From af09abfece59aa50bfbf16f6f1f85822554e061f Mon Sep 17 00:00:00 2001 From: Chris Mason Date: Fri, 7 Nov 2008 12:35:44 -0500 Subject: Btrfs: make sure compressed bios don't complete too soon When writing a compressed extent, a number of bios are created that point to a single struct compressed_bio. At end_io time an atomic counter in the compressed_bio struct makes sure that all of the bios have finished before final end_io processing is done. But when multiple bios are needed to write a compressed extent, the counter was being incremented after the first bio was sent to submit_bio. It is possible the bio will complete before the counter is incremented, making the end_io handler free the compressed_bio struct before processing is finished. The fix is to increment the atomic counter before bio submission, both for compressed reads and writes. Signed-off-by: Chris Mason --- fs/btrfs/compression.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/fs/btrfs/compression.c b/fs/btrfs/compression.c index 284f21025bc..7397c622fb6 100644 --- a/fs/btrfs/compression.c +++ b/fs/btrfs/compression.c @@ -314,6 +314,13 @@ int btrfs_submit_compressed_write(struct inode *inode, u64 start, PAGE_CACHE_SIZE) { bio_get(bio); + /* + * inc the count before we submit the bio so + * we know the end IO handler won't happen before + * we inc the count. Otherwise, the cb might get + * freed before we're done setting it up + */ + atomic_inc(&cb->pending_bios); ret = btrfs_bio_wq_end_io(root->fs_info, bio, 0); BUG_ON(ret); @@ -323,7 +330,6 @@ int btrfs_submit_compressed_write(struct inode *inode, u64 start, bio_put(bio); bio = compressed_bio_alloc(bdev, first_byte, GFP_NOFS); - atomic_inc(&cb->pending_bios); bio->bi_private = cb; bio->bi_end_io = end_compressed_bio_write; bio_add_page(bio, page, PAGE_CACHE_SIZE, 0); @@ -573,6 +579,14 @@ int btrfs_submit_compressed_read(struct inode *inode, struct bio *bio, ret = btrfs_bio_wq_end_io(root->fs_info, comp_bio, 0); BUG_ON(ret); + /* + * inc the count before we submit the bio so + * we know the end IO handler won't happen before + * we inc the count. Otherwise, the cb might get + * freed before we're done setting it up + */ + atomic_inc(&cb->pending_bios); + ret = btrfs_map_bio(root, READ, comp_bio, 0, 0); BUG_ON(ret); @@ -580,7 +594,6 @@ int btrfs_submit_compressed_read(struct inode *inode, struct bio *bio, comp_bio = compressed_bio_alloc(bdev, cur_disk_byte, GFP_NOFS); - atomic_inc(&cb->pending_bios); comp_bio->bi_private = cb; comp_bio->bi_end_io = end_compressed_bio_read; -- cgit v1.2.3