tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4

Pull ext4 fixes from Ted Ts'o:
"Some ext4 bug fixes (mostly to address Syzbot reports)"

* tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
ext4: bail out of ext4_xattr_ibody_get() fails for any reason
ext4: add bounds checking in get_max_inline_xattr_value_size()
ext4: add indication of ro vs r/w mounts in the mount message
ext4: fix deadlock when converting an inline directory in nojournal mode
ext4: improve error recovery code paths in __ext4_remount()
ext4: improve error handling from ext4_dirhash()
ext4: don't clear SB_RDONLY when remounting r/w until quota is re-enabled
ext4: check iomap type only if ext4_iomap_begin() does not fail
ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum
ext4: fix data races when using cached status extents
ext4: avoid deadlock in fs reclaim with page writeback
ext4: fix invalid free tracking in ext4_xattr_move_to_block()
ext4: remove a BUG_ON in ext4_mb_release_group_pa()
ext4: allow ext4_get_group_info() to fail
ext4: fix lockdep warning when enabling MMP
ext4: fix WARNING in mb_find_extent

Linus Torvalds bb7c241f adfbf653

+269 -104
+42 -1
fs/ext4/balloc.c
··· 305 305 return desc; 306 306 } 307 307 308 + static ext4_fsblk_t ext4_valid_block_bitmap_padding(struct super_block *sb, 309 + ext4_group_t block_group, 310 + struct buffer_head *bh) 311 + { 312 + ext4_grpblk_t next_zero_bit; 313 + unsigned long bitmap_size = sb->s_blocksize * 8; 314 + unsigned int offset = num_clusters_in_group(sb, block_group); 315 + 316 + if (bitmap_size <= offset) 317 + return 0; 318 + 319 + next_zero_bit = ext4_find_next_zero_bit(bh->b_data, bitmap_size, offset); 320 + 321 + return (next_zero_bit < bitmap_size ? next_zero_bit : 0); 322 + } 323 + 324 + struct ext4_group_info *ext4_get_group_info(struct super_block *sb, 325 + ext4_group_t group) 326 + { 327 + struct ext4_group_info **grp_info; 328 + long indexv, indexh; 329 + 330 + if (unlikely(group >= EXT4_SB(sb)->s_groups_count)) { 331 + ext4_error(sb, "invalid group %u", group); 332 + return NULL; 333 + } 334 + indexv = group >> (EXT4_DESC_PER_BLOCK_BITS(sb)); 335 + indexh = group & ((EXT4_DESC_PER_BLOCK(sb)) - 1); 336 + grp_info = sbi_array_rcu_deref(EXT4_SB(sb), s_group_info, indexv); 337 + return grp_info[indexh]; 338 + } 339 + 308 340 /* 309 341 * Return the block number which was discovered to be invalid, or 0 if 310 342 * the block bitmap is valid. ··· 411 379 412 380 if (buffer_verified(bh)) 413 381 return 0; 414 - if (EXT4_MB_GRP_BBITMAP_CORRUPT(grp)) 382 + if (!grp || EXT4_MB_GRP_BBITMAP_CORRUPT(grp)) 415 383 return -EFSCORRUPTED; 416 384 417 385 ext4_lock_group(sb, block_group); ··· 432 400 block_group, blk); 433 401 ext4_mark_group_bitmap_corrupted(sb, block_group, 434 402 EXT4_GROUP_INFO_BBITMAP_CORRUPT); 403 + return -EFSCORRUPTED; 404 + } 405 + blk = ext4_valid_block_bitmap_padding(sb, block_group, bh); 406 + if (unlikely(blk != 0)) { 407 + ext4_unlock_group(sb, block_group); 408 + ext4_error(sb, "bg %u: block %llu: padding at end of block bitmap is not set", 409 + block_group, blk); 410 + ext4_mark_group_bitmap_corrupted(sb, block_group, 411 + EXT4_GROUP_INFO_BBITMAP_CORRUPT); 435 412 return -EFSCORRUPTED; 436 413 } 437 414 set_buffer_verified(bh);
