Hello,
It is possible to panic the box by a race condition that exists in the
journalling code where we do not take the j_revoke_lock when traversing the
journal's revoked record list. This patch has been tested and we haven't seen
the issue yet, its a rather straightforward and correct (at least I think so :)
fix. Thank you,
Signed-off-by: Josef Bacik <jbacik@xxxxxxxxxx>
diff --git a/fs/jbd/revoke.c b/fs/jbd/revoke.c
index 62e13c8..317f598 100644
--- a/fs/jbd/revoke.c
+++ b/fs/jbd/revoke.c
@@ -518,6 +518,7 @@ void journal_write_revoke_records(journal_t *journal,
for (i = 0; i < revoke->hash_size; i++) {
hash_list = &revoke->hash_table[i];
+ spin_lock(&journal->j_revoke_lock);
while (!list_empty(hash_list)) {
record = (struct jbd_revoke_record_s *)
hash_list->next;
@@ -528,6 +529,7 @@ void journal_write_revoke_records(journal_t *journal,
list_del(&record->hash);
kmem_cache_free(revoke_record_cache, record);
}
+ spin_unlock(&journal->j_revoke_lock);
}
if (descriptor)
flush_descriptor(journal, descriptor, offset);
@@ -694,10 +696,12 @@ void journal_clear_revoke(journal_t *journal)
for (i = 0; i < revoke->hash_size; i++) {
hash_list = &revoke->hash_table[i];
+ spin_lock(&journal->j_revoke_lock);
while (!list_empty(hash_list)) {
record = (struct jbd_revoke_record_s*) hash_list->next;
list_del(&record->hash);
kmem_cache_free(revoke_record_cache, record);
}
+ spin_unlock(&journal->j_revoke_lock);
}
}
-
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
