From: Allison Henderson <achender@linux.vnet.ibm.com>
To: Jan Kara <jack@suse.cz>
Cc: "Ted Ts'o" <tytso@mit.edu>,
Yongqiang Yang <xiaoqiangnk@gmail.com>,
Ext4 Developers List <linux-ext4@vger.kernel.org>
Subject: Re: [PATCH 1/1] Null Pointer when make_indexed_dir returns -ENOSPC
Date: Mon, 09 May 2011 13:39:07 -0700 [thread overview]
Message-ID: <4DC850EB.5020708@linux.vnet.ibm.com> (raw)
In-Reply-To: <20110509144201.GP4122@quack.suse.cz>
On 5/9/2011 7:42 AM, Jan Kara wrote:
> On Mon 09-05-11 10:22:37, Ted Tso wrote:
>> On Mon, May 09, 2011 at 04:05:37PM +0200, Jan Kara wrote:
>>> Yes. ext4_append() can return ENOSPC and passed bh will get set to NULL
>>> without being marked dirty.
>>
>> Ah, so the right fix then is to add to make the cleanup code like this:
>>
>> ext4_mark_inode_dirty(handle, dir);
>> ext4_handle_dirty_metadata(handle, dir, frame->bh);
>> + ext4_handle_dirty_metadata(handle, dir, bh2);
>> + if (bh)
>> + ext4_handle_dirty_metadata(handle, dir, bh);
>> dx_release(frames);
>> return retval;
>>
>> Agreed?
> Not quite. make_indexed_dir() does frame->bh = bh and bh = bh2 before
> calling do_split(). So bh2 is not really carrying a valid buffer reference
> at this point - even more so because do_split() does brelse() on the passed
> bh so it need not be around when are at this point. The code is a real
> mess. But for example attached patch will work because both callers of
> do_split() do brelse() anyway.
>
> Honza
Hi all,
Oh, I understand the problem now. Sorry for the late response, I had to
stop and dig around with this one for a bit. Would people prefer to add
the new code before the do_split like this:
+ ext4_handle_dirty_metadata(handle, dir, frame->bh);
+ ext4_handle_dirty_metadata(handle, dir, bh);
+
de = do_split(handle,dir, &bh, frame, &hinfo, &retval);
if (!de) {
/*
@@ -1421,8 +1425,6 @@ static int make_indexed_dir(handle_t *handle,
struct dentry *dentry,
* with corrupted filesystem.
*/
ext4_mark_inode_dirty(handle, dir);
- ext4_handle_dirty_metadata(handle, dir, frame->bh);
- ext4_handle_dirty_metadata(handle, dir, bh);
dx_release(frames);
return retval;
}
I've tested both patches and they both seem to resolve the null pointer.
The only other solution that comes to mind would be to add flags to
the do_split to skip the brelse or to do the mark dirty before the
brelse as you suggest.
Allison Henderson
next prev parent reply other threads:[~2011-05-09 20:39 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-07 23:54 [PATCH 1/1] Null Pointer when make_indexed_dir returns -ENOSPC Allison Henderson
2011-05-09 0:38 ` Ted Ts'o
2011-05-09 11:03 ` Jan Kara
2011-05-09 11:18 ` Yongqiang Yang
2011-05-09 11:20 ` Yongqiang Yang
2011-05-09 11:21 ` Yongqiang Yang
2011-05-09 11:30 ` Jan Kara
2011-05-09 11:33 ` Yongqiang Yang
2011-05-09 11:36 ` Jan Kara
2011-05-09 13:55 ` Ted Ts'o
2011-05-09 14:05 ` Jan Kara
2011-05-09 14:22 ` Ted Ts'o
2011-05-09 14:27 ` [PATCH -v2] ext4: don't dereference null pointer when make_indexed_dir() fails Theodore Ts'o
2011-05-09 14:56 ` Eric Sandeen
2011-05-09 14:42 ` [PATCH 1/1] Null Pointer when make_indexed_dir returns -ENOSPC Jan Kara
2011-05-09 20:39 ` Allison Henderson [this message]
2011-05-10 13:34 ` Jan Kara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DC850EB.5020708@linux.vnet.ibm.com \
--to=achender@linux.vnet.ibm.com \
--cc=jack@suse.cz \
--cc=linux-ext4@vger.kernel.org \
--cc=tytso@mit.edu \
--cc=xiaoqiangnk@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.