android_kernel_xiaomi_sm8350/fs
Wu Fengguang b6fac63cc1 vfs: skip I_CLEAR state inodes
clear_inode() will switch inode state from I_FREEING to I_CLEAR, and do so
_outside_ of inode_lock.  So any I_FREEING testing is incomplete without a
coupled testing of I_CLEAR.

So add I_CLEAR tests to drop_pagecache_sb(), generic_sync_sb_inodes() and
add_dquot_ref().

Masayoshi MIZUMA discovered the bug in drop_pagecache_sb() and Jan Kara
reminds fixing the other two cases.

Masayoshi MIZUMA has a nice panic flow:

=====================================================================
            [process A]               |        [process B]
 |                                    |
 |    prune_icache()                  | drop_pagecache()
 |      spin_lock(&inode_lock)        |   drop_pagecache_sb()
 |      inode->i_state |= I_FREEING;  |       |
 |      spin_unlock(&inode_lock)      |       V
 |          |                         |     spin_lock(&inode_lock)
 |          V                         |         |
 |      dispose_list()                |         |
 |        list_del()                  |         |
 |        clear_inode()               |         |
 |          inode->i_state = I_CLEAR  |         |
 |            |                       |         V
 |            |                       |      if (inode->i_state & (I_FREEING|I_WILL_FREE))
 |            |                       |              continue;           <==== NOT MATCH
 |            |                       |
 |            |                       | (DANGER from here on! Accessing disposing inode!)
 |            |                       |
 |            |                       |      __iget()
 |            |                       |        list_move() <===== PANIC on poisoned list !!
 V            V                       |
(time)
=====================================================================

