Hi,
There is possible dead loop in finish_unfinished function.
In most situation, the call chain iput -> ... ->
reiserfs_delete_inode -> remove_save_link will success. But for
some reason such as data corruption, reiserfs_delete_inode fails
on reiserfs_do_truncate -> search_for_position_by_key. Then
remove_save_link doesn't be called. We always get the same
"save_link_key" in the while loop in finish_unfinished function.
The following patch adds a check for the possible dead loop and
just remove save link when deap loop. (against 2.6.22.6)
Signed-off-by: Lepton Wu <[email protected]>
diff -X linux-2.6.22.6/Documentation/dontdiff -pru linux-2.6.22.6/fs/reiserfs/super.c linux-2.6.22.6-lepton/fs/reiserfs/super.c
--- linux-2.6.22.6/fs/reiserfs/super.c 2007-09-14 17:41:15.000000000 +0800
+++ linux-2.6.22.6-lepton/fs/reiserfs/super.c 2007-09-16 19:06:39.000000000 +0800
@@ -144,7 +144,7 @@ static int finish_unfinished(struct supe
{
INITIALIZE_PATH(path);
struct cpu_key max_cpu_key, obj_key;
- struct reiserfs_key save_link_key;
+ struct reiserfs_key save_link_key, last_inode_key;
int retval = 0;
struct item_head *ih;
struct buffer_head *bh;
@@ -165,6 +165,8 @@ static int finish_unfinished(struct supe
set_cpu_key_k_offset(&max_cpu_key, ~0U);
max_cpu_key.key_length = 3;
+ memset(&last_inode_key, 0, sizeof(last_inode_key));
+
#ifdef CONFIG_QUOTA
/* Needed for iput() to work correctly and not trash data */
if (s->s_flags & MS_ACTIVE) {
@@ -277,8 +279,16 @@ static int finish_unfinished(struct supe
REISERFS_I(inode)->i_flags |= i_link_saved_unlink_mask;
/* not completed unlink (rmdir) found */
reiserfs_info(s, "Removing %k..", INODE_PKEY(inode));
- /* removal gets completed in iput */
- retval = 0;
+ if(memcmp(&last_inode_key, INODE_PKEY(inode),
+ sizeof(last_inode_key))){
+ last_inode_key = *INODE_PKEY(inode);
+ /* removal gets completed in iput */
+ retval = 0;
+ } else {
+ reiserfs_warning(s, "Dead loop in finish_unfinished detected, just remove save link\n");
+ retval = remove_save_link_only(s,
+ &save_link_key, 0);
+ }
}
iput(inode);