+26 -13
fs/ext4/ext4.h
··· 1684 1684 return container_of(inode, struct ext4_inode_info, vfs_inode); 1685 1685 } 1686 1686 1687 + static inline int ext4_writepages_down_read(struct super_block *sb) 1688 + { 1689 + percpu_down_read(&EXT4_SB(sb)->s_writepages_rwsem); 1690 + return memalloc_nofs_save(); 1691 + } 1692 + 1693 + static inline void ext4_writepages_up_read(struct super_block *sb, int ctx) 1694 + { 1695 + memalloc_nofs_restore(ctx); 1696 + percpu_up_read(&EXT4_SB(sb)->s_writepages_rwsem); 1697 + } 1698 + 1699 + static inline int ext4_writepages_down_write(struct super_block *sb) 1700 + { 1701 + percpu_down_write(&EXT4_SB(sb)->s_writepages_rwsem); 1702 + return memalloc_nofs_save(); 1703 + } 1704 + 1705 + static inline void ext4_writepages_up_write(struct super_block *sb, int ctx) 1706 + { 1707 + memalloc_nofs_restore(ctx); 1708 + percpu_up_write(&EXT4_SB(sb)->s_writepages_rwsem); 1709 + } 1710 + 1687 1711 static inline int ext4_valid_inum(struct super_block *sb, unsigned long ino) 1688 1712 { 1689 1713 return ino == EXT4_ROOT_INO || ··· 2649 2625 extern struct ext4_group_desc * ext4_get_group_desc(struct super_block * sb, 2650 2626 ext4_group_t block_group, 2651 2627 struct buffer_head ** bh); 2628 + extern struct ext4_group_info *ext4_get_group_info(struct super_block *sb, 2629 + ext4_group_t group); 2652 2630 extern int ext4_should_retry_alloc(struct super_block *sb, int *retries); 2653 2631 2654 2632 extern struct buffer_head *ext4_read_block_bitmap_nowait(struct super_block *sb, ··· 3256 3230 { 3257 3231 raw_inode->i_size_lo = cpu_to_le32(i_size); 3258 3232 raw_inode->i_size_high = cpu_to_le32(i_size >> 32); 3259 - } 3260 - 3261 - static inline 3262 - struct ext4_group_info *ext4_get_group_info(struct super_block *sb, 3263 - ext4_group_t group) 3264 - { 3265 - struct ext4_group_info **grp_info; 3266 - long indexv, indexh; 3267 - BUG_ON(group >= EXT4_SB(sb)->s_groups_count); 3268 - indexv = group >> (EXT4_DESC_PER_BLOCK_BITS(sb)); 3269 - indexh = group & ((EXT4_DESC_PER_BLOCK(sb)) - 1); 3270 - grp_info = sbi_array_rcu_deref(EXT4_SB(sb), s_group_info, indexv); 3271 - return grp_info[indexh]; 3272 3233 } 3273 3234 3274 3235 /*
+13 -17
fs/ext4/extents_status.c
··· 267 267 268 268 /* see if the extent has been cached */ 269 269 es->es_lblk = es->es_len = es->es_pblk = 0; 270 - if (tree->cache_es) { 271 - es1 = tree->cache_es; 272 - if (in_range(lblk, es1->es_lblk, es1->es_len)) { 273 - es_debug("%u cached by [%u/%u) %llu %x\n", 274 - lblk, es1->es_lblk, es1->es_len, 275 - ext4_es_pblock(es1), ext4_es_status(es1)); 276 - goto out; 277 - } 270 + es1 = READ_ONCE(tree->cache_es); 271 + if (es1 && in_range(lblk, es1->es_lblk, es1->es_len)) { 272 + es_debug("%u cached by [%u/%u) %llu %x\n", 273 + lblk, es1->es_lblk, es1->es_len, 274 + ext4_es_pblock(es1), ext4_es_status(es1)); 275 + goto out; 278 276 } 279 277 280 278 es1 = __es_tree_search(&tree->root, lblk); ··· 291 