Fix double unlock in scoutfs_setattr data_wait error path

When scoutfs_setattr truncates a file with offline extents, it unlocks
the inode lock before calling scoutfs_data_wait to wait for the data
to be staged. If data_wait returns any error, the code jumps to 'goto
out' which calls scoutfs_unlock again, thus double-unlocking the lock.

Signed-off-by: Auke Kok <auke.kok@versity.com>

kmod/src/block.c

@@ -467,6 +467,9 @@ static int block_submit_bio(struct super_block *sb, struct block_private *bp,
 	sector_t sector;
 	int ret = 0;
 
+	if (scoutfs_forcing_unmount(sb))
+		return -ENOLINK;
+
 	sector = bp->bl.blkno << (SCOUTFS_BLOCK_LG_SHIFT - 9);
 
 	WARN_ON_ONCE(bp->bl.blkno == U64_MAX);
@@ -477,17 +480,6 @@ static int block_submit_bio(struct super_block *sb, struct block_private *bp,
 	set_bit(BLOCK_BIT_IO_BUSY, &bp->bits);
 	block_get(bp);
 
-	/*
-	 * A second thread may already be waiting on this block's completion
-	 * after this thread won the race to submit the block.  We exit through
-	 * the block_end_io error path which sets BLOCK_BIT_ERROR and assures
-	 * that other callers in the waitq get woken up.
-	 */
-	if (scoutfs_forcing_unmount(sb)) {
-		ret = -ENOLINK;
-		goto end_io;
-	}
-
 	blk_start_plug(&plug);
 
 	for (off = 0; off < SCOUTFS_BLOCK_LG_SIZE; off += PAGE_SIZE) {
@@ -525,7 +517,6 @@ static int block_submit_bio(struct super_block *sb, struct block_private *bp,
 
 	blk_finish_plug(&plug);
 
-end_io:
 	/* let racing end_io know we're done */
 	block_end_io(sb, opf, bp, ret);
 

kmod/src/inode.c

@@ -549,6 +549,7 @@ retry:
 				goto out;
 			if (scoutfs_data_wait_found(&dw)) {
 				scoutfs_unlock(sb, lock, SCOUTFS_LOCK_WRITE);
+				lock = NULL;
 
 				/* XXX callee locks instead? */
 				inode_unlock(inode);