From c6e489305eb5ed029002b037e36800032a994bb4 Mon Sep 17 00:00:00 2001 From: Huang Ying Date: Fri, 12 Sep 2014 19:21:11 +0800 Subject: [PATCH] f2fs: fix a race condition in next_free_nid The nm_i->fcnt checking is executed before spin_lock, so if another thread delete the last free_nid from the list, the wrong nid may be gotten. So fix the race condition by moving the nm_i->fnct checking into spin_lock. Signed-off-by: Huang, Ying Signed-off-by: Jaegeuk Kim --- fs/f2fs/node.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/fs/f2fs/node.h b/fs/f2fs/node.h index b24f588a0fe4..324917d757f7 100644 --- a/fs/f2fs/node.h +++ b/fs/f2fs/node.h @@ -115,9 +115,11 @@ static inline int next_free_nid(struct f2fs_sb_info *sbi, nid_t *nid) struct f2fs_nm_info *nm_i = NM_I(sbi); struct free_nid *fnid; - if (nm_i->fcnt <= 0) - return -1; spin_lock(&nm_i->free_nid_list_lock); + if (nm_i->fcnt <= 0) { + spin_unlock(&nm_i->free_nid_list_lock); + return -1; + } fnid = list_entry(nm_i->free_nid_list.next, struct free_nid, list); *nid = fnid->nid; spin_unlock(&nm_i->free_nid_list_lock);