293 } 292 294 293 295 if (es1 && matching_fn(es1)) { 294 - tree->cache_es = es1; 296 + WRITE_ONCE(tree->cache_es, es1); 295 297 es->es_lblk = es1->es_lblk; 296 298 es->es_len = es1->es_len; 297 299 es->es_pblk = es1->es_pblk; ··· 929 931 930 932 /* find extent in cache firstly */ 931 933 es->es_lblk = es->es_len = es->es_pblk = 0; 932 - if (tree->cache_es) { 933 - es1 = tree->cache_es; 934 - if (in_range(lblk, es1->es_lblk, es1->es_len)) { 935 - es_debug("%u cached by [%u/%u)\n", 936 - lblk, es1->es_lblk, es1->es_len); 937 - found = 1; 938 - goto out; 939 - } 934 + es1 = READ_ONCE(tree->cache_es); 935 + if (es1 && in_range(lblk, es1->es_lblk, es1->es_len)) { 936 + es_debug("%u cached by [%u/%u)\n", 937 + lblk, es1->es_lblk, es1->es_len); 938 + found = 1; 939 + goto out; 940 940 } 941 941 942 942 node = tree->root.rb_node;
+5 -1
fs/ext4/hash.c
··· 277 277 } 278 278 default: 279 279 hinfo->hash = 0; 280 - return -1; 280 + hinfo->minor_hash = 0; 281 + ext4_warning(dir->i_sb, 282 + "invalid/unsupported hash tree version %u", 283 + hinfo->hash_version); 284 + return -EINVAL; 281 285 } 282 286 hash = hash & ~1; 283 287 if (hash == (EXT4_HTREE_EOF_32BIT << 1))
+8 -4
fs/ext4/ialloc.c
··· 91 91 92 92 if (buffer_verified(bh)) 93 93 return 0; 94 - if (EXT4_MB_GRP_IBITMAP_CORRUPT(grp)) 94 + if (!grp || EXT4_MB_GRP_IBITMAP_CORRUPT(grp)) 95 95 return -EFSCORRUPTED; 96 96 97 97 ext4_lock_group(sb, block_group); ··· 293 293 } 294 294 if (!(sbi->s_mount_state & EXT4_FC_REPLAY)) { 295 295 grp = ext4_get_group_info(sb, block_group); 296 - if (unlikely(EXT4_MB_GRP_IBITMAP_CORRUPT(grp))) { 296 + if (!grp || unlikely(EXT4_MB_GRP_IBITMAP_CORRUPT(grp))) { 297 297 fatal = -EFSCORRUPTED; 298 298 goto error_return; 299 299 } ··· 1046 1046 * Skip groups with already-known suspicious inode 1047 1047 * tables 1048 1048 */ 1049 - if (EXT4_MB_GRP_IBITMAP_CORRUPT(grp)) 1049 + if (!grp || EXT4_MB_GRP_IBITMAP_CORRUPT(grp)) 1050 1050 goto next_group; 1051 1051 } 1052 1052 ··· 1183 1183 1184 1184 if (!(sbi->s_mount_state & EXT4_FC_REPLAY)) { 1185 1185 grp = ext4_get_group_info(sb, group); 1186 + if (!grp) { 1187 + err = -EFSCORRUPTED; 1188 + goto out; 1189 + } 1186 1190 down_read(&grp->alloc_sem); /* 1187 1191 * protect vs itable 1188 1192 * lazyinit ··· 1530 1526 } 1531 1527 1532 1528 gdp = ext4_get_group_desc(sb, group, &group_desc_bh); 1533 - if (!gdp) 1529 + if (!gdp || !grp) 1534 1530 goto out; 1535 1531 1536 1532 /*
+14 -3
fs/ext4/inline.c
··· 34 34 struct ext4_xattr_ibody_header *header; 35 35 struct ext4_xattr_entry *entry; 36 36 struct ext4_inode *raw_inode; 37 + void *end; 37 38 int free, min_offs; 38 39 39 40 if (!EXT4_INODE_HAS_XATTR_SPACE(inode)) ··· 58 57 raw_inode = ext4_raw_inode(iloc); 59 58 header = IHDR(inode, raw_inode); 60 59 entry = IFIRST(header); 60 + end = (void *)raw_inode + EXT4_SB(inode->i_sb)->s_inode_size; 61 61 62 62 /* Compute min_offs. */ 63 - for (; !IS_LAST_ENTRY(entry); entry = EXT4_XATTR_NEXT(entry)) { 63 + while (!IS_LAST_ENTRY(entry)) { 64 + void *next = EXT4_XATTR_NEXT(entry); 65 + 66 + if (next >= end) { 67 + EXT4_ERROR_INODE(inode, 