[XFS] Do not access buffers after dropping reference count

We should not access a buffer after dropping it's reference count otherwise we could race with another thread that releases the final reference count and frees the buffer causing us to access potentially unmapped memory. The bug this change fixes only occured on DEBUG XFS since the offending code was in an ASSERT. SGI-PV: 984429 SGI-Modid: xfs-linux-melb:xfs-kern:31715a Signed-off-by: Lachlan McIlroy <lachlan@sgi.com> Signed-off-by: David Chinner <david@fromorbit.com>
author: Lachlan McIlroy <lachlan@sgi.com> 2008-08-13 05:42:10 (GMT)
committer: Lachlan McIlroy <lachlan@redback.melbourne.sgi.com> 2008-08-13 05:42:10 (GMT)
commit: 3790689fa3c771bba6bafb7dee3e8389dd0b55bc (patch)
tree: 1445885f92de7f14034f4f5a647ea3e5ea6b43d8 /fs/xfs
parent: 79071eb0b2f142b9cc6531d04fa2915943938b5e (diff)
download: linux-fsl-qoriq-3790689fa3c771bba6bafb7dee3e8389dd0b55bc.tar.xz
1 files changed, 1 insertions, 5 deletions
diff --git a/fs/xfs/linux-2.6/xfs_buf.c b/fs/xfs/linux-2.6/xfs_buf.c
index 9cc8f02..9f45c74 100644
--- a/fs/xfs/linux-2.6/xfs_buf.c
+++ b/fs/xfs/linux-2.6/xfs_buf.c
@@ -838,6 +838,7 @@ xfs_buf_rele(
 		return;
 	}
 
+	ASSERT(atomic_read(&bp->b_hold) > 0);
 	if (atomic_dec_and_lock(&bp->b_hold, &hash->bh_lock)) {
 		if (bp->b_relse) {
 			atomic_inc(&bp->b_hold);
@@ -851,11 +852,6 @@ xfs_buf_rele(
 			spin_unlock(&hash->bh_lock);
 			xfs_buf_free(bp);
 		}
-	} else {
-		/*
-		 * Catch reference count leaks
-		 */
-		ASSERT(atomic_read(&bp->b_hold) >= 0);
 	}
 }
author	Lachlan McIlroy <lachlan@sgi.com>	2008-08-13 05:42:10 (GMT)
committer	Lachlan McIlroy <lachlan@redback.melbourne.sgi.com>	2008-08-13 05:42:10 (GMT)
commit	3790689fa3c771bba6bafb7dee3e8389dd0b55bc (patch)
tree	1445885f92de7f14034f4f5a647ea3e5ea6b43d8 /fs/xfs
parent	79071eb0b2f142b9cc6531d04fa2915943938b5e (diff)
download	linux-fsl-qoriq-3790689fa3c771bba6bafb7dee3e8389dd0b55bc.tar.xz