From 489862d3769ea9b85683850914d0983a7c0cca4e Mon Sep 17 00:00:00 2001 From: Jan Kara Date: Thu, 20 Feb 2020 15:19:07 +0800 Subject: [PATCH] jbd2: Completely fill journal descriptor blocks mainline inclusion from mainline-5.5-rc1 commit b90bfdf581194a0fa5f6c26fef1e522f15f6212e category: bugfix bugzilla: 25031 CVE: NA --------------------------- With 32-bit block numbers, we don't allocate the array for journal buffer heads large enough for corresponding descriptor tags to fill the descriptor block. Thus we end up writing out half-full descriptor blocks to the journal unnecessarily growing the transaction. Fix the logic to allocate the array large enough. Signed-off-by: Jan Kara Link: https://lore.kernel.org/r/20191105164437.32602-3-jack@suse.cz Signed-off-by: Theodore Ts'o Signed-off-by: zhangyi (F) Reviewed-by: Yang Erkun Signed-off-by: Yang Yingliang --- fs/jbd2/journal.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c index 10d480d50785..ae8e99151416 100644 --- a/fs/jbd2/journal.c +++ b/fs/jbd2/journal.c @@ -1103,6 +1103,16 @@ static void jbd2_stats_proc_exit(journal_t *journal) remove_proc_entry(journal->j_devname, proc_jbd2_stats); } +/* Minimum size of descriptor tag */ +static int jbd2_min_tag_size(void) +{ + /* + * Tag with 32-bit block numbers does not use last four bytes of the + * structure + */ + return sizeof(journal_block_tag_t) - 4; +} + /* * Management for journal control blocks: functions to create and * destroy journal_t structures, and to initialise and read existing @@ -1161,7 +1171,8 @@ static journal_t *journal_init_common(struct block_device *bdev, journal->j_fs_dev = fs_dev; journal->j_blk_offset = start; journal->j_maxlen = len; - n = journal->j_blocksize / sizeof(journal_block_tag_t); + /* We need enough buffers to write out full descriptor block. */ + n = journal->j_blocksize / jbd2_min_tag_size(); journal->j_wbufsize = n; journal->j_wbuf = kmalloc_array(n, sizeof(struct buffer_head *), GFP_KERNEL); -- GitLab