68 + "corrupt xattr in inline inode"); 69 + return 0; 70 + } 64 71 if (!entry->e_value_inum && entry->e_value_size) { 65 72 size_t offs = le16_to_cpu(entry->e_value_offs); 66 73 if (offs < min_offs) 67 74 min_offs = offs; 68 75 } 76 + entry = next; 69 77 } 70 78 free = min_offs - 71 79 ((void *)entry - (void *)IFIRST(header)) - sizeof(__u32); ··· 360 350 361 351 error = ext4_xattr_ibody_get(inode, i.name_index, i.name, 362 352 value, len); 363 - if (error == -ENODATA) 353 + if (error < 0) 364 354 goto out; 365 355 366 356 BUFFER_TRACE(is.iloc.bh, "get_write_access"); ··· 1185 1175 ext4_initialize_dirent_tail(dir_block, 1186 1176 inode->i_sb->s_blocksize); 1187 1177 set_buffer_uptodate(dir_block); 1178 + unlock_buffer(dir_block); 1188 1179 err = ext4_handle_dirty_dirblock(handle, inode, dir_block); 1189 1180 if (err) 1190 1181 return err; ··· 1260 1249 if (!S_ISDIR(inode->i_mode)) { 1261 1250 memcpy(data_bh->b_data, buf, inline_size); 1262 1251 set_buffer_uptodate(data_bh); 1252 + unlock_buffer(data_bh); 1263 1253 error = ext4_handle_dirty_metadata(handle, 1264 1254 inode, data_bh); 1265 1255 } else { ··· 1268 1256 buf, inline_size); 1269 1257 } 1270 1258 1271 - unlock_buffer(data_bh); 1272 1259 out_restore: 1273 1260 if (error) 1274 1261 ext4_restore_inline_data(handle, inode, iloc, buf, inline_size);
+11 -9
fs/ext4/inode.c
··· 2783 2783 .can_map = 1, 2784 2784 }; 2785 2785 int ret; 2786 + int alloc_ctx; 2786 2787 2787 2788 if (unlikely(ext4_forced_shutdown(EXT4_SB(sb)))) 2788 2789 return -EIO; 2789 2790 2790 - percpu_down_read(&EXT4_SB(sb)->s_writepages_rwsem); 2791 + alloc_ctx = ext4_writepages_down_read(sb); 2791 2792 ret = ext4_do_writepages(&mpd); 2792 2793 /* 2793 2794 * For data=journal writeback we could have come across pages marked ··· 2797 2796 */ 2798 2797 if (!ret && mpd.journalled_more_data) 2799 2798 ret = ext4_do_writepages(&mpd); 2800 - percpu_up_read(&EXT4_SB(sb)->s_writepages_rwsem); 2799 + ext4_writepages_up_read(sb, alloc_ctx); 2801 2800 2802 2801 return ret; 2803 2802 } ··· 2825 2824 long nr_to_write = wbc->nr_to_write; 2826 2825 struct inode *inode = mapping->host; 2827 2826 struct ext4_sb_info *sbi = EXT4_SB(mapping->host->i_sb); 2827 + int alloc_ctx; 2828 2828 2829 2829 if (unlikely(ext4_forced_shutdown(EXT4_SB(inode->i_sb)))) 2830 2830 return -EIO; 2831 2831 2832 - percpu_down_read(&sbi->s_writepages_rwsem); 2832 + alloc_ctx = ext4_writepages_down_read(inode->i_sb); 2833 2833 trace_ext4_writepages(inode, wbc); 2834 2834 2835 2835 ret = dax_writeback_mapping_range(mapping, sbi->s_daxdev, wbc); 2836 2836 trace_ext4_writepages_result(inode, wbc, ret, 2837 2837 nr_to_write - wbc->nr_to_write); 2838 - percpu_up_read(&sbi->s_writepages_rwsem); 2838 + ext4_writepages_up_read(inode->i_sb, alloc_ctx); 2839 2839 return ret; 2840 2840 } 2841 2841 ··· 3377 3375 */ 3378 3376 flags &= ~IOMAP_WRITE; 3379 3377 ret = ext4_iomap_begin(inode, offset, length, flags, iomap, srcmap); 3380 - WARN_ON_ONCE(iomap->type != IOMAP_MAPPED); 3378 + WARN_ON_ONCE(!ret && iomap->type != IOMAP_MAPPED); 3381 3379 return ret; 3382 3380 } 3383 