[PATCH] stable: restart busy extent search after node removal
Alex Elder
aelder at sgi.com
Wed Jul 13 08:50:01 CDT 2011
On Tue, 2011-07-12 at 17:03 -0500, Eric Sandeen wrote:
> Sending this for review prior to stable submission...
>
> A user on #xfs reported that a log replay was oopsing in
> __rb_rotate_left() with a null pointer deref.
>
> I traced this down to the fact that in xfs_alloc_busy_insert(),
> we erased a node with rb_erase() when the new node overlapped,
> but left it specified as the parent node for the new insertion.
>
> So when we try to insert a new node with an erased node as
> its parent, obviously things go very wrong.
>
> Upstream,
> 97d3ac75e5e0ebf7ca38ae74cebd201c09b97ab2 xfs: exact busy extent tracking
> actually fixed this, but as part of a much larger change. Here's
> the relevant bit:
>
> * We also need to restart the busy extent search from the
> * tree root, because erasing the node can rearrange the
> * tree topology.
> */
> rb_erase(&busyp->rb_node, &pag->pagb_tree);
> busyp->length = 0;
> return false;
>
> We can do essentially the same thing to older codebases by restarting
> the search after the erase.
>
> This should apply to .35 through .39, and was tested on .39
> with the oopsing replay reproducer.
>
> Signed-off-by: Eric Sandeen <sandeen at redhat.com>
Looks good.
Reviewed-by: Alex Elder <aelder at sgi.com>
More information about the xfs
mailing list