提交 71dc8fbc 编写于 作者: D Duane Griffin 提交者: Theodore Ts'o

ext4: handle deleting corrupted indirect blocks

While freeing indirect blocks we attach a journal head to the parent buffer
head, free the blocks, then journal the parent. If the indirect block list
is corrupted and points to the parent the journal head will be detached
when the block is cleared, causing an OOPS.

Check for that explicitly and handle it gracefully.

This patch fixes the third case (image hdb.20000057.nullderef.gz)
reported in http://bugzilla.kernel.org/show_bug.cgi?id=10882.
Signed-off-by: NDuane Griffin <duaneg@dghda.com>
Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
上级 91ef4caf
...@@ -2179,7 +2179,21 @@ static void ext4_free_data(handle_t *handle, struct inode *inode, ...@@ -2179,7 +2179,21 @@ static void ext4_free_data(handle_t *handle, struct inode *inode,
if (this_bh) { if (this_bh) {
BUFFER_TRACE(this_bh, "call ext4_journal_dirty_metadata"); BUFFER_TRACE(this_bh, "call ext4_journal_dirty_metadata");
ext4_journal_dirty_metadata(handle, this_bh);
/*
* The buffer head should have an attached journal head at this
* point. However, if the data is corrupted and an indirect
* block pointed to itself, it would have been detached when
* the block was cleared. Check for this instead of OOPSing.
*/
if (bh2jh(this_bh))
ext4_journal_dirty_metadata(handle, this_bh);
else
ext4_error(inode->i_sb, __func__,
"circular indirect block detected, "
"inode=%lu, block=%llu",
inode->i_ino,
(unsigned long long) this_bh->b_blocknr);
} }
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册