3381 ··· 5930 5928 journal_t *journal; 5931 5929 handle_t *handle; 5932 5930 int err; 5933 - struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); 5931 + int alloc_ctx; 5934 5932 5935 5933 /* 5936 5934 * We have to be very careful here: changing a data block's ··· 5968 5966 } 5969 5967 } 5970 5968 5971 - percpu_down_write(&sbi->s_writepages_rwsem); 5969 + alloc_ctx = ext4_writepages_down_write(inode->i_sb); 5972 5970 jbd2_journal_lock_updates(journal); 5973 5971 5974 5972 /* ··· 5985 5983 err = jbd2_journal_flush(journal, 0); 5986 5984 if (err < 0) { 5987 5985 jbd2_journal_unlock_updates(journal); 5988 - percpu_up_write(&sbi->s_writepages_rwsem); 5986 + ext4_writepages_up_write(inode->i_sb, alloc_ctx); 5989 5987 return err; 5990 5988 } 5991 5989 ext4_clear_inode_flag(inode, EXT4_INODE_JOURNAL_DATA); ··· 5993 5991 ext4_set_aops(inode); 5994 5992 5995 5993 jbd2_journal_unlock_updates(journal); 5996 - percpu_up_write(&sbi->s_writepages_rwsem); 5994 + ext4_writepages_up_write(inode->i_sb, alloc_ctx); 5997 5995 5998 5996 if (val) 5999 5997 filemap_invalidate_unlock(inode->i_mapping);
+58 -12
fs/ext4/mballoc.c
··· 745 745 MB_CHECK_ASSERT(e4b->bd_info->bb_fragments == fragments); 746 746 747 747 grp = ext4_get_group_info(sb, e4b->bd_group); 748 + if (!grp) 749 + return NULL; 748 750 list_for_each(cur, &grp->bb_prealloc_list) { 749 751 ext4_group_t groupnr; 750 752 struct ext4_prealloc_space *pa; ··· 1062 1060 1063 1061 static noinline_for_stack 1064 1062 void ext4_mb_generate_buddy(struct super_block *sb, 1065 - void *buddy, void *bitmap, ext4_group_t group) 1063 + void *buddy, void *bitmap, ext4_group_t group, 1064 + struct ext4_group_info *grp) 1066 1065 { 1067 - struct ext4_group_info *grp = ext4_get_group_info(sb, group); 1068 1066 struct ext4_sb_info *sbi = EXT4_SB(sb); 1069 1067 ext4_grpblk_t max = EXT4_CLUSTERS_PER_GROUP(sb); 1070 1068 ext4_grpblk_t i = 0; ··· 1183 1181 break; 1184 1182 1185 1183 grinfo = ext4_get_group_info(sb, group); 1184 + if (!grinfo) 1185 + continue; 1186 1186 /* 1187 1187 * If page is uptodate then we came here after online resize 1188 1188 * which added some new uninitialized group info structs, so ··· 1250 1246 group, page->index, i * blocksize); 1251 1247 trace_ext4_mb_buddy_bitmap_load(sb, group); 1252 1248 grinfo = ext4_get_group_info(sb, group); 1249 + if (!grinfo) { 1250 + err = -EFSCORRUPTED; 1251 + goto out; 1252 + } 1253 1253 grinfo->bb_fragments = 0; 1254 1254 memset(grinfo->bb_counters, 0, 1255 1255 sizeof(*grinfo->bb_counters) * ··· 1264 1256 ext4_lock_group(sb, group); 1265 1257 /* init the buddy */ 1266 1258 memset(data, 0xff, blocksize); 1267 - ext4_mb_generate_buddy(sb, data, incore, group); 1259 + ext4_mb_generate_buddy(sb, data, incore, group, grinfo); 1268 1260 ext4_unlock_group(sb, group); 1269 1261 incore = NULL; 1270 1262 } else { ··· 1378 1370 might_sleep(); 1379 1371 mb_debug(sb, "init group %u\n", group); 1380 1372 this_grp = ext4_get_group_info(sb, group); 1373 + if (!this_grp) 1374 + return -EFSCORRUPTED; 1375 + 1381 1376 /* 1382 1377 * This ensures that we don't reinit the buddy