From 659603ef692d3f6c7c216e80310990253864bf2e Mon Sep 17 00:00:00 2001 From: Andrea Arcangeli Date: Mon, 31 Oct 2005 14:08:54 -0800 Subject: [PATCH] fix __writeback_single_inode WARN_ON When the inode count is zero in inode writeback, the WARN_ON(!(inode->i_state & I_WILL_FREE)); is broken, and needs to test for either I_WILL_FREE|I_FREEING. When the inode is in I_FREEING state, it's already out of the visibility of the vm so it can't be freed so it doesn't require the __iget and the generic_delete_inode path can call the sync internally to the lowlevel fs callback during the last iput. So the inode being in I_FREEING is also a valid condition for calling the sync with i_count == 0. The specific stack trace is this: 0xc00000007b8fb6e0 0xc00000000010118c .__writeback_single_inode +0x5c 0xc00000007b8fb6e0 0xc0000000001014dc (lr) .sync_inode +0x3c 0xc00000007b8fb790 0xc0000000001014dc .sync_inode +0x3c 0xc00000007b8fb820 0xc0000000001a5020 .ext2_sync_inode +0x64 0xc00000007b8fb8f0 0xc0000000001a65b4 .ext2_truncate +0x3f8 0xc00000007b8fba40 0xc0000000001a6940 .ext2_delete_inode +0xdc 0xc00000007b8fbac0 0xc0000000000f7a5c .generic_delete_inode +0x124 0xc00000007b8fbb50 0xc0000000000f5fe0 .iput +0xb8 0xc00000007b8fbbe0 0xc0000000000e9fd4 .sys_unlink +0x2a8 0xc00000007b8fbd10 0xc00000000001048c .ret_from_syscall_1 +0x0 Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- fs/fs-writeback.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'fs') diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c index ffab4783ac6..c27f8d4098b 100644 --- a/fs/fs-writeback.c +++ b/fs/fs-writeback.c @@ -247,7 +247,7 @@ __writeback_single_inode(struct inode *inode, struct writeback_control *wbc) wait_queue_head_t *wqh; if (!atomic_read(&inode->i_count)) - WARN_ON(!(inode->i_state & I_WILL_FREE)); + WARN_ON(!(inode->i_state & (I_WILL_FREE|I_FREEING))); else WARN_ON(inode->i_state & I_WILL_FREE); -- cgit v1.2.3 From 3aebf25bdcf030f3e4afeb9340486d5b46deb46e Mon Sep 17 00:00:00 2001 From: Anton Altaparmakov Date: Tue, 1 Nov 2005 15:49:31 +0000 Subject: NTFS: Fix a stupid bug causing writes to non-initialized pages to segfault. Signed-off-by: Anton Altaparmakov --- fs/ntfs/file.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) (limited to 'fs') diff --git a/fs/ntfs/file.c b/fs/ntfs/file.c index cf3e6ced2d0..72753389181 100644 --- a/fs/ntfs/file.c +++ b/fs/ntfs/file.c @@ -668,10 +668,10 @@ map_buffer_cached: * to, we need to read it in before the write, * i.e. now. */ - if (!buffer_uptodate(bh) && ((bh_pos < pos && - bh_end > pos) || - (bh_end > end && - bh_end > end))) { + if (!buffer_uptodate(bh) && bh_pos < end && + bh_end > pos && + (bh_pos < pos || + bh_end > end)) { /* * If the buffer is fully or partially * within the initialized size, do an @@ -784,10 +784,11 @@ retry_remap: blocksize_bits); cdelta = 0; /* - * If the number of remaining clusters in the - * @pages is smaller or equal to the number of - * cached clusters, unlock the runlist as the - * map cache will be used from now on. + * If the number of remaining clusters touched + * by the write is smaller or equal to the + * number of cached clusters, unlock the + * runlist as the map cache will be used from + * now on. */ if (likely(vcn + vcn_len >= cend)) { if (rl_write_locked) { -- cgit v1.2.3