The reference count of inode is incremented by ihold. It should be
dropped if not used. However, the reference count is not dropped if
error occurs during updating the inode or deleting orphan items. This
patch fixes the bug.
Signed-off-by: Pan Bian <[email protected]>
---
fs/btrfs/inode.c | 45 ++++++++++++++++++++++-----------------------
1 file changed, 22 insertions(+), 23 deletions(-)
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 82fdda8..400c914 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -6580,6 +6580,7 @@ static int btrfs_link(struct dentry *old_dentry, struct inode *dir,
u64 index;
int err;
int drop_inode = 0;
+ int ret;
/* do not allow sys_link's with other subvols of the same device */
if (root->root_key.objectid != BTRFS_I(inode)->root->root_key.objectid)
@@ -6616,32 +6617,30 @@ static int btrfs_link(struct dentry *old_dentry, struct inode *dir,
err = btrfs_add_nondir(trans, BTRFS_I(dir), dentry, BTRFS_I(inode),
1, index);
- if (err) {
- drop_inode = 1;
- } else {
- struct dentry *parent = dentry->d_parent;
- int ret;
+ drop_inode = 1;
+ if (err)
+ goto fail;
- err = btrfs_update_inode(trans, root, inode);
+ err = btrfs_update_inode(trans, root, inode);
+ if (err)
+ goto fail;
+ if (inode->i_nlink == 1) {
+ /*
+ * If new hard link count is 1, it's a file created
+ * with open(2) O_TMPFILE flag.
+ */
+ err = btrfs_orphan_del(trans, BTRFS_I(inode));
if (err)
goto fail;
- if (inode->i_nlink == 1) {
- /*
- * If new hard link count is 1, it's a file created
- * with open(2) O_TMPFILE flag.
- */
- err = btrfs_orphan_del(trans, BTRFS_I(inode));
- if (err)
- goto fail;
- }
- BTRFS_I(inode)->last_link_trans = trans->transid;
- d_instantiate(dentry, inode);
- ret = btrfs_log_new_name(trans, BTRFS_I(inode), NULL, parent,
- true, NULL);
- if (ret == BTRFS_NEED_TRANS_COMMIT) {
- err = btrfs_commit_transaction(trans);
- trans = NULL;
- }
+ }
+ BTRFS_I(inode)->last_link_trans = trans->transid;
+ d_instantiate(dentry, inode);
+ drop_inode = 0;
+ ret = btrfs_log_new_name(trans, BTRFS_I(inode), NULL, dentry->d_parent,
+ true, NULL);
+ if (ret == BTRFS_NEED_TRANS_COMMIT) {
+ err = btrfs_commit_transaction(trans);
+ trans = NULL;
}
fail:
--
2.7.4
On 17.04.19 г. 5:23 ч., Pan Bian wrote:
> The reference count of inode is incremented by ihold. It should be
> dropped if not used. However, the reference count is not dropped if
> error occurs during updating the inode or deleting orphan items. This
> patch fixes the bug.
>
> Signed-off-by: Pan Bian <[email protected]>
The extra reference count taken is needed for the call to d_instantiate,
while this operation is in progress the inode is actually locked. This
means it will be a lot clearer if ihold is done right before
d_instantiate and they are moved at the end of the function where we are
sure no errors have appened. Something like the attached diff