Re: corruption

Stephen C. Tweedie Fri, 01 Dec 2000 06:09:43 -0800
Hi,

On Fri, Dec 01, 2000 at 08:35:41AM +1100, Andrew Morton wrote:
> 
> I bet this'll catch it:
> 
>  static __inline__ void list_del(struct list_head *entry)
>  {
>       __list_del(entry->prev, entry->next);
> +     entry->next = entry->prev = 0;
>  }

No, because the buffer hash list is never referenced unless
buffer->b_inode is non-null, so we can't ever do a double-list_del on
the buffer.

The patch below should fix it.  It has been sent to Linus.  The
important part is the first hunk of the inode.c diff.

Cheers,
 Stephen

fsync-fix2.diff:
--- fs/buffer.c.~1~     Wed Nov 29 15:16:43 2000
+++ fs/buffer.c Fri Dec  1 00:41:28 2000
@@ -871,10 +871,11 @@
                else {
                        bh->b_inode = &tmp;
                        list_add(&bh->b_inode_buffers, &tmp.i_dirty_buffers);
-                       atomic_inc(&bh->b_count);
                        if (buffer_dirty(bh)) {
+                               atomic_inc(&bh->b_count);
                                spin_unlock(&lru_list_lock);
                                ll_rw_block(WRITE, 1, &bh);
+                               brelse(bh);
                                spin_lock(&lru_list_lock);
                        }
                }
@@ -883,6 +884,7 @@
        while (!list_empty(&tmp.i_dirty_buffers)) {
                bh = BH_ENTRY(tmp.i_dirty_buffers.prev);
                remove_inode_queue(bh);
+               atomic_inc(&bh->b_count);
                spin_unlock(&lru_list_lock);
                wait_on_buffer(bh);
                if (!buffer_uptodate(bh))
@@ -929,9 +931,9 @@
                        atomic_inc(&bh->b_count);
                        spin_unlock(&lru_list_lock);
                        wait_on_buffer(bh);
-                       brelse(bh);
                        if (!buffer_uptodate(bh))
                                err = -EIO;
+                       brelse(bh);
                        spin_lock(&lru_list_lock);
                        goto repeat;
                }
--- fs/inode.c.~1~      Wed Nov 29 15:16:43 2000
+++ fs/inode.c  Fri Dec  1 00:40:26 2000
@@ -77,7 +77,13 @@
 
 #define alloc_inode() \
         ((struct inode *) kmem_cache_alloc(inode_cachep, SLAB_KERNEL))
-#define destroy_inode(inode) kmem_cache_free(inode_cachep, (inode))
+static void destroy_inode(struct inode *inode) 
+{
+       if (!list_empty(&inode->i_dirty_buffers))
+               BUG();
+       kmem_cache_free(inode_cachep, (inode));
+}
+
 
 /*
  * These are initializations that only need to be done
@@ -348,6 +354,12 @@
  
 void clear_inode(struct inode *inode)
 {
+       if (!list_empty(&inode->i_dirty_buffers)) {
+               if (inode->i_nlink)
+                       BUG();
+               invalidate_inode_buffers(inode);
+       }
+       
        if (inode->i_data.nrpages)
                BUG();
        if (!(inode->i_state & I_FREEING))
@@ -407,6 +419,7 @@
                inode = list_entry(tmp, struct inode, i_list);
                if (inode->i_sb != sb)
                        continue;
+               invalidate_inode_buffers(inode);
                if (!atomic_read(&inode->i_count)) {
                        list_del(&inode->i_hash);
                        INIT_LIST_HEAD(&inode->i_hash);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
Re: corruption

Reply via email to
