summaryrefslogtreecommitdiffstats
path: root/fs
AgeCommit message (Collapse)Author
2005-07-27Merge head 'for-linus' of ↵Linus Torvalds
master.kernel.org:/pub/scm/linux/kernel/git/shaggy/jfs-2.6
2005-07-27[PATCH] clean up inline static vs static inlineJesper Juhl
`gcc -W' likes to complain if the static keyword is not at the beginning of the declaration. This patch fixes all remaining occurrences of "inline static" up with "static inline" in the entire kernel tree (140 occurrences in 47 files). While making this change I came across a few lines with trailing whitespace that I also fixed up, I have also added or removed a blank line or two here and there, but there are no functional changes in the patch. Signed-off-by: Jesper Juhl <juhl-lkml@dif.dk> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-27[PATCH] turn many #if $undefined_string into #ifdef $undefined_stringOlaf Hering
turn many #if $undefined_string into #ifdef $undefined_string to fix some warnings after -Wno-def was added to global CFLAGS Signed-off-by: Olaf Hering <olh@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-27[PATCH] reiserfs doesn't use mbcacheAndreas Gruenbacher
reiserfs doesn't use the mbcache, so this can go. Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-27[PATCH] mbcache: Remove unused mb_cache_shrink parameterAndreas Gruenbacher
The cache parameter to mb_cache_shrink isn't used. We may as well remove it. Signed-off-by: Andreas Gruenbacher <agruen@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-27[PATCH] stale POSIX lock handlingPeter Staubach
I believe that there is a problem with the handling of POSIX locks, which the attached patch should address. The problem appears to be a race between fcntl(2) and close(2). A multithreaded application could close a file descriptor at the same time as it is trying to acquire a lock using the same file descriptor. I would suggest that that multithreaded application is not providing the proper synchronization for itself, but the OS should still behave correctly. SUS3 (Single UNIX Specification Version 3, read: POSIX) indicates that when a file descriptor is closed, that all POSIX locks on the file, owned by the process which closed the file descriptor, should be released. The trick here is when those locks are released. The current code releases all locks which exist when close is processing, but any locks in progress are handled when the last reference to the open file is released. There are three cases to consider. One is the simple case, a multithreaded (mt) process has a file open and races to close it and acquire a lock on it. In this case, the close will release one reference to the open file and when the fcntl is done, it will release the other reference. For this situation, no locks should exist on the file when both the close and fcntl operations are done. The current system will handle this case because the last reference to the open file is being released. The second case is when the mt process has dup(2)'d the file descriptor. The close will release one reference to the file and the fcntl, when done, will release another, but there will still be at least one more reference to the open file. One could argue that the existence of a lock on the file after the close has completed is okay, because it was acquired after the close operation and there is still a way for the application to release the lock on the file, using an existing file descriptor. The third case is when the mt process has forked, after opening the file and either before or after becoming an mt process. In this case, each process would hold a reference to the open file. For each process, this degenerates to first case above. However, the lock continues to exist until both processes have released their references to the open file. This lock could block other lock requests. The changes to release the lock when the last reference to the open file aren't quite right because they would allow the lock to exist as long as there was a reference to the open file. This is too long. The new proposed solution is to add support in the fcntl code path to detect a race with close and then to release the lock which was just acquired when such as race is detected. This causes locks to be released in a timely fashion and for the system to conform to the POSIX semantic specification. This was tested by instrumenting a kernel to detect the handling locks and then running a program which generates case #3 above. A dangling lock could be reliably generated. When the changes to detect the close/fcntl race were added, a dangling lock could no longer be generated. Cc: Matthew Wilcox <willy@debian.org> Cc: Trond Myklebust <trond.myklebust@fys.uio.no> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-27[PATCH] fix xip sparse file handling in ext2Carsten Otte
