From: Theodore Ts'o <tytso@mit.edu>
To: Jan Kara <jack@suse.cz>
Cc: linux-ext4@vger.kernel.org, stable@vger.kernel.org
Subject: Re: [PATCH] ext4: Fix buffer double free in ext4_alloc_branch()
Date: Wed, 11 Jun 2014 09:57:17 -0400 [thread overview]
Message-ID: <20140611135717.GA27151@thunk.org> (raw)
In-Reply-To: <1402493826-13776-1-git-send-email-jack@suse.cz>
On Wed, Jun 11, 2014 at 03:37:06PM +0200, Jan Kara wrote:
> Error recovery in ext4_alloc_branch() calls ext4_forget() even for
> buffer corresponding to indirect block it did not allocate. This leads
> to brelse() being called twice for that buffer (once from ext4_forget()
> and once from cleanup in ext4_ind_map_blocks()) leading to buffer use
> count misaccounting. Eventually (but often much later because there
> are other users of the buffer) we will see messages like:
> VFS: brelse: Trying to free free buffer
>
> Another manifestation of this problem is an error:
> JBD2 unexpected failure: jbd2_journal_revoke: !buffer_revoked(bh);
> inconsistent data on disk
>
> The fix is easy - don't forget buffer we did not allocate. Also add an
> explanatory comment because the indexing at ext4_alloc_branch() is
> somewhat subtle.
>
> Signed-off-by: Jan Kara <jack@suse.cz>
Nice catch!
I've added a cc: stable@vger.kernel.org tag, and will queue this for
the post-merge window bugfix push.
Thanks,
- Ted
next prev parent reply other threads:[~2014-06-11 13:57 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-11 13:37 [PATCH] ext4: Fix buffer double free in ext4_alloc_branch() Jan Kara
2014-06-11 13:57 ` Theodore Ts'o [this message]
-- strict thread matches above, loose matches on Subject: below --
2014-10-10 14:23 [Cluster-devel] [PATCH 0/2 v2] Fix data corruption when blocksize < pagesize for mmapped data Jan Kara
2014-10-10 14:23 ` [PATCH] ext4: Fix buffer double free in ext4_alloc_branch() Jan Kara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140611135717.GA27151@thunk.org \
--to=tytso@mit.edu \
--cc=jack@suse.cz \
--cc=linux-ext4@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.