summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMiao Xie <miaox@cn.fujitsu.com>2013-05-15 07:48:15 +0000
committerJosef Bacik <jbacik@fusionio.com>2013-05-17 21:40:29 -0400
commit89042e5ad23d50449691141334f30d53d6271266 (patch)
tree17dd95d87abed2cab31d3c2cc316e85b314a4525
parentb9aa55bed1c1a3a329da31884b643c62d57ebb21 (diff)
downloadlinux-stable-89042e5ad23d50449691141334f30d53d6271266.tar.gz
linux-stable-89042e5ad23d50449691141334f30d53d6271266.tar.bz2
linux-stable-89042e5ad23d50449691141334f30d53d6271266.zip
Btrfs: fix accessing a freed tree root
inode_tree_del() will move the tree root into the dead root list, and then the tree will be destroyed by the cleaner. So if we remove the delayed node which is cached in the inode after inode_tree_del(), we may access a freed tree root. Fix it. Signed-off-by: Miao Xie <miaox@cn.fujitsu.com> Signed-off-by: Josef Bacik <jbacik@fusionio.com>
-rw-r--r--fs/btrfs/inode.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 99a9c25d36a6..790eceb48fb0 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -4727,6 +4727,7 @@ void btrfs_evict_inode(struct inode *inode)
btrfs_end_transaction(trans, root);
btrfs_btree_balance_dirty(root);
no_delete:
+ btrfs_remove_delayed_node(inode);
clear_inode(inode);
return;
}
@@ -7982,7 +7983,6 @@ void btrfs_destroy_inode(struct inode *inode)
inode_tree_del(inode);
btrfs_drop_extent_cache(inode, 0, (u64)-1, 0);
free:
- btrfs_remove_delayed_node(inode);
call_rcu(&inode->i_rcu, btrfs_i_callback);
}