Oliver Paukstadt from our test department is testing the xip patches in Linus' git-tree. He found a problem that shows when reading a file that contains sparse blocks (holes) on a -o xip mounted ext2 filesystem: the BUG_ON() in fs/ext2/xip.c:40 triggers where it should not. The problem was introduced by a cleanup in my previous patch, this patch fixes it. Signed-off-by: Carsten Otte <cotte@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-27[PATCH] autofs4: fix infamous "Busy inodes after umount ..." messageIan Kent
If the automount daemon receives a signal which causes it to sumarily terminate the autofs4 module leaks dentries. The same problem exists with detached mount requests without the warning. This patch cleans these dentries at umount. Signed-off-by: Ian Kent <raven@themaw.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-27[PATCH] ext3: drop quota references before releasing inodeJan Kara
We must drop references to quota structures before releasing the inode. Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-27[PATCH] ext2: drop quota reference before releasing inodeJan Kara
We must drop references to quota structures before releasing the inode. Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-27[PATCH] reiserfs: fix deadlock in inode creation failure path w/ default ACLJeff Mahoney
reiserfs_new_inode() can call iput() with the xattr lock held. This will cause a deadlock to occur when reiserfs_delete_xattrs() is called to clean up. The following patch releases the lock and reacquires it after the iput. This is safe because interaction with xattrs is complete, and the relock is just to balance out the release in the caller. The locking needs some reworking to be more sane, but that's more intrusive and I was just looking to fix this bug. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-27[PATCH] Fix missing refrigerator invocation in jffs2Nigel Cunningham
Here's a patch to fix a missing refrigerator call in jffs2. Signed-off-by: Nigel Cunningham <nigel@suspend2.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-26[PATCH] inotify: fix oops fixAndrew Morton
Cc: Robert Love <rml@novell.com> Cc: John McCutchan <ttb@tentacle.dhs.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-26[PATCH] inotify: check retval in initRobert Love
Check for (unlikely) errors in the filesystem initialization stuff in our module_init() function. Signed-off-by: Robert Love <rml@novell.com> Signed-off-by: John McCutchan <ttb@tentacle.dhs.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-26[PATCH] inotify: change default limitsRobert Love
Change default inotify limits: Maximum instances per user to 128 and maximum events per queue to 16k. The max instances used to be 128; the change to 8 was a mistake. Memory consumption is fine. Signed-off-by: Robert Love <rml@novell.com> Signed-off-by: John McCutchan <ttb@tentacle.dhs.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-26[PATCH] inotify: exit path cleanupsRobert Love
Handle error out paths better. Signed-off-by: Robert Love <rml@novell.com> Signed-off-by: John McCutchan <ttb@tentacle.dhs.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-26[PATCH] inotify: oops fixRobert Love
Bug fix: Ensure that the fd passed to inotify_add_watch() and inotify_rm_watch() belongs to inotify. Signed-off-by: Robert Love <rml@novell.com> Signed-off-by: John McCutchan <ttb@tentacle.dhs.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-26[PATCH] inotify: use fget_lightRobert Love
As an optimization, use fget_light() and fput_light() where possible. Signed-off-by: Robert Love <rml@novell.com> Signed-off-by: John McCutchan <ttb@tentacle.dhs.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-26[PATCH] inotify: misc. cleanupRobert Love
Miscellaneous invariant clean up, comment fixes, and so on. Trivial stuff. Signed-off-by: Robert Love <rml@novell.com> Signed-off-by: John McCutchan <ttb@tentacle.dhs.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-26JFS: Fix i_blocks accounting when allocation failsDave Kleikamp
A failure in dbAlloc caused a directory's i_blocks to be incorrectly incremented, causing jfs_fsck to find the inode to be corrupt. Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
2005-07-25JFS: Don't set log_SYNCBARRIER when log->active == 0Dave Kleikamp
If a metadata page is kept active, it is possible that the sync barrier logic continues to trigger, even if all active transactions have been phyically written to the journal. This can cause a hang, since the completion of the journal I/O is what unsets the sync barrier flag to allow new transactions to be created. Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
2005-07-22JFS: Fix typo in last patchDave Kleikamp
Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
2005-07-19Merge with /home/shaggy/git/linus-clean/Dave Kleikamp
Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
