1. 11 2月, 2009 1 次提交
    • J
      jbd2: Avoid possible NULL dereference in jbd2_journal_begin_ordered_truncate() · 7f5aa215
      Jan Kara 提交于
      If we race with commit code setting i_transaction to NULL, we could
      possibly dereference it.  Proper locking requires the journal pointer
      (to access journal->j_list_lock), which we don't have.  So we have to
      change the prototype of the function so that filesystem passes us the
      journal pointer.  Also add a more detailed comment about why the
      function jbd2_journal_begin_ordered_truncate() does what it does and
      how it should be used.
      
      Thanks to Dan Carpenter <error27@gmail.com> for pointing to the
      suspitious code.
      Signed-off-by: NJan Kara <jack@suse.cz>
      Signed-off-by: N"Theodore Ts'o" <tytso@mit.edu>
      Acked-by: NJoel Becker <joel.becker@oracle.com>
      CC: linux-ext4@vger.kernel.org
      CC: ocfs2-devel@oss.oracle.com
      CC: mfasheh@suse.de
      CC: Dan Carpenter <error27@gmail.com>
      7f5aa215
  2. 10 2月, 2009 1 次提交
  3. 11 2月, 2009 1 次提交
    • J
      jbd2: Fix return value of jbd2_journal_start_commit() · c88ccea3
      Jan Kara 提交于
      The function jbd2_journal_start_commit() returns 1 if either a
      transaction is committing or the function has queued a transaction
      commit. But it returns 0 if we raced with somebody queueing the
      transaction commit as well. This resulted in ext4_sync_fs() not
      functioning correctly (description from Arthur Jones): 
      
         In the case of a data=ordered umount with pending long symlinks
         which are delayed due to a long list of other I/O on the backing
         block device, this causes the buffer associated with the long
         symlinks to not be moved to the inode dirty list in the second
         phase of fsync_super.  Then, before they can be dirtied again,
         kjournald exits, seeing the UMOUNT flag and the dirty pages are
         never written to the backing block device, causing long symlink
         corruption and exposing new or previously freed block data to
         userspace.
      
      This can be reproduced with a script created by Eric Sandeen
      <sandeen@redhat.com>:
      
              #!/bin/bash
      
              umount /mnt/test2
              mount /dev/sdb4 /mnt/test2
              rm -f /mnt/test2/*
              dd if=/dev/zero of=/mnt/test2/bigfile bs=1M count=512
              touch /mnt/test2/thisisveryveryveryveryveryveryveryveryveryveryveryveryveryveryveryverylongfilename
              ln -s /mnt/test2/thisisveryveryveryveryveryveryveryveryveryveryveryveryveryveryveryverylongfilename
              /mnt/test2/link
              umount /mnt/test2
              mount /dev/sdb4 /mnt/test2
              ls /mnt/test2/
      
      This patch fixes jbd2_journal_start_commit() to always return 1 when
      there's a transaction committing or queued for commit.
      Signed-off-by: NJan Kara <jack@suse.cz>
      Signed-off-by: N"Theodore Ts'o" <tytso@mit.edu>
      CC: Eric Sandeen <sandeen@redhat.com>
      CC: linux-ext4@vger.kernel.org
      c88ccea3
  4. 14 2月, 2009 3 次提交
  5. 13 2月, 2009 32 次提交
  6. 12 2月, 2009 2 次提交