From 6f8fa3192eed6e37cb8a6bc49eb702e49918dd51 Mon Sep 17 00:00:00 2001
From: NeilBrown <neilb@suse.de>
Date: Wed, 28 Jul 2010 21:21:09 +1000
Subject: [PATCH] cleaner: don't iput while still holding a ref to a block.

As the block->inode ref isn't counted, this isn't really safe.
The inode could disappear and the block might not get killed
when the address-space is truncated.

Signed-off-by: NeilBrown <neilb@suse.de>
---
 clean.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/clean.c b/clean.c
index 9098748..fefe18e 100644
--- a/clean.c
+++ b/clean.c
@@ -465,9 +465,9 @@ static int try_clean(struct fs *fs, struct toclean *tc)
 			    (LAFSI(ino)->type >= TypeBase &&
 			     ((loff_t)bnum << ino->i_blkbits)
 			     >= i_size_read(ino))) {
-				iput(ino);
 				list_del_init(&b->cleaning);
 				putdref(b, MKREF(cleaning));
+				iput(ino);
 			}
 			putdref(b, MKREF(cleaning));
 		}
@@ -491,8 +491,9 @@ static int try_clean(struct fs *fs, struct toclean *tc)
 		if (err) {
 			/* Eeek, what do I do?? */
 			list_del_init(&b->cleaning);
-			iput(b->b.inode);
+			ino = b->b.inode;
 			putdref(b, MKREF(cleaning));
+			iput(ino);
 			continue;
 		}
 		cb = first_in_seg(&b->b, fs, tc->dev, tc->seg, MKREF(clean2));
@@ -501,16 +502,18 @@ static int try_clean(struct fs *fs, struct toclean *tc)
 			/* Moved, don't want this. */
 			dprintk("Not in seg\n");
 			list_del_init(&b->cleaning);
-			iput(b->b.inode);
+			ino = b->b.inode;
 			putdref(b, MKREF(cleaning));
+			iput(ino);
 			continue;
 		}
 		err = lafs_load_block(cb, NULL);
 		if (err) {
 			list_del_init(&b->cleaning);
-			iput(b->b.inode);
+			ino = b->b.inode;
 			putdref(b, MKREF(cleaning));
 			putref(cb, MKREF(clean2));
+			iput(ino);
 			continue;
 		}
 		err = lafs_wait_block_async(cb);
@@ -521,9 +524,10 @@ static int try_clean(struct fs *fs, struct toclean *tc)
 
 		if (err) {
 			list_del_init(&b->cleaning);
-			iput(b->b.inode);
+			ino = b->b.inode;
 			putref(cb, MKREF(clean2));
 			putdref(b, MKREF(cleaning));
+			iput(ino);
 			continue;
 		}
 
@@ -536,9 +540,10 @@ static int try_clean(struct fs *fs, struct toclean *tc)
 		 * ref now
 		 */
 		list_del_init(&b->cleaning);
-		iput(b->b.inode);
+		ino = b->b.inode;
 		putdref(b, MKREF(cleaning));
 		putref(cb, MKREF(clean2));
+		iput(ino);
 		rv = -1;
 		if (err)
 			goto out;
-- 
2.39.5