2005-07-16Merge master.kernel.org:/pub/scm/linux/kernel/git/aia21/ntfs-2.6Linus Torvalds
2005-07-16Merge with rsync://fileserver/linuxThomas Gleixner
2005-07-15[PATCH] execute-in-place fixesCarsten Otte
This patch includes feedback from Andrew and Christoph. Thanks for taking time to review. Use of empty_zero_page was eliminated to fix compilation for architectures that don't have it. This patch removes setting pages up-to-date in ext2_get_xip_page and all bug checks to verify that the page is indeed up to date. Setting the page state on mapping to userland is bogus. None of the code patchs involved with these pages in mm cares about the page state. still on my ToDo list: identify a place outside second extended where __inode_direct_access should reside Signed-off-by: Carsten Otte <cotte@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-15JFS: fsync wrong behavior when I/O failure occursQu Fuping
This is half of a patch that Qu Fuping submitted in April. The first part was applied to fs/mpage.c in 2.6.12-rc4. jfs_fsync should return error, but it doesn't wait for the metadata page to be uptodate, e.g.: jfs_fsync->jfs_commit_inode->txCommit->diWrite->read_metapage-> __get_metapage->read_cache_page reads a page from disk. Because read is async, when read_cache_page: err = filler(data, page), filler will not return error, it just submits I/O request and returns. So, page is not uptodate. Checking only if(IS_ERROR(mp->page)) is not enough, we should add "|| !PageUptodate(mp->page)" Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
2005-07-15JFS: Remove assert statement in dbJoin & return -EIO insteadDave Kleikamp
Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
2005-07-15[JFFS2] Fix node allocation leakThomas Gleixner
In the rare case of failing to write the cleanmarker the allocated node was not freed. Pointed out by Forrest Zhao Initial cleanup by Joern Engel Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2005-07-14JFS: Remove bogus WARN_ON statement and some dead codeDave Kleikamp
Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
2005-07-14[PATCH] uml: hostfs: unuse ROOT_DEVPaolo 'Blaisorblade' Giarrusso
Minimal patch removing uses of ROOT_DEV; next patch unexports it. I've opposed this, but I've planned to reintroduce the functionality without using ROOT_DEV. Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Christoph Hellwig <hch@infradead.org> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-14[PATCH] uml: fix hppfs error pathPaolo 'Blaisorblade' Giarrusso
Fix the error message to refer to the error code, i.e. err, not count, plus add some cosmetical fixes. Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-13Automatic merge with /usr/src/ntfs-2.6.git.Anton Altaparmakov
2005-07-13Merge master.kernel.org:/pub/scm/linux/kernel/git/tglx/mtd-2.6Linus Torvalds
2005-07-13[PATCH] NFS: procfs/sysctl interfaces for lockd do not work on x86_64Steve Dickson
Allow the setting of NLM timeouts and grace periods through the proc and sysclt interfaces on x86_64 architectures Signed-off-by: Steve Dickson <steved@redhat.com> Acked-by: Trond Myklebust <trond.myklebust@fys.uio.no> Cc: Neil Brown <neilb@cse.unsw.edu.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-13[PATCH] Fix soft lockup due to NTFS: VFS part and explanationAnton Altaparmakov
Something has changed in the core kernel such that we now get concurrent inode write outs, one e.g via pdflush and one via sys_sync or whatever. This causes a nasty deadlock in ntfs. The only clean solution unfortunately requires a minor vfs api extension. First the deadlock analysis: Prerequisive knowledge: NTFS has a file $MFT (inode 0) loaded at mount time. The NTFS driver uses the page cache for storing the file contents as usual. More interestingly this file contains the table of on-disk inodes as a sequence of MFT_RECORDs. Thus NTFS driver accesses the on-disk inodes by accessing the MFT_RECORDs in the page cache pages of the loaded inode $MFT. The situation: VFS inode X on a mounted ntfs volume is dirty. For same inode X, the ntfs_inode is dirty and thus corresponding on-disk inode, which is as explained above in a dirty PAGE_CACHE_PAGE belonging to the table of inodes ($MFT, inode 0). What happens: Process 1: sys_sync()/umount()/whatever... calls __sync_single_inode() for $MFT -> do_writepages() -> write_page for the dirty page containing the on-disk inode X, the page is now locked -> ntfs_write_mst_block() which clears PageUptodate() on the page to prevent anyone else getting hold of it whilst it does the write out (this is necessary as the on-disk inode needs "fixups" applied before the write to disk which are removed again after the write and PageUptodate is then set again). It then analyses the page looking for dirty on-disk inodes and when it finds one it calls ntfs_may_write_mft_record() to see if it is safe to write this on-disk inode. This