diff options
author | Huang Ying <ying.huang@intel.com> | 2014-09-12 19:21:11 +0800 |
---|---|---|
committer | Jaegeuk Kim <jaegeuk@kernel.org> | 2014-09-16 04:10:46 -0700 |
commit | c6e489305eb5ed029002b037e36800032a994bb4 (patch) | |
tree | 11e5615fa53e993dd997556e839ba8014a350af1 | |
parent | 7704182387f7eab6217a587420f8a3b3aa2d17d5 (diff) |
f2fs: fix a race condition in next_free_nid
The nm_i->fcnt checking is executed before spin_lock, so if another
thread delete the last free_nid from the list, the wrong nid may be
gotten. So fix the race condition by moving the nm_i->fnct checking
into spin_lock.
Signed-off-by: Huang, Ying <ying.huang@intel.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
-rw-r--r-- | fs/f2fs/node.h | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/fs/f2fs/node.h b/fs/f2fs/node.h index b24f588a0fe4..324917d757f7 100644 --- a/fs/f2fs/node.h +++ b/fs/f2fs/node.h @@ -115,9 +115,11 @@ static inline int next_free_nid(struct f2fs_sb_info *sbi, nid_t *nid) struct f2fs_nm_info *nm_i = NM_I(sbi); struct free_nid *fnid; - if (nm_i->fcnt <= 0) - return -1; spin_lock(&nm_i->free_nid_list_lock); + if (nm_i->fcnt <= 0) { + spin_unlock(&nm_i->free_nid_list_lock); + return -1; + } fnid = list_entry(nm_i->free_nid_list.next, struct free_nid, list); *nid = fnid->nid; spin_unlock(&nm_i->free_nid_list_lock); |