mirror of https://gitee.com/openkylin/linux.git
Fix a memory leak on an error path, and two races when modifying
inodes relating to the inline_data and metadata checksum features. -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEK2m5VNv+CHkogTfJ8vlZVpUNgaMFAljXHNMACgkQ8vlZVpUN gaPwoggAiodb37DHZ/X6fnRr8314OJT8mRUbUK3aDagCRb0Kp9iFAwwpHIG8Gxw1 akI7Jy8VWLC4EbHb9wzXFEO7wl/IBLq3t70Vid2cBR302gblhIIz6hkHrQ9RIlW3 MH5sFhXiVq4WYPuxQFWS6ohg6/SYTwcgI9rXxEnkLVmOiG2Ov2/v4/wiflau8vgK fNYyncHSylwJ5QIaT8mUIawetlunEHO0Vz5AZNzkcMhkzUHxmRWvMtGWcvwukstb 7vXZhN5HHB8RZ33qcdtuAaNBHwBmrU/acicIpsvL/jfkFWlJTS0PBRUvwxnPeebo G0xRDEIwpZoy5h8fxzIxqh+CQqg6QA== =/ycw -----END PGP SIGNATURE----- Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 Pull ext4 fixes from Ted Ts'o: "Fix a memory leak on an error path, and two races when modifying inodes relating to the inline_data and metadata checksum features" * tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4: ext4: fix two spelling nits ext4: lock the xattr block before checksuming it jbd2: don't leak memory if setting up journal fails ext4: mark inode dirty after converting inline directory
This commit is contained in:
commit
1c23de6308
|
@ -1169,10 +1169,9 @@ static int ext4_finish_convert_inline_dir(handle_t *handle,
|
|||
set_buffer_uptodate(dir_block);
|
||||
err = ext4_handle_dirty_dirent_node(handle, inode, dir_block);
|
||||
if (err)
|
||||
goto out;
|
||||
return err;
|
||||
set_buffer_verified(dir_block);
|
||||
out:
|
||||
return err;
|
||||
return ext4_mark_inode_dirty(handle, inode);
|
||||
}
|
||||
|
||||
static int ext4_convert_inline_data_nolock(handle_t *handle,
|
||||
|
|
|
@ -5400,7 +5400,7 @@ int ext4_getattr(const struct path *path, struct kstat *stat,
|
|||
* If there is inline data in the inode, the inode will normally not
|
||||
* have data blocks allocated (it may have an external xattr block).
|
||||
* Report at least one sector for such files, so tools like tar, rsync,
|
||||
* others doen't incorrectly think the file is completely sparse.
|
||||
* others don't incorrectly think the file is completely sparse.
|
||||
*/
|
||||
if (unlikely(ext4_has_inline_data(inode)))
|
||||
stat->blocks += (stat->size + 511) >> 9;
|
||||
|
|
|
@ -511,7 +511,7 @@ mext_check_arguments(struct inode *orig_inode,
|
|||
if ((orig_start & ~(PAGE_MASK >> orig_inode->i_blkbits)) !=
|
||||
(donor_start & ~(PAGE_MASK >> orig_inode->i_blkbits))) {
|
||||
ext4_debug("ext4 move extent: orig and donor's start "
|
||||
"offset are not alligned [ino:orig %lu, donor %lu]\n",
|
||||
"offsets are not aligned [ino:orig %lu, donor %lu]\n",
|
||||
orig_inode->i_ino, donor_inode->i_ino);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
|
|
@ -131,31 +131,26 @@ static __le32 ext4_xattr_block_csum(struct inode *inode,