then calls ilookup5() to check if the corresponding VFS inode is in icache(). This in turn calls ifind() which waits on the inode lock via wait_on_inode whilst holding the global inode_lock. Process 2: pdflush results in a call to __sync_single_inode for the same VFS inode X on the ntfs volume. This locks the inode (I_LOCK) then calls write-inode -> ntfs_write_inode -> map_mft_record() -> read_cache_page() of the page (in page cache of table of inodes $MFT, inode 0) containing the on-disk inode. This page has PageUptodate() clear because of Process 1 (see above) so read_cache_page() blocks when tries to take the page lock for the page so it can call ntfs_read_page(). Thus Process 1 is holding the page lock on the page containing the on-disk inode X and it is waiting on the inode X to be unlocked in ifind() so it can write the page out and then unlock the page. And Process 2 is holding the inode lock on inode X and is waiting for the page to be unlocked so it can call ntfs_readpage() or discover that Process 1 set PageUptodate() again and use the page. Thus we have a deadlock due to ifind() waiting on the inode lock. The only sensible solution: NTFS does not care whether the VFS inode is locked or not when it calls ilookup5() (it doesn't use the VFS inode at all, it just uses it to find the corresponding ntfs_inode which is of course attached to the VFS inode (both are one single struct); and it uses the ntfs_inode which is subject to its own locking so I_LOCK is irrelevant) hence we want a modified ilookup5_nowait() which is the same as ilookup5() but it does not wait on the inode lock. Without such functionality I would have to keep my own ntfs_inode cache in the NTFS driver just so I can find ntfs_inodes independent of their VFS inodes which would be slow, memory and cpu cycle wasting, and incredibly stupid given the icache already exists in the VFS. Below is a patch that does the ilookup5_nowait() implementation in fs/inode.c and exports it. ilookup5_nowait.diff: Introduce ilookup5_nowait() which is basically the same as ilookup5() but it does not wait on the inode's lock (i.e. it omits the wait_on_inode() done in ifind()). This is needed to avoid a nasty deadlock in NTFS. Signed-off-by: Anton Altaparmakov <aia21@cantab.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-13[PATCH] inotify: misc cleanupRobert Love
Really simple, basic cleanup. Signed-off-by: Robert Love <rml@novell.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-13[PATCH] inotify: move sysctlRobert Love
This moves the inotify sysctl knobs to "/proc/sys/fs/inotify" from "/proc/sys/fs". Also some related cleanup. Signed-off-by: Robert Love <rml@novell.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-13JFS: Need to be root to create files with security contextIan Dall
It turns out this is due to some inverted logic in xattr.c Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
2005-07-13JFS: Allow security.* xattrs to be set on symlinksDave Kleikamp
All of the different xattr namespaces have different rules. user.* and ACL's are not allowed on symlinks, and since these were the first xattrs implemented, I assumed there was no need to support xattrs on symlinks. This one-line patch should fix it. Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
2005-07-13Merge with /home/shaggy/git/linus-clean/Dave Kleikamp
Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
2005-07-13Merge with rsync://fileserver/linuxThomas Gleixner
2005-07-12[PATCH] inotifyRobert Love
inotify is intended to correct the deficiencies of dnotify, particularly its inability to scale and its terrible user interface: * dnotify requires the opening of one fd per each directory that you intend to watch. This quickly results in too many open files and pins removable media, preventing unmount. * dnotify is directory-based. You only learn about changes to directories. Sure, a change to a file in a directory affects the directory, but you are then forced to keep a cache of stat structures. * dnotify's interface to user-space is awful. Signals? inotify provides a more usable, simple, powerful solution to file change notification: * inotify's interface is a system call that returns a fd, not SIGIO. You get a single fd, which is select()-able. * inotify has an event that says "the filesystem that the item you were watching is on was unmounted." * inotify can watch directories or files. Inotify is currently used by Beagle (a desktop search infrastructure), Gamin (a FAM replacement), and other projects. See Documentation/filesystems/inotify.txt. Signed-off-by: Robert Love <rml@novell.com> Cc: John McCutchan <ttb@tentacle.dhs.org> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-12reiserfs: run scripts/Lindent on reiserfs codeLinus Torvalds
