Forum | Documentation | Website | Blog

Skip to content
Snippets Groups Projects
Unverified Commit 5bc9ad78 authored by Mateusz Guzik's avatar Mateusz Guzik Committed by Christian Brauner
Browse files

vfs: handle __wait_on_freeing_inode() and evict() race 

Lockless hash lookup can find and lock the inode after it gets the
I_FREEING flag set, at which point it blocks waiting for teardown in
evict() to finish.

However, the flag is still set even after evict() wakes up all waiters.

This results in a race where if the inode lock is taken late enough, it
can happen after both hash removal and wakeups, meaning there is nobody
to wake the racing thread up.

This worked prior to RCU-based lookup because the entire ordeal was
synchronized with the inode hash lock.

Since unhashing requires the inode lock, we can safely check whether it
happened after acquiring it.

Link: https://lore.kernel.org/v9fs/20240717102458.649b60be@kernel.org/


Reported-by: default avatarDominique Martinet <asmadeus@codewreck.org>
Fixes: 7180f8d9

 ("vfs: add rcu-based find_inode variants for iget ops")
Signed-off-by: default avatarMateusz Guzik <mjguzik@gmail.com>
Link: https://lore.kernel.org/r/20240718151838.611807-1-mjguzik@gmail.com


Reviewed-by: default avatarJan Kara <jack@suse.cz>
Signed-off-by: default avatarChristian Brauner <brauner@kernel.org>
parent fcad9336
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 20 additions and 0 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Open hardware computers for makers, educators and professionals