From: Benjamin Marzinski <bmarzins@redhat.com> Date: Tue, 30 Jun 2009 14:29:58 -0500 Subject: [gfs2] fix panic in glock memory shrinker Message-id: 20090630192958.GQ3172@ether.msp.redhat.com O-Subject: [RHEL-5.4 PATCH] BZ#508806 gfs2: Fix panic in glock memory shrinker Bugzilla: 508806 RH-Acked-by: Steven Whitehouse <swhiteho@redhat.com> It is possible for gfs2_shrink_glock_memory() to check a glock for demotion that's in the process of being freed by gfs2_glock_put(). As long as gfs2_shrink_glock_memory() holds the lru_lock, the glock won't be freed out from under it, however gfs2_shrink_glock_memory() grabs a refrence to the glock when it checks to see if it's demoteable. Then tries to free the glock itself when it drops the refernce. To solve this, gfs2_shrink_glock_memory() just needs to check if the glock is in the process of being freed, and if so, skip it without ever unlocking the lru_lock or grabbing a reference. This patch has been submitted upstream as well. Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com> diff --git a/fs/gfs2/glock.c b/fs/gfs2/glock.c index cbeb0c1..03409a2 100644 --- a/fs/gfs2/glock.c +++ b/fs/gfs2/glock.c @@ -1434,6 +1434,10 @@ static int gfs2_shrink_glock_memory(int nr, gfp_t gfp_mask) list_del_init(&gl->gl_lru); atomic_dec(&lru_count); + /* Check if glock is about to be freed */ + if (atomic_read(&gl->gl_ref) == 0) + continue; + /* Test for being demotable */ if (!test_and_set_bit(GLF_LOCK, &gl->gl_flags)) { gfs2_glock_hold(gl);