Fix race yaffs_flush_inodes against iput

[yaffs2.git] / yaffs_vfs_single.c

diff --git a/yaffs_vfs_single.c b/yaffs_vfs_single.c
index 0ac24bce467e393d554154764969de224df04b95..1abbfd859a4217767a90d6af13d9a9862a091e19 100644 (file)
--- a/yaffs_vfs_single.c
+++ b/yaffs_vfs_single.c
@@ -1489,15 +1489,34 @@ static void yaffs_flush_inodes(struct super_block *sb)
 {
        struct inode *iptr;
        struct yaffs_obj *obj;
 {
        struct inode *iptr;
        struct yaffs_obj *obj;

+       struct yaffs_dev *dev = yaffs_super_to_dev(sb);

 
 

+       spin_lock(&sb->s_inode_list_lock);

        list_for_each_entry(iptr, &sb->s_inodes, i_sb_list) {
        list_for_each_entry(iptr, &sb->s_inodes, i_sb_list) {

+               spin_lock(&inode->i_lock);
+               if (iptr->i_state & (I_FREEING|I_WILL_FREE|I_NEW)) {
+                       spin_unlock(&inode->i_lock);
+                       continue;
+               }
+
+               __iget(iptr);
+               spin_unlock(&inode->i_lock);
+               spin_unlock(&sb->s_inode_list_lock);
+

                obj = yaffs_inode_to_obj(iptr);
                if (obj) {
                        yaffs_trace(YAFFS_TRACE_OS,
                                "flushing obj %d", obj->obj_id);
                        yaffs_flush_file(obj, 1, 0, 0);
                }
                obj = yaffs_inode_to_obj(iptr);
                if (obj) {
                        yaffs_trace(YAFFS_TRACE_OS,
                                "flushing obj %d", obj->obj_id);
                        yaffs_flush_file(obj, 1, 0, 0);
                }

+
+               yaffs_gross_unlock(dev);
+               iput(iptr);
+               yaffs_gross_lock(dev);
+
+               spin_lock(&sb->s_inode_list_lock);

        }
        }

+       spin_unlock(&sb->s_inode_list_lock);

 }
 
 static void yaffs_flush_super(struct super_block *sb, int do_checkpoint)
 }
 
 static void yaffs_flush_super(struct super_block *sb, int do_checkpoint)