aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTahsin Erdogan2017-06-21 21:19:16 -0400
committerTheodore Ts'o2017-06-21 21:19:16 -0400
commit0de5983d354adbf1c9fa57eca8b5dd8155132fb1 (patch)
tree13fd1715aba9b3ee5d6d5a5ce5238434fd67c372
parent33d201e0277b2d496f66b621f63693ced2da4198 (diff)
ext4: lock inode before calling ext4_orphan_add()
ext4_orphan_add() requires caller to be holding the inode lock. Add missing lock statements. WARNING: CPU: 3 PID: 1806 at fs/ext4/namei.c:2731 ext4_orphan_add+0x4e/0x240 CPU: 3 PID: 1806 Comm: python Not tainted 4.12.0-rc1+ #746 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 task: ffff880135d466c0 task.stack: ffffc900014b0000 RIP: 0010:ext4_orphan_add+0x4e/0x240 RSP: 0018:ffffc900014b3d50 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff8801348fe1f0 RCX: ffffc900014b3c64 RDX: 0000000000000000 RSI: ffff8801348fe1f0 RDI: ffff8801348fe1f0 RBP: ffffc900014b3da0 R08: 0000000000000000 R09: ffffffff80e82025 R10: 0000000000004692 R11: 000000000000468d R12: ffff880137598000 R13: ffff880137217000 R14: ffff880134ac58d0 R15: 0000000000000000 FS: 00007fc50f09e740(0000) GS:ffff88013fd80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000008bc2e0 CR3: 00000001375ac000 CR4: 00000000000006e0 Call Trace: ext4_xattr_inode_orphan_add.constprop.19+0x9d/0xf0 ext4_xattr_delete_inode+0x1c4/0x2f0 ext4_evict_inode+0x15a/0x7f0 evict+0xc0/0x1a0 iput+0x16a/0x270 do_unlinkat+0x172/0x290 SyS_unlink+0x11/0x20 entry_SYSCALL_64_fastpath+0x18/0xad Signed-off-by: Tahsin Erdogan <tahsin@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
-rw-r--r--fs/ext4/xattr.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
index 3d19be8f102e..02b0462fec62 100644
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -1961,7 +1961,9 @@ ext4_xattr_inode_orphan_add(handle_t *handle, struct inode *inode,
lea_ino_array->xia_inodes[idx], &error);
if (error)
continue;
+ inode_lock(ea_inode);
ext4_orphan_add(handle, ea_inode);
+ inode_unlock(ea_inode);
/* the inode's i_count will be released by caller */
}