|
|||
}
|
||||
|
||||
static int ext4_xattr_block_csum_verify(struct inode *inode,
|
||||
sector_t block_nr,
|
||||
struct ext4_xattr_header *hdr)
|
||||
struct buffer_head *bh)
|
||||
{
|
||||
if (ext4_has_metadata_csum(inode->i_sb) &&
|
||||
(hdr->h_checksum != ext4_xattr_block_csum(inode, block_nr, hdr)))
|
||||
return 0;
|
||||
return 1;
|
||||
struct ext4_xattr_header *hdr = BHDR(bh);
|
||||
int ret = 1;
|
||||
|
||||
if (ext4_has_metadata_csum(inode->i_sb)) {
|
||||
lock_buffer(bh);
|
||||
ret = (hdr->h_checksum == ext4_xattr_block_csum(inode,
|
||||
bh->b_blocknr, hdr));
|
||||
unlock_buffer(bh);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
static void ext4_xattr_block_csum_set(struct inode *inode,
|
||||
sector_t block_nr,
|
||||
struct ext4_xattr_header *hdr)
|
||||
struct buffer_head *bh)
|
||||
{
|
||||
if (!ext4_has_metadata_csum(inode->i_sb))
|
||||
return;
|
||||
|
||||
hdr->h_checksum = ext4_xattr_block_csum(inode, block_nr, hdr);
|
||||
}
|
||||
|
||||
static inline int ext4_handle_dirty_xattr_block(handle_t *handle,
|
||||
struct inode *inode,
|
||||
struct buffer_head *bh)
|
||||
{
|
||||
ext4_xattr_block_csum_set(inode, bh->b_blocknr, BHDR(bh));
|
||||
return ext4_handle_dirty_metadata(handle, inode, bh);
|
||||
if (ext4_has_metadata_csum(inode->i_sb))
|
||||
BHDR(bh)->h_checksum = ext4_xattr_block_csum(inode,
|
||||
bh->b_blocknr, BHDR(bh));
|
||||
}
|
||||
|
||||
static inline const struct xattr_handler *
|
||||
|
@ -233,7 +228,7 @@ ext4_xattr_check_block(struct inode *inode, struct buffer_head *bh)
|
|||
if (BHDR(bh)->h_magic != cpu_to_le32(EXT4_XATTR_MAGIC) ||
|
||||
BHDR(bh)->h_blocks != cpu_to_le32(1))
|
||||
return -EFSCORRUPTED;
|
||||
if (!ext4_xattr_block_csum_verify(inode, bh->b_blocknr, BHDR(bh)))
|
||||
if (!ext4_xattr_block_csum_verify(inode, bh))
|
||||
return -EFSBADCRC;
|
||||
error = ext4_xattr_check_names(BFIRST(bh), bh->b_data + bh->b_size,
|
||||
bh->b_data);
|
||||
|
@ -618,23 +613,22 @@ ext4_xattr_release_block(handle_t *handle, struct inode *inode,
|
|||
}
|
||||
}
|
||||
|
||||
ext4_xattr_block_csum_set(inode, bh);
|
||||
/*
|
||||
* Beware of this ugliness: Releasing of xattr block references
|
||||
* from different inodes can race and so we have to protect
|
||||
* from a race where someone else frees the block (and releases
|
||||
* its journal_head) before we are done dirtying the buffer. In
|
||||
* nojournal mode this race is harmless and we actually cannot
|
||||
* call ext4_handle_dirty_xattr_block() with locked buffer as
|
||||
* call ext4_handle_dirty_metadata() with locked buffer as
|
||||
* that function can call sync_dirty_buffer() so for that case
|
||||
* we handle the dirtying after unlocking the buffer.
