When igrab() is calling __iget() on an inode it should check if clear_inode()
has been called on the inode already. Otherwise there is a race window between
clear_inode() and destroy_inode() where igrab() calls __iget() which leads to
already free inodes on the inode lists.
Signed-off-by: Vandana Rungta <[email protected]>
Signed-off-by: Jan Blunck <[email protected]>
---
fs/inode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: linux-2.6/fs/inode.c
===================================================================
--- linux-2.6.orig/fs/inode.c
+++ linux-2.6/fs/inode.c
@@ -709,7 +709,7 @@ EXPORT_SYMBOL(iunique);
struct inode *igrab(struct inode *inode)
{
spin_lock(&inode_lock);
- if (!(inode->i_state & (I_FREEING|I_WILL_FREE)))
+ if (!(inode->i_state & (I_FREEING|I_CLEAR|I_WILL_FREE)))
__iget(inode);
else
/*