From: Milos Nikic <nikic.milos@gmail.com>
To: jack@suse.cz
Cc: tytso@mit.edu, linux-ext4@vger.kernel.org,
linux-kernel@vger.kernel.org, Milos Nikic <nikic.milos@gmail.com>,
Zhang Yi <yi.zhang@huawei.com>,
Andreas Dilger <adilger@dilger.ca>
Subject: [PATCH v5 1/2] jbd2: gracefully abort instead of panicking on unlocked buffer
Date: Wed, 4 Mar 2026 09:20:15 -0800 [thread overview]
Message-ID: <20260304172016.23525-2-nikic.milos@gmail.com> (raw)
In-Reply-To: <20260304172016.23525-1-nikic.milos@gmail.com>
In jbd2_journal_get_create_access(), if the caller passes an unlocked
buffer, the code currently triggers a fatal J_ASSERT.
While an unlocked buffer here is a clear API violation and a bug in the
caller, crashing the entire system is an overly severe response. It brings
down the whole machine for a localized filesystem inconsistency.
Replace the J_ASSERT with a WARN_ON_ONCE to capture the offending caller's
stack trace, and return an error (-EINVAL). This allows the journal to
gracefully abort the transaction, protecting data integrity without
causing a kernel panic.
Signed-off-by: Milos Nikic <nikic.milos@gmail.com>
Reviewed-by: Zhang Yi <yi.zhang@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
---
fs/jbd2/transaction.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c
index dca4b5d8aaaa..04d17a5f2a82 100644
--- a/fs/jbd2/transaction.c
+++ b/fs/jbd2/transaction.c
@@ -1302,7 +1302,12 @@ int jbd2_journal_get_create_access(handle_t *handle, struct buffer_head *bh)
goto out;
}
- J_ASSERT_JH(jh, buffer_locked(jh2bh(jh)));
+ if (WARN_ON_ONCE(!buffer_locked(jh2bh(jh)))) {
+ err = -EINVAL;
+ spin_unlock(&jh->b_state_lock);
+ jbd2_journal_abort(journal, err);
+ goto out;
+ }
if (jh->b_transaction == NULL) {
/*
--
2.53.0
next prev parent reply other threads:[~2026-03-04 17:20 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-04 17:20 [PATCH v5 0/2] jbd2: audit and convert legacy J_ASSERT usage Milos Nikic
2026-03-04 17:20 ` Milos Nikic [this message]
2026-03-23 21:50 ` [PATCH v5 1/2] jbd2: gracefully abort instead of panicking on unlocked buffer Milos Nikic
2026-03-24 13:52 ` Jan Kara
2026-03-04 17:20 ` [PATCH v5 2/2] jbd2: gracefully abort on transaction state corruptions Milos Nikic
2026-04-10 15:18 ` [PATCH v5 0/2] jbd2: audit and convert legacy J_ASSERT usage Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260304172016.23525-2-nikic.milos@gmail.com \
--to=nikic.milos@gmail.com \
--cc=adilger@dilger.ca \
--cc=jack@suse.cz \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tytso@mit.edu \
--cc=yi.zhang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.