UPTODATE, &eb->bflags);
again:
ret = radix_tree_preload(GFP_NOFS & ~__GFP_HIGHMEM); ret = radix_tree_preload(GFP_NOFS & ~__GFP_HIGHMEM);
if (ret) if (ret)
goto free_eb; goto free_eb;
...@@ -3760,7 +3760,13 @@ struct extent_buffer *alloc_extent_buffer(struct extent_io_tree *tree, ...@@ -3760,7 +3760,13 @@ struct extent_buffer *alloc_extent_buffer(struct extent_io_tree *tree,
if (ret == -EEXIST) { if (ret == -EEXIST) {
exists = radix_tree_lookup(&tree->buffer, exists = radix_tree_lookup(&tree->buffer,
start >> PAGE_CACHE_SHIFT); start >> PAGE_CACHE_SHIFT);
atomic_inc(&exists->refs); if (!atomic_inc_not_zero(&exists->refs)) {
spin_unlock(&tree->buffer_lock);
radix_tree_preload_end();
synchronize_rcu();
exists = NULL;
goto again;
}
spin_unlock(&tree->buffer_lock); spin_unlock(&tree->buffer_lock);
radix_tree_preload_end(); radix_tree_preload_end();
goto free_eb; goto free_eb;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册