From: Theodore Ts'o <tytso@mit.edu>
To: stable@kernel.org
Cc: Ext4 Developers List <linux-ext4@vger.kernel.org>,
Curt Wohlgemuth <curtw@google.com>,
"Theodore Ts'o" <tytso@mit.edu>
Subject: [PATCH v2.6.32.y 27/53] ext4: Fix possible lost inode write in no journal mode
Date: Sun, 30 May 2010 22:49:40 -0400 [thread overview]
Message-ID: <1275274206-3900-27-git-send-email-tytso@mit.edu> (raw)
In-Reply-To: <1275274206-3900-1-git-send-email-tytso@mit.edu>
From: Curt Wohlgemuth <curtw@google.com>
commit 8b472d739b2ddd8ab7fb278874f696cd95b25a5e upstream (as of v2.6.34-rc6)
In the no-journal case, ext4_write_inode() will fetch the bh and call
sync_dirty_buffer() on it. However, if the bh has already been
written and the bh reclaimed for some other purpose, AND if the inode
is the only one in the inode table block in use, then
ext4_get_inode_loc() will not read the inode table block from disk,
but as an optimization, fill the block with zero's assuming that its
caller will copy in the on-disk version of the inode. This is not
done by ext4_write_inode(), so the contents of the inode can simply
get lost. The fix is to use __ext4_get_inode_loc() with in_mem set to
0, instead of ext4_get_inode_loc(). Long term the API needs to be
fixed so it's obvious why latter is not safe.
Addresses-Google-Bug: #2526446
Signed-off-by: Curt Wohlgemuth <curtw@google.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
---
fs/ext4/inode.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 4bee50f..f81025f 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -5260,7 +5260,7 @@ int ext4_write_inode(struct inode *inode, int wait)
} else {
struct ext4_iloc iloc;
- err = ext4_get_inode_loc(inode, &iloc);
+ err = __ext4_get_inode_loc(inode, &iloc, 0);
if (err)
return err;
if (wait)
--
1.6.6.1.1.g974db.dirty
next prev parent reply other threads:[~2010-05-31 2:50 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-05-31 2:49 [PATCH v2.6.32.y 01/53] ext4: Fix potential quota deadlock Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 02/53] jbd: jbd-debug and jbd2-debug should be writable Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 03/53] ext4: replace BUG() with return -EIO in ext4_ext_get_blocks Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 04/53] ext4, jbd2: Add barriers for file systems with exernal journals Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 05/53] ext4: Eliminate potential double free on error path Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 06/53] ext4: return correct wbc.nr_to_write in ext4_da_writepages Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 07/53] ext4: Ensure zeroout blocks have no dirty metadata Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 08/53] ext4: Patch up how we claim metadata blocks for quota purposes Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 09/53] ext4: Fix accounting of reserved metadata blocks Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 10/53] ext4: Calculate metadata requirements more accurately Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 11/53] ext4: Handle -EDQUOT error on write Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 12/53] ext4: Fix quota accounting error with fallocate Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 13/53] ext4: Drop EXT4_GET_BLOCKS_UPDATE_RESERVE_SPACE flag Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 14/53] ext4: Use bitops to read/modify EXT4_I(inode)->i_state Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 15/53] ext4: Fix BUG_ON at fs/buffer.c:652 in no journal mode Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 16/53] ext4: Add flag to files with blocks intentionally past EOF Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 17/53] ext4: Fix fencepost error in chosing choosing group vs file preallocation Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 18/53] ext4: fix error handling in migrate Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 19/53] ext4: explicitly remove inode from orphan list after failed direct io Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 20/53] ext4: Handle non empty on-disk orphan link Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 21/53] ext4: make "offset" consistent in ext4_check_dir_entry() Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 22/53] ext4: Fix insertion point of extent in mext_insert_across_blocks() Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 23/53] ext4: Fix the NULL reference in double_down_write_data_sem() Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 24/53] ext4: Code cleanup for EXT4_IOC_MOVE_EXT ioctl Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 25/53] ext4: Fix estimate of # of blocks needed to write indirect-mapped files Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 26/53] ext4: Fixed inode allocator to correctly track a flex_bg's used_dirs Theodore Ts'o
2010-05-31 2:49 ` Theodore Ts'o [this message]
2010-05-31 2:49 ` [PATCH v2.6.32.y 28/53] ext4: Fix buffer head leaks after calls to ext4_get_inode_loc() Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 29/53] ext4: Issue the discard operation *before* releasing the blocks to be reused Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 30/53] ext4: check missed return value in ext4_sync_file() Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 31/53] ext4: fix memory leaks in error path handling of ext4_ext_zeroout() Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 32/53] ext4: Remove unnecessary call to ext4_get_group_desc() in mballoc Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 33/53] ext4: rename ext4_mb_release_desc() to ext4_mb_unload_buddy() Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 34/53] ext4: allow defrag (EXT4_IOC_MOVE_EXT) in 32bit compat mode Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 35/53] ext4: fix quota accounting in case of fallocate Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 36/53] ext4: check s_log_groups_per_flex in online resize code Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 37/53] ext4: don't return to userspace after freezing the fs with a mutex held Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 38/53] ext4: stop issuing discards if not supported by device Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 39/53] ext4: don't scan/accumulate more pages than mballoc will allocate Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 40/53] ext4: Do not zero out uninitialized extents beyond i_size Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 41/53] ext4: clean up inode bitmaps manipulation in ext4_free_inode Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 42/53] ext4: init statistics after journal recovery Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 43/53] ext4: Remove extraneous newlines in ext4_msg() calls Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 44/53] ext4: Prevent creation of files larger than RLIMIT_FSIZE using fallocate Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 45/53] ext4: check for a good block group before loading buddy pages Theodore Ts'o
2010-05-31 2:49 ` [PATCH v2.6.32.y 46/53] ext4: Show journal_checksum option Theodore Ts'o
2010-05-31 2:50 ` [PATCH v2.6.32.y 47/53] ext4: Use bitops to read/modify i_flags in struct ext4_inode_info Theodore Ts'o
2010-05-31 2:50 ` [PATCH v2.6.32.y 48/53] ext4: Avoid crashing on NULL ptr dereference on a filesystem error Theodore Ts'o
2010-05-31 2:50 ` [PATCH v2.6.32.y 49/53] ext4: Clear the EXT4_EOFBLOCKS_FL flag only when warranted Theodore Ts'o
2010-05-31 2:50 ` [PATCH v2.6.32.y 50/53] ext4: restart ext4_ext_remove_space() after transaction restart Theodore Ts'o
2010-05-31 2:50 ` [PATCH v2.6.32.y 51/53] ext4: Conditionally define compat ioctl numbers Theodore Ts'o
2010-05-31 2:50 ` [PATCH v2.6.32.y 52/53] ext4: Fix compat EXT4_IOC_ADD_GROUP Theodore Ts'o
2010-05-31 2:50 ` [PATCH v2.6.32.y 53/53] ext4: Make fsync sync new parent directories in no-journal mode Theodore Ts'o
2010-06-25 22:29 ` [stable] [PATCH v2.6.32.y 01/53] ext4: Fix potential quota deadlock Greg KH
2010-06-26 23:19 ` tytso
2010-06-28 15:48 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1275274206-3900-27-git-send-email-tytso@mit.edu \
--to=tytso@mit.edu \
--cc=curtw@google.com \
--cc=linux-ext4@vger.kernel.org \
--cc=stable@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).