Reported-by: Masayoshi MIZUMA <m.mizuma@jp.fujitsu.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-04-02 19:04:48 -07:00
..
9p vfs: simple_set_mnt() should return void 2009-03-27 14:44:03 -04:00
adfs constify dentry_operations: misc filesystems 2009-03-27 14:44:00 -04:00
affs constify dentry_operations: misc filesystems 2009-03-27 14:44:00 -04:00
afs proc 2/2: remove struct proc_dir_entry::owner 2009-03-31 01:14:44 +04:00
autofs constify dentry_operations: autofs, autofs4 2009-03-27 14:44:00 -04:00
autofs4 autofs4: fix lookup deadlock 2009-04-01 08:59:23 -07:00
befs
bfs
btrfs Merge git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-unstable 2009-04-01 10:20:44 -07:00
cifs proc 2/2: remove struct proc_dir_entry::owner 2009-03-31 01:14:44 +04:00
coda constify dentry_operations: misc filesystems 2009-03-27 14:44:00 -04:00
configfs constify dentry_operations: configfs 2009-03-27 14:44:03 -04:00
cramfs
debugfs
devpts Merge code for single and multiple-instance mounts 2009-03-27 14:44:04 -04:00
dlm dlm: fix length calculation in compat code 2009-03-11 12:23:59 -05:00
ecryptfs ecryptfs: use kzfree() 2009-04-01 08:59:23 -07:00
efs
exportfs
ext2 ext2: Zero our b_size in ext2_quota_read() 2009-03-26 02:18:38 +01:00
ext3 Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-quota-2.6 2009-03-27 14:48:34 -07:00
ext4 Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 2009-04-01 10:57:49 -07:00
fat constify dentry_operations: FAT 2009-03-27 14:44:01 -04:00
freevxfs
fuse mm: page_mkwrite change prototype to match fault 2009-04-01 08:59:14 -07:00
gfs2 mm: page_mkwrite change prototype to match fault 2009-04-01 08:59:14 -07:00
hfs constify dentry_operations: misc filesystems 2009-03-27 14:44:00 -04:00
hfsplus constify dentry_operations: misc filesystems 2009-03-27 14:44:00 -04:00
hostfs constify dentry_operations: misc filesystems 2009-03-27 14:44:00 -04:00
hpfs constify dentry_operations: misc filesystems 2009-03-27 14:44:00 -04:00
hppfs
hugetlbfs mm: reintroduce and deprecate rlimit based access for SHM_HUGETLB 2009-04-01 08:59:12 -07:00
isofs constify dentry_operations: misc filesystems 2009-03-27 14:44:00 -04:00
jbd jbd: fix return value of journal_start_commit() 2009-02-11 14:25:35 -08:00
jbd2 jbd2: Update locking coments 2009-03-27 17:20:40 -04:00
jffs2 [JFFS2] fix mount crash caused by removed nodes 2009-02-21 11:09:29 +01:00
jfs proc 2/2: remove struct proc_dir_entry::owner 2009-03-31 01:14:44 +04:00
lockd NSM: Fix unaligned accesses in nsm_init_private() 2009-04-01 13:24:14 -04:00
minix Update my email address 2009-03-22 11:28:37 -07:00
ncpfs constify dentry_operations: misc filesystems 2009-03-27 14:44:00 -04:00
nfs Merge branch 'devel' into for-linus 2009-04-01 13:28:15 -04:00
nfs_common
nfsd Merge branch 'devel' into for-linus 2009-04-01 13:28:15 -04:00
nls
notify fs: avoid I_NEW inodes 2009-03-27 14:44:05 -04:00
ntfs ntfs: remove private wrapper of endian helpers 2009-04-01 08:59:18 -07:00
ocfs2 mm: page_mkwrite change prototype to match fault 2009-04-01 08:59:14 -07:00
omfs
openpromfs
partitions Merge branch 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6 2009-03-26 16:04:22 -07:00
proc nommu: fix a number of issues with the per-MM VMA patch 2009-04-02 19:04:48 -07:00
qnx4 fs/Kconfig: move qnx4 out 2009-01-22 13:15:59 +03:00
quota vfs: skip I_CLEAR state inodes 2009-04-02 19:04:48 -07:00
ramfs ramfs: add support for "mode=" mount option 2009-04-01 08:59:22 -07:00
reiserfs Merge branch 'proc-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/adobriyan/proc 2009-03-30 16:06:04 -07:00
romfs fs/Kconfig: move romfs out 2009-01-22 13:15:59 +03:00
smbfs constify dentry_operations: misc filesystems 2009-03-27 14:44:00 -04:00
squashfs Squashfs: Valid filesystems are flagged as bad by the corrupted fs patch 2009-03-12 03:23:48 +00:00
sysfs mm: page_mkwrite change prototype to match fault: fix sysfs 2009-04-01 08:59:14 -07:00
sysv constify dentry_operations: misc filesystems 2009-03-27 14:44:00 -04:00
ubifs mm: page_mkwrite change prototype to match fault 2009-04-01 08:59:14 -07:00
udf udf: Use lowercase names of quota functions 2009-03-26 02:18:36 +01:00
ufs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2009-03-27 16:23:12 -07:00
xfs mm: page_mkwrite change prototype to match fault 2009-04-01 08:59:14 -07:00
aio.c aio: lookup_ioctx can return the wrong value when looking up a bogus context 2009-03-19 15:57:18 -07:00
anon_inodes.c constify dentry_operations: rest 2009-03-27 14:44:03 -04:00
attr.c vfs: Use lowercase names of quota functions 2009-03-26 02:18:35 +01:00
bad_inode.c
binfmt_aout.c
binfmt_elf_fdpic.c
binfmt_elf.c elf core dump: fix get_user use 2009-02-06 17:34:07 -08:00
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
binfmt_som.c
bio-integrity.c block: add private bio_set for bio integrity allocations 2009-03-24 12:35:17 +01:00
bio.c block: add private bio_set for bio integrity allocations 2009-03-24 12:35:17 +01:00
block_dev.c fs: move bdev code out of buffer.c 2009-03-27 14:44:03 -04:00
buffer.c filesystem freeze: allow SysRq emergency thaw to thaw frozen filesystems 2009-04-01 08:59:17 -07:00
char_dev.c
compat_binfmt_elf.c
compat_ioctl.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2009-03-01 21:35:16 -08:00
compat.c fix setuid sometimes doesn't 2009-03-28 17:30:00 -07:00
dcache.c cleanup d_add_ci 2009-03-27 14:43:57 -04:00
dcookies.c
direct-io.c
drop_caches.c vfs: skip I_CLEAR state inodes 2009-04-02 19:04:48 -07:00
eventfd.c epoll keyed wakeups: make eventfd use keyed wakeups 2009-04-01 08:59:20 -07:00
eventpoll.c epoll keyed wakeups: teach epoll about hints coming with the wakeup key 2009-04-01 08:59:20 -07:00
exec.c fix setuid sometimes doesn't 2009-03-28 17:30:00 -07:00
fcntl.c Fix a lockdep warning in fasync_helper() 2009-03-30 08:00:24 -06:00
fifo.c
file_table.c Merge branch 'bkl-removal' of git://git.lwn.net/linux-2.6 2009-03-26 16:14:02 -07:00
file.c
filesystems.c
fs-writeback.c vfs: skip I_CLEAR state inodes 2009-04-02 19:04:48 -07:00
generic_acl.c
inode.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2009-03-27 16:23:12 -07:00
internal.h fix setuid sometimes doesn't 2009-03-28 17:30:00 -07:00
ioctl.c Rationalize fasync return values 2009-03-16 08:34:35 -06:00
ioprio.c
Kconfig quota: Move quota files into separate directory 2009-03-26 02:18:35 +01:00
Kconfig.binfmt
libfs.c vfs: simple_set_mnt() should return void 2009-03-27 14:44:03 -04:00
locks.c
Makefile quota: Move quota files into separate directory 2009-03-26 02:18:35 +01:00
mbcache.c
mpage.c
namei.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2009-03-27 16:23:12 -07:00
namespace.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2009-03-27 16:23:12 -07:00
nfsctl.c
no-block.c
open.c vfs: Use lowercase names of quota functions 2009-03-26 02:18:35 +01:00
pipe.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2009-03-27 16:23:12 -07:00
pnode.c
pnode.h
posix_acl.c
read_write.c
read_write.h
readdir.c
select.c
seq_file.c cpumask: fix seq_bitmap_*() functions. 2009-03-30 22:05:11 +10:30
signalfd.c
splice.c
stack.c
stat.c
super.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2009-03-27 16:23:12 -07:00
sync.c Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-quota-2.6 2009-03-27 14:48:34 -07:00
timerfd.c timerfd: add flags check 2009-02-18 15:37:53 -08:00
utimes.c
xattr_acl.c
xattr.c