On Thu, Aug 06, 2015 at 01:44:31PM -0400, Brian Foster wrote: > The root inode is read as part of the xfs_mountfs() sequence and the > reference is dropped in the event of failure after we grab the inode. > The reference drop doesn't necessarily free the inode, however. It marks > it for reclaim and potentially kicks off the reclaim workqueue. The > workqueue is destroyed further up the error path, which means we are > subject to crash if the workqueue job runs after this point or a memory > leak which is identified if the xfs_inode_zone is destroyed (e.g., on > module removal). Both of these outcomes are reproducible via manual > instrumentation of a mount error after the root inode xfs_iget() call in > xfs_mountfs(). > > Update the xfs_mountfs() error path to cancel any potential reclaim work > items and to run a synchronous inode reclaim if the root inode is marked > for reclaim. This ensures that no jobs remain on the queue before it is > destroyed and that the root inode is freed before the reclaim mechanism > is torn down. > > Signed-off-by: Brian Foster <bfoster@xxxxxxxxxx> Looks good, Reviewed-by: Christoph Hellwig <hch@xxxxxx> _______________________________________________ xfs mailing list xfs@xxxxxxxxxxx http://oss.sgi.com/mailman/listinfo/xfs
