Fix race yaffs_flush_inodes against iput master
authorchengchao <chengchao@kedacom.com>
Mon, 28 Jan 2019 03:19:15 +0000 (11:19 +0800)
committerCharles Manning <cdhmanning@gmail.com>
Thu, 31 Jan 2019 02:06:50 +0000 (15:06 +1300)
needs inode->i_sb->s_inode_list_lock protects
  inode->i_sb->s_inodes, inode->i_sb_list

Signed-off-by: chengchao <chengchao@kedacom.com>
yaffs_vfs_single.c

index 0ac24bc..1abbfd8 100644 (file)
@@ -1489,15 +1489,34 @@ static void yaffs_flush_inodes(struct super_block *sb)
 {
        struct inode *iptr;
        struct yaffs_obj *obj;
+       struct yaffs_dev *dev = yaffs_super_to_dev(sb);
 
+       spin_lock(&sb->s_inode_list_lock);
        list_for_each_entry(iptr, &sb->s_inodes, i_sb_list) {
+               spin_lock(&inode->i_lock);
+               if (iptr->i_state & (I_FREEING|I_WILL_FREE|I_NEW)) {
+                       spin_unlock(&inode->i_lock);
+                       continue;
+               }
+
+               __iget(iptr);
+               spin_unlock(&inode->i_lock);
+               spin_unlock(&sb->s_inode_list_lock);
+
                obj = yaffs_inode_to_obj(iptr);
                if (obj) {
                        yaffs_trace(YAFFS_TRACE_OS,
                                "flushing obj %d", obj->obj_id);
                        yaffs_flush_file(obj, 1, 0, 0);
                }
+
+               yaffs_gross_unlock(dev);
+               iput(iptr);
+               yaffs_gross_lock(dev);
+
+               spin_lock(&sb->s_inode_list_lock);
        }
+       spin_unlock(&sb->s_inode_list_lock);
 }
 
 static void yaffs_flush_super(struct super_block *sb, int do_checkpoint)