From: Theodore Ts'o <tytso@mit.edu>
To: Nikolay Borisov <kernel@kyup.com>
Cc: stable@vger.kernel.org, jack@suse.com,
gregkh@linuxfoundation.org, Jan Kara <jack@suse.cz>
Subject: Re: [PATCH] ext4: fix bh->b_state corruption
Date: Sat, 27 Feb 2016 13:16:34 -0500 [thread overview]
Message-ID: <20160227181634.GA15325@thunk.org> (raw)
In-Reply-To: <1456299139-30433-1-git-send-email-kernel@kyup.com>
On Wed, Feb 24, 2016 at 09:32:19AM +0200, Nikolay Borisov wrote:
> From: Jan Kara <jack@suse.com>
>
> commit ed8ad83808f009ade97ebbf6519bc3a97fefbc0c upstream
>
> ext4 can update bh->b_state non-atomically in _ext4_get_block() and
> ext4_da_get_block_prep(). Usually this is fine since bh is just a
> temporary storage for mapping information on stack but in some cases it
> can be fully living bh attached to a page. In such case non-atomic
> update of bh->b_state can race with an atomic update which then gets
> lost. Usually when we are mapping bh and thus updating bh->b_state
> non-atomically, nobody else touches the bh and so things work out fine
> but there is one case to especially worry about: ext4_finish_bio() uses
> BH_Uptodate_Lock on the first bh in the page to synchronize handling of
> PageWriteback state. So when blocksize < pagesize, we can be atomically
> modifying bh->b_state of a buffer that actually isn't under IO and thus
> can race e.g. with delalloc trying to map that buffer. The result is
> that we can mistakenly set / clear BH_Uptodate_Lock bit resulting in the
> corruption of PageWriteback state or missed unlock of BH_Uptodate_Lock.
>
> Fix the problem by always updating bh->b_state bits atomically.
>
> CC: stable@vger.kernel.org
> Reported-by: Nikolay Borisov <kernel@kyup.com>
> Signed-off-by: Jan Kara <jack@suse.cz>
> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
> Signed-off-by: Nikolay Borisov <kernel@kyup.com>
> [NB: Backported to 4.4.2]
Acked-by: Theodore Ts'o <tytso@mit.edu>
(This failed the auto backport to the 4.4 stable branch; thanks to
Nikolay for backporting it.)
- Ted
next prev parent reply other threads:[~2016-02-27 18:16 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-24 7:32 [PATCH] ext4: fix bh->b_state corruption Nikolay Borisov
2016-02-27 18:16 ` Theodore Ts'o [this message]
-- strict thread matches above, loose matches on Subject: below --
2016-01-07 16:55 [PATCH] ext4: Fix " Jan Kara
2016-01-22 7:08 ` Nikolay Borisov
2016-02-18 16:09 ` Jan Kara
2016-02-19 5:08 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160227181634.GA15325@thunk.org \
--to=tytso@mit.edu \
--cc=gregkh@linuxfoundation.org \
--cc=jack@suse.com \
--cc=jack@suse.cz \
--cc=kernel@kyup.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.