f2fs: fix a race condition in next_free_nid

The nm_i->fcnt checking is executed before spin_lock, so if another
thread delete the last free_nid from the list, the wrong nid may be
gotten.  So fix the race condition by moving the nm_i->fnct checking
into spin_lock.

Signed-off-by: Huang, Ying <ying.huang@intel.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>

diff --git a/fs/f2fs/node.h b/fs/f2fs/node.h
index b24f588a0fe4dfe88f758b0aa8c00be49e8427dd..324917d757f78327bc7d9ca3548543fd4bc346b7 100644 (file)
--- a/fs/f2fs/node.h
+++ b/fs/f2fs/node.h
@@ -115,9 +115,11 @@ static inline int next_free_nid(struct f2fs_sb_info *sbi, nid_t *nid)
        struct f2fs_nm_info *nm_i = NM_I(sbi);
        struct free_nid *fnid;
 
-       if (nm_i->fcnt <= 0)
-               return -1;
        spin_lock(&nm_i->free_nid_list_lock);
+       if (nm_i->fcnt <= 0) {
+               spin_unlock(&nm_i->free_nid_list_lock);
+               return -1;
+       }
        fnid = list_entry(nm_i->free_nid_list.next, struct free_nid, list);
        *nid = fnid->nid;
        spin_unlock(&nm_i->free_nid_list_lock);