This was a pure indentation change, using: scripts/Lindent fs/reiserfs/*.c include/linux/reiserfs_*.h to make reiserfs match the regular Linux indentation style. As Jeff Mahoney <jeffm@suse.com> writes: The ReiserFS code is a mix of a number of different coding styles, sometimes different even from line-to-line. Since the code has been relatively stable for quite some time and there are few outstanding patches to be applied, it is time to reformat the code to conform to the Linux style standard outlined in Documentation/CodingStyle. This patch contains the result of running scripts/Lindent against fs/reiserfs/*.c and include/linux/reiserfs_*.h. There are places where the code can be made to look better, but I'd rather keep those patches separate so that there isn't a subtle by-hand hand accident in the middle of a huge patch. To be clear: This patch is reformatting *only*. A number of patches may follow that continue to make the code more consistent with the Linux coding style. Hans wasn't particularly enthusiastic about these patches, but said he wouldn't really oppose them either. Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-12[PATCH] reiserfs: fix up case where indent misreads the codeJeff Mahoney
indent(1) doesn't know how to handle the "do not compile" error. It results in the item_ops array declaration being indented a tab stop in when it should not be. This patch replaces it with a #error that describes why it's failing. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-12[PATCH] cdev: cdev_put oopsBrian King
While fixing an oops in the st driver in a dirty release path, I encountered an oops in cdev_put for cdevs allocated using cdev_alloc. If cdev_del is called when the cdev kobject still has an open user, when the last cdev_put is called, the cdev_put will call kobject_put, which will end up ultimately releasing the cdev in cdev_dynamic_release. Patch fixes the oops by preventing cdev_put from accessing freed memory. Signed-off-by: Brian King <brking@us.ibm.com> Cc: <viro@parcelfarce.linux.theplanet.co.uk> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-12[PATCH] ext2: fix mount options partingJan Kara
Restore old set of ext2 mount options when remounting of a filesystem fails. Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-12[PATCH] ext3: fix options parsingJan Kara
Fix a problem with ext3 mount option parsing. When remount of a filesystem fails, old options are now restored. Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-12[PATCH] reset real_timer target on exec leader changeRoland McGrath
When a noninitial thread does exec, it becomes the new group leader. If there is a ITIMER_REAL timer running, it points at the old group leader and when it fires it can follow a stale pointer. The timer data needs to be reset to point at the exec'ing thread that is becoming the group leader. This has to synchronize with any concurrent firing of the timer to make sure that it_real_fn can never run when the data points to a thread that might have been reaped already. Signed-off-by: Roland McGrath <roland@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-12[PATCH] bugfix: two read_inode() calls without clear_inode() call betweenArtem B. Bityuckiy
Bug symptoms ~~~~~~~~~~~~ For the same inode VFS calls read_inode() twice and doesn't call clear_inode() between the two read_inode() invocations. Bug description ~~~~~~~~~~~~~~~ Suppose we have an inode which has zero reference count but is still in the inode cache. Suppose kswapd invokes shrink_icache_memory() to free some RAM. In prune_icache() inodes are removed from i_hash. prune_icache () is then going to call clear_inode(), but drops the inode_lock spinlock before this. If in this moment another task calls iget() for an inode which was just removed from i_hash by prune_icache(), then iget() invokes read_inode() for this inode, because it is *already removed* from i_hash. The end result is: we call iget(#N) then iput(#N); inode #N has zero i_count now and is in the inode cache; kswapd starts. kswapd removes the inode #N from i_hash ans is preempted; we call iget(#N) again; read_inode() is invoked as the result; but we expect clear_inode() before. Fix ~~~~~~~ To fix the bug I remove inodes from i_hash later, when clear_inode() is actually called. I remove them from i_hash under spinlock protection. Since the i_state is set to I_FREEING, it is safe to do this. The others will sleep waiting for the inode state change. I also postpone removing inodes from i_sb_list. It is not compulsory to do so but I do it for readability reasons. Inodes are added/removed to the lists together everywhere in the code and there is no point to change this rule. This is harmless because the only user of i_sb_list which somehow may interfere with me (invalidate_list()) is excluded by the iprune_sem mutex. The same race is possible in invalidate_list() so I do the same for it. Acked-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>