tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

fs: Handle multiply claimed blocks more gracefully with mmb

When a metadata block is referenced by multiple inodes and tracked by
metadata bh infrastructure (which is forbidden and generally indicates
filesystem corruption), it can happen that mmb_mark_buffer_dirty() is
called for two different mmb structures in parallel. This can lead to a
corruption of mmb linked list. Handle that situation gracefully (at
least from mmb POV) by serializing on setting bh->b_mmb.

Reported-by: Ruikai Peng <ruikai@pwno.io>
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://patch.msgid.link/20260423090311.10955-2-jack@suse.cz
Signed-off-by: Christian Brauner <brauner@kernel.org>

authored by

Jan Kara and committed by
Christian Brauner 9a466382 43eb354e

+8 -1
+8 -1
fs/buffer.c
··· 719 719 mark_buffer_dirty(bh); 720 720 if (!bh->b_mmb) { 721 721 spin_lock(&mmb->lock); 722 + /* 723 + * For a corrupted filesystem with multiply claimed blocks this 724 + * can fail. Avoid corrupting the linked list in that case. 725 + */ 726 + if (cmpxchg(&bh->b_mmb, NULL, mmb) != NULL) { 727 + spin_unlock(&mmb->lock); 728 + return; 729 + } 722 730 list_move_tail(&bh->b_assoc_buffers, &mmb->list); 723 - bh->b_mmb = mmb; 724 731 spin_unlock(&mmb->lock); 725 732 } 726 733 }