Commit a6bbce54 authored by Dave Chinner's avatar Dave Chinner Committed by Dave Chinner

xfs: bulkstat doesn't release AGI buffer on error

The recent refactoring of the bulkstat code left a small landmine in
the code. If a inobt read fails, then the tree walk is aborted and
returns without releasing the AGI buffer or freeing the cursor. This
can lead to a subsequent bulkstat call hanging trying to grab the
AGI buffer again.

cc: <stable@vger.kernel.org>
Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
Reviewed-by: default avatarBrian Foster <bfoster@redhat.com>
Reviewed-by: default avatarEric Sandeen <sandeen@redhat.com>
Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
parent cac7f242
...@@ -427,7 +427,7 @@ xfs_bulkstat( ...@@ -427,7 +427,7 @@ xfs_bulkstat(
error = xfs_bulkstat_grab_ichunk(cur, agino, &icount, &r); error = xfs_bulkstat_grab_ichunk(cur, agino, &icount, &r);
if (error) if (error)
break; goto del_cursor;
if (icount) { if (icount) {
irbp->ir_startino = r.ir_startino; irbp->ir_startino = r.ir_startino;
irbp->ir_freecount = r.ir_freecount; irbp->ir_freecount = r.ir_freecount;
...@@ -442,7 +442,7 @@ xfs_bulkstat( ...@@ -442,7 +442,7 @@ xfs_bulkstat(
error = xfs_inobt_lookup(cur, 0, XFS_LOOKUP_GE, &tmp); error = xfs_inobt_lookup(cur, 0, XFS_LOOKUP_GE, &tmp);
} }
if (error) if (error)
break; goto del_cursor;
/* /*
* Loop through inode btree records in this ag, * Loop through inode btree records in this ag,
...@@ -454,7 +454,7 @@ xfs_bulkstat( ...@@ -454,7 +454,7 @@ xfs_bulkstat(
error = xfs_inobt_get_rec(cur, &r, &i); error = xfs_inobt_get_rec(cur, &r, &i);
if (error || i == 0) { if (error || i == 0) {
end_of_ag = 1; end_of_ag = 1;
break; goto del_cursor;
} }
/* /*
...@@ -476,13 +476,17 @@ xfs_bulkstat( ...@@ -476,13 +476,17 @@ xfs_bulkstat(
error = xfs_btree_increment(cur, 0, &tmp); error = xfs_btree_increment(cur, 0, &tmp);
cond_resched(); cond_resched();
} }
/* /*
* Drop the btree buffers and the agi buffer. * Drop the btree buffers and the agi buffer as we can't hold any
* We can't hold any of the locks these represent * of the locks these represent when calling iget. If there is a
* when calling iget. * pending error, then we are done.
*/ */
del_cursor:
xfs_btree_del_cursor(cur, XFS_BTREE_NOERROR); xfs_btree_del_cursor(cur, XFS_BTREE_NOERROR);
xfs_buf_relse(agbp); xfs_buf_relse(agbp);
if (error)
break;
/* /*
* Now format all the good inodes into the user's buffer. * Now format all the good inodes into the user's buffer.
*/ */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment