Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-5.4 / 9e32784b71c2c84895016ca6ab271591669c02aa
commit9e32784b71c2c84895016ca6ab271591669c02aa[log] [tgz]
authorDmitry <dmonakhov@openvz.org>Sat Oct 09 23:15:30 2010 +0400
committerJan Kara <jack@suse.cz>Thu Oct 28 01:30:02 2010 +0200
treedb69a152de57f65666408591a06f15cb865c695f
parenta910eefa511f9d1118effc13fba6773163502c4f [diff]
quota: fix dquot_disable vs dquot_transfer race v2

I've got following lockup:
dquot_disable                              dquot_transfer
                                            ->dqget()
					       sb_has_quota_active
dqopt->flags &= ~dquot_state_flag(f, cnt)      atomic_inc(dq->dq_count)
 ->drop_dquot_ref(sb, cnt);
    down_write(dqptr_sem)
    inode->i_dquot[cnt] = NULL              ->__dquot_transfer
invalidate_dquots(sb, cnt);		       down_write(&dqptr_sem)
  ->wait for dq_wait_unused		       inode->i_dquot = new_dquot
  /* wait forever */                            ^^^^New quota user^^^^^^

We cannot allow new references to dquots from inodes after drop_dquot_ref()
has removed them.  We have to recheck quota state under dqptr_sem and before
assignment, as we do it in dquot_initialize().

Signed-off-by: Dmitry Monakhov <dmonakhov@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
1 file changed
tree: db69a152de57f65666408591a06f15cb865c695f
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. MAINTAINERS
  28. Makefile
  29. README
  30. REPORTING-BUGS