fs: assign sb->s_bdi to default_backing_dev_info if the bdi is going away

We don't have proper reference counting for this yet, so we run into cases where the device is pulled and we OOPS on flushing the fs data. This happens even though the dirty inodes have already been migrated to the default_backing_dev_info. Reported-by: Torsten Hilbrich <torsten.hilbrich@secunet.com> Tested-by: Torsten Hilbrich <torsten.hilbrich@secunet.com> Cc: stable@kernel.org Signed-off-by: Jens Axboe <jaxboe@fusionio.com>

fs: assign sb->s_bdi to default_backing_dev_info if the bdi is going away
We don't have proper reference counting for this yet, so we run into cases where the device is pulled and we OOPS on flushing the fs data. This happens even though the dirty inodes have already been migrated to the default_backing_dev_info. Reported-by: Torsten Hilbrich <torsten.hilbrich@secunet.com> Tested-by: Torsten Hilbrich <torsten.hilbrich@secunet.com> Cc: stable@kernel.org Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Jens Axboe
1 parent a91a2785b2
Showing 3 changed files with 5 additions and 3 deletions Side-by-side Diff
fs/super.c
fs/sync.c
mm/backing-dev.c
@@ -71,6 +71,7 @@
 #else
 		INIT_LIST_HEAD(&s->s_files);
 #endif
+		s->s_bdi = &default_backing_dev_info;
 		INIT_LIST_HEAD(&s->s_instances);
 		INIT_HLIST_BL_HEAD(&s->s_anon);
 		INIT_LIST_HEAD(&s->s_inodes);
@@ -1003,6 +1004,7 @@
 	}
 	BUG_ON(!mnt->mnt_sb);
 	WARN_ON(!mnt->mnt_sb->s_bdi);
+	WARN_ON(mnt->mnt_sb->s_bdi == &default_backing_dev_info);
 	mnt->mnt_sb->s_flags |= MS_BORN;
  
 	error = security_sb_kern_mount(mnt->mnt_sb, flags, secdata);
@@ -33,7 +33,7 @@
 	 * This should be safe, as we require bdi backing to actually
 	 * write out data in the first place
 	 */
-	if (!sb->s_bdi || sb->s_bdi == &noop_backing_dev_info)
+	if (sb->s_bdi == &noop_backing_dev_info)
 		return 0;
  
 	if (sb->s_qcop && sb->s_qcop->quota_sync)
@@ -79,7 +79,7 @@
  
 static void sync_one_sb(struct super_block *sb, void *arg)
 {
-	if (!(sb->s_flags & MS_RDONLY) && sb->s_bdi)
+	if (!(sb->s_flags & MS_RDONLY))
 		__sync_filesystem(sb, *(int *)arg);
 }
 /*
@@ -598,7 +598,7 @@
 	spin_lock(&sb_lock);
 	list_for_each_entry(sb, &super_blocks, s_list) {
 		if (sb->s_bdi == bdi)
-			sb->s_bdi = NULL;
+			sb->s_bdi = &default_backing_dev_info;
 	}
 	spin_unlock(&sb_lock);
 }
...	...	@@ -71,6 +71,7 @@
71	71	#else
72	72	INIT_LIST_HEAD(&s->s_files);
73	73	#endif
	74	+ s->s_bdi = &default_backing_dev_info;
74	75	INIT_LIST_HEAD(&s->s_instances);
75	76	INIT_HLIST_BL_HEAD(&s->s_anon);
76	77	INIT_LIST_HEAD(&s->s_inodes);
...	...	@@ -1003,6 +1004,7 @@
1003	1004	}
1004	1005	BUG_ON(!mnt->mnt_sb);
1005	1006	WARN_ON(!mnt->mnt_sb->s_bdi);
	1007	+ WARN_ON(mnt->mnt_sb->s_bdi == &default_backing_dev_info);
1006	1008	mnt->mnt_sb->s_flags \|= MS_BORN;
1007	1009
1008	1010	error = security_sb_kern_mount(mnt->mnt_sb, flags, secdata);
...	...	@@ -33,7 +33,7 @@
33	33	* This should be safe, as we require bdi backing to actually
34	34	* write out data in the first place
35	35	*/
36		- if (!sb->s_bdi \|\| sb->s_bdi == &noop_backing_dev_info)
	36	+ if (sb->s_bdi == &noop_backing_dev_info)
37	37	return 0;
38	38
39	39	if (sb->s_qcop && sb->s_qcop->quota_sync)
...	...	@@ -79,7 +79,7 @@
79	79
80	80	static void sync_one_sb(struct super_block sb, void arg)
81	81	{
82		- if (!(sb->s_flags & MS_RDONLY) && sb->s_bdi)
	82	+ if (!(sb->s_flags & MS_RDONLY))
83	83	__sync_filesystem(sb, (int )arg);
84	84	}
85	85	/*
...	...	@@ -598,7 +598,7 @@
598	598	spin_lock(&sb_lock);
599	599	list_for_each_entry(sb, &super_blocks, s_list) {
600	600	if (sb->s_bdi == bdi)
601		- sb->s_bdi = NULL;
	601	+ sb->s_bdi = &default_backing_dev_info;
602	602	}
603	603	spin_unlock(&sb_lock);
604	604	}