|
||||
*/
|
||||
if (ext4_handle_valid(handle))
|
||||
error = ext4_handle_dirty_xattr_block(handle, inode,
|
||||
bh);
|
||||
error = ext4_handle_dirty_metadata(handle, inode, bh);
|
||||
unlock_buffer(bh);
|
||||
if (!ext4_handle_valid(handle))
|
||||
error = ext4_handle_dirty_xattr_block(handle, inode,
|
||||
bh);
|
||||
error = ext4_handle_dirty_metadata(handle, inode, bh);
|
||||
if (IS_SYNC(inode))
|
||||
ext4_handle_sync(handle);
|
||||
dquot_free_block(inode, EXT4_C2B(EXT4_SB(inode->i_sb), 1));
|
||||
|
@ -863,13 +857,14 @@ ext4_xattr_block_set(handle_t *handle, struct inode *inode,
|
|||
ext4_xattr_cache_insert(ext4_mb_cache,
|
||||
bs->bh);
|
||||
}
|
||||
ext4_xattr_block_csum_set(inode, bs->bh);
|
||||
unlock_buffer(bs->bh);
|
||||
if (error == -EFSCORRUPTED)
|
||||
goto bad_block;
|
||||
if (!error)
|
||||
error = ext4_handle_dirty_xattr_block(handle,
|
||||
inode,
|
||||
bs->bh);
|
||||
error = ext4_handle_dirty_metadata(handle,
|
||||
inode,
|
||||
bs->bh);
|
||||
if (error)
|
||||
goto cleanup;
|
||||
goto inserted;
|
||||
|
@ -967,10 +962,11 @@ ext4_xattr_block_set(handle_t *handle, struct inode *inode,
|
|||
ce->e_reusable = 0;
|
||||
ea_bdebug(new_bh, "reusing; refcount now=%d",
|
||||
ref);
|
||||
ext4_xattr_block_csum_set(inode, new_bh);
|
||||
unlock_buffer(new_bh);
|
||||
error = ext4_handle_dirty_xattr_block(handle,
|
||||
inode,
|
||||
new_bh);
|
||||
error = ext4_handle_dirty_metadata(handle,
|
||||
inode,
|
||||
new_bh);
|
||||
if (error)
|
||||
goto cleanup_dquot;
|
||||
}
|
||||
|
@ -1020,11 +1016,12 @@ ext4_xattr_block_set(handle_t *handle, struct inode *inode,
|
|||
goto getblk_failed;
|
||||
}
|
||||
memcpy(new_bh->b_data, s->base, new_bh->b_size);
|
||||
ext4_xattr_block_csum_set(inode, new_bh);
|
||||
set_buffer_uptodate(new_bh);
|
||||
unlock_buffer(new_bh);
|
||||
ext4_xattr_cache_insert(ext4_mb_cache, new_bh);
|
||||
error = ext4_handle_dirty_xattr_block(handle,
|
||||
inode, new_bh);
|
||||
error = ext4_handle_dirty_metadata(handle, inode,
|
||||
new_bh);
|
||||
if (error)
|
||||
goto cleanup;
|
||||
}
|
||||
|
|
|
@ -1125,10 +1125,8 @@ static journal_t *journal_init_common(struct block_device *bdev,
|
|||
|
||||
/* Set up a default-sized revoke table for the new mount. */
|
||||
err = jbd2_journal_init_revoke(journal, JOURNAL_REVOKE_DEFAULT_HASH);
|
||||
if (err) {
|
||||
kfree(journal);
|
||||
return NULL;
|
||||
}
|
||||
if (err)
|
||||
goto err_cleanup;
|
||||
|
||||
spin_lock_init(&journal->j_history_lock);
|
||||
|
||||
|
@ -1145,23 +1143,25 @@ static journal_t *journal_init_common(struct block_device *bdev,
|
|||
journal->j_wbufsize = n;
|
||||
journal->j_wbuf = kmalloc_array(n, sizeof(struct buffer_head *),
|
||||
GFP_KERNEL);
|
||||
if (!journal->j_wbuf) {
|
||||
kfree(journal);
|
||||
return NULL;
|
||||
}
|
||||
if (!journal->j_wbuf)
|
||||
goto err_cleanup;
|
||||
|
||||
bh = getblk_unmovable(journal->j_dev, start, journal->j_blocksize);
|
||||
if (!bh) {
|
||||
pr_err("%s: Cannot get buffer for journal superblock\n",
|
||||
__func__);
|
||||
kfree(journal->j_wbuf);
|
||||
kfree(journal);
|
||||
return NULL;
|
||||
goto err_cleanup;
|
||||
}
|
||||
journal->j_sb_buffer = bh;
|
||||
journal->j_superblock = (journal_superblock_t *)bh->b_data;
|
||||
|
||||
return journal;
|
||||
|
||||
err_cleanup:
|
||||
kfree(journal->j_wbuf);
|
||||
jbd2_journal_destroy_revoke(journal);
|
||||
kfree(journal);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* jbd2_journal_init_dev and jbd2_journal_init_inode:
|
||||
|
|
|
@ -280,6 +280,7 @@ int jbd2_journal_init_revoke(journal_t *journal, int hash_size)
|
|||
|
||||
fail1:
|
||||
jbd2_journal_destroy_revoke_table(journal->j_revoke_table[0]);
|
||||
journal->j_revoke_table[0] = NULL;
|
||||
fail0:
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue