Commit a9e9acae authored by Xue jiufei's avatar Xue jiufei Committed by Linus Torvalds

ocfs2: fix umount hang while shutting down truncate log

Revert commit 75f82eaa ("ocfs2: fix NULL pointer dereference when
dismount and ocfs2rec simultaneously") because it may cause a umount
hang while shutting down the truncate log.

fix NULL pointer dereference when dismount and ocfs2rec simultaneously

The situation is as followes:
ocfs2_dismout_volume
-> ocfs2_recovery_exit
  -> free osb->recovery_map
-> ocfs2_truncate_shutdown
  -> lock global bitmap inode
    -> ocfs2_wait_for_recovery
	  -> check whether osb->recovery_map->rm_used is zero

Because osb->recovery_map is already freed, rm_used can be any other
values, so it may yield umount hang.

To prevent NULL pointer dereference while getting sys_root_inode, we use
a osb_tl_disable flag to disable schedule osb_truncate_log_wq after
truncate log shutdown.
Signed-off-by: default avatarjoyce.xue <xuejiufei@huawei.com>
Cc: Mark Fasheh <mfasheh@suse.com>
Cc: Joel Becker <jlbec@evilplan.org>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent c253ed1f
...@@ -6046,7 +6046,8 @@ static void ocfs2_truncate_log_worker(struct work_struct *work) ...@@ -6046,7 +6046,8 @@ static void ocfs2_truncate_log_worker(struct work_struct *work)
void ocfs2_schedule_truncate_log_flush(struct ocfs2_super *osb, void ocfs2_schedule_truncate_log_flush(struct ocfs2_super *osb,
int cancel) int cancel)
{ {
if (osb->osb_tl_inode) { if (osb->osb_tl_inode &&
atomic_read(&osb->osb_tl_disable) == 0) {
/* We want to push off log flushes while truncates are /* We want to push off log flushes while truncates are
* still running. */ * still running. */
if (cancel) if (cancel)
...@@ -6223,6 +6224,8 @@ void ocfs2_truncate_log_shutdown(struct ocfs2_super *osb) ...@@ -6223,6 +6224,8 @@ void ocfs2_truncate_log_shutdown(struct ocfs2_super *osb)
int status; int status;
struct inode *tl_inode = osb->osb_tl_inode; struct inode *tl_inode = osb->osb_tl_inode;
atomic_set(&osb->osb_tl_disable, 1);
if (tl_inode) { if (tl_inode) {
cancel_delayed_work(&osb->osb_truncate_log_wq); cancel_delayed_work(&osb->osb_truncate_log_wq);
flush_workqueue(ocfs2_wq); flush_workqueue(ocfs2_wq);
...@@ -6254,6 +6257,7 @@ int ocfs2_truncate_log_init(struct ocfs2_super *osb) ...@@ -6254,6 +6257,7 @@ int ocfs2_truncate_log_init(struct ocfs2_super *osb)
* until we're sure all is well. */ * until we're sure all is well. */
INIT_DELAYED_WORK(&osb->osb_truncate_log_wq, INIT_DELAYED_WORK(&osb->osb_truncate_log_wq,
ocfs2_truncate_log_worker); ocfs2_truncate_log_worker);
atomic_set(&osb->osb_tl_disable, 0);
osb->osb_tl_bh = tl_bh; osb->osb_tl_bh = tl_bh;
osb->osb_tl_inode = tl_inode; osb->osb_tl_inode = tl_inode;
......
...@@ -422,6 +422,7 @@ struct ocfs2_super ...@@ -422,6 +422,7 @@ struct ocfs2_super
struct inode *osb_tl_inode; struct inode *osb_tl_inode;
struct buffer_head *osb_tl_bh; struct buffer_head *osb_tl_bh;
struct delayed_work osb_truncate_log_wq; struct delayed_work osb_truncate_log_wq;
atomic_t osb_tl_disable;
/* /*
* How many clusters in our truncate log. * How many clusters in our truncate log.
* It must be protected by osb_tl_inode->i_mutex. * It must be protected by osb_tl_inode->i_mutex.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment