Btrfs: only use the existing eb if it's count isn't 0
We can run into a problem where we find an eb for our existing page already on the radix tree but it has a ref count of 0. It hasn't yet been removed by RCU yet so this can cause issues where we will use the EB after free. So do atomic_inc_not_zero on the exists->refs and if it is zero just do synchronize_rcu() and try again. We won't have to worry about new allocators coming in since they will block on the page lock at this point. Thanks, Signed-off-by: Josef Bacik <josef@redhat.com>
This commit is contained in:
parent
4f2de97ace
commit
115391d231
@ -3750,7 +3750,7 @@ struct extent_buffer *alloc_extent_buffer(struct extent_io_tree *tree,
|
||||
}
|
||||
if (uptodate)
|
||||
set_bit(EXTENT_BUFFER_UPTODATE, &eb->bflags);
|
||||
|
||||
again:
|
||||
ret = radix_tree_preload(GFP_NOFS & ~__GFP_HIGHMEM);
|
||||
if (ret)
|
||||
goto free_eb;
|
||||
@ -3760,7 +3760,13 @@ struct extent_buffer *alloc_extent_buffer(struct extent_io_tree *tree,
|
||||
if (ret == -EEXIST) {
|
||||
exists = radix_tree_lookup(&tree->buffer,
|
||||
start >> PAGE_CACHE_SHIFT);
|
||||
atomic_inc(&exists->refs);
|
||||
if (!atomic_inc_not_zero(&exists->refs)) {
|
||||
spin_unlock(&tree->buffer_lock);
|
||||
radix_tree_preload_end();
|
||||
synchronize_rcu();
|
||||
exists = NULL;
|
||||
goto again;
|
||||
}
|
||||
spin_unlock(&tree->buffer_lock);
|
||||
radix_tree_preload_end();
|
||||
goto free_eb;
|
||||
|
Loading…
Reference in New Issue
Block a user