forked from Minki/linux
xfs: clean up root inode properly on mount failure
The root inode is read as part of the xfs_mountfs() sequence and the reference is dropped in the event of failure after we grab the inode. The reference drop doesn't necessarily free the inode, however. It marks it for reclaim and potentially kicks off the reclaim workqueue. The workqueue is destroyed further up the error path, which means we are subject to crash if the workqueue job runs after this point or a memory leak which is identified if the xfs_inode_zone is destroyed (e.g., on module removal). Both of these outcomes are reproducible via manual instrumentation of a mount error after the root inode xfs_iget() call in xfs_mountfs(). Update the xfs_mountfs() error path to cancel any potential reclaim work items and to run a synchronous inode reclaim if the root inode is marked for reclaim. This ensures that no jobs remain on the queue before it is destroyed and that the root inode is freed before the reclaim mechanism is torn down. Signed-off-by: Brian Foster <bfoster@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Dave Chinner <david@fromorbit.com>
This commit is contained in:
parent
a3f2001465
commit
0ae120f8a8
@ -957,6 +957,8 @@ xfs_mountfs(
|
|||||||
xfs_rtunmount_inodes(mp);
|
xfs_rtunmount_inodes(mp);
|
||||||
out_rele_rip:
|
out_rele_rip:
|
||||||
IRELE(rip);
|
IRELE(rip);
|
||||||
|
cancel_delayed_work_sync(&mp->m_reclaim_work);
|
||||||
|
xfs_reclaim_inodes(mp, SYNC_WAIT);
|
||||||
out_log_dealloc:
|
out_log_dealloc:
|
||||||
xfs_log_mount_cancel(mp);
|
xfs_log_mount_cancel(mp);
|
||||||
out_fail_wait:
|
out_fail_wait:
|
||||||
|
Loading…
Reference in New Issue
Block a user