cache 1383 1378 * page which map to the group from which we are already ··· 1455 1444 1456 1445 blocks_per_page = PAGE_SIZE / sb->s_blocksize; 1457 1446 grp = ext4_get_group_info(sb, group); 1447 + if (!grp) 1448 + return -EFSCORRUPTED; 1458 1449 1459 1450 e4b->bd_blkbits = sb->s_blocksize_bits; 1460 1451 e4b->bd_info = grp; ··· 2172 2159 struct ext4_group_info *grp = ext4_get_group_info(ac->ac_sb, group); 2173 2160 struct ext4_free_extent ex; 2174 2161 2162 + if (!grp) 2163 + return -EFSCORRUPTED; 2175 2164 if (!(ac->ac_flags & (EXT4_MB_HINT_TRY_GOAL | EXT4_MB_HINT_GOAL_ONLY))) 2176 2165 return 0; 2177 2166 if (grp->bb_free == 0) ··· 2400 2385 2401 2386 BUG_ON(cr < 0 || cr >= 4); 2402 2387 2403 - if (unlikely(EXT4_MB_GRP_BBITMAP_CORRUPT(grp))) 2388 + if (unlikely(EXT4_MB_GRP_BBITMAP_CORRUPT(grp) || !grp)) 2404 2389 return false; 2405 2390 2406 2391 free = grp->bb_free; ··· 2469 2454 ext4_grpblk_t free; 2470 2455 int ret = 0; 2471 2456 2457 + if (!grp) 2458 + return -EFSCORRUPTED; 2472 2459 if (sbi->s_mb_stats) 2473 2460 atomic64_inc(&sbi->s_bal_cX_groups_considered[ac->ac_criteria]); 2474 2461 if (should_lock) { ··· 2551 2534 * prefetch once, so we avoid getblk() call, which can 2552 2535 * be expensive. 2553 2536 */ 2554 - if (!EXT4_MB_GRP_TEST_AND_SET_READ(grp) && 2537 + if (gdp && grp && !EXT4_MB_GRP_TEST_AND_SET_READ(grp) && 2555 2538 EXT4_MB_GRP_NEED_INIT(grp) && 2556 2539 ext4_free_group_clusters(sb, gdp) > 0 && 2557 2540 !(ext4_has_group_desc_csum(sb) && ··· 2595 2578 gdp = ext4_get_group_desc(sb, group, NULL); 2596 2579 grp = ext4_get_group_info(sb, group); 2597 2580 2598 - if (EXT4_MB_GRP_NEED_INIT(grp) && 2581 + if (grp && gdp && EXT4_MB_GRP_NEED_INIT(grp) && 2599 2582 ext4_free_group_clusters(sb, gdp) > 0 && 2600 2583 !(ext4_has_group_desc_csum(sb) && 2601 2584 (gdp->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT)))) { ··· 2854 2837 sizeof(struct ext4_group_info); 2855 2838 2856 2839 grinfo = ext4_get_group_info(sb, group); 2840 + if (!grinfo) 2841 + return 0; 2857 2842 /* Load the group info in memory only if not already loaded. */ 2858 2843 if (unlikely(EXT4_MB_GRP_NEED_INIT(grinfo))) { 2859 2844 err = ext4_mb_load_buddy(sb, group, &e4b); ··· 2866 2847 buddy_loaded = 1; 2867 2848 } 2868 2849 2869 - memcpy(&sg, ext4_get_group_info(sb, group), i); 2850 + memcpy(&sg, grinfo, i); 2870 2851 2871 2852 if (buddy_loaded) 2872 2853 ext4_mb_unload_buddy(&e4b); ··· 3227 3208 3228 3209 err_freebuddy: 3229 3210 cachep = get_groupinfo_cache(sb->s_blocksize_bits); 3230 - while (i-- > 0) 3231 - kmem_cache_free(cachep, ext4_get_group_info(sb, i)); 3211 + while (i-- > 0) { 3212 + struct ext4_group_info *grp = ext4_get_group_info(sb, i); 3213 + 3214 + if (grp) 3215 + kmem_cache_free(cachep, grp); 3216 + } 3232 3217 i = sbi->s_group_info_size; 3233 3218 rcu_read_lock(); 3234 3219 group_info = rcu_dereference(sbi->s_group_info); ··· 3545 3522 for (i = 0; i < ngroups; i++) { 3546 3523 cond_resched(); 3547 3524 grinfo = ext4_get_group_info(sb, i); 3525 + if (!grinfo) 3526 + continue; 3548 3527 mb_group_bb_bitmap_free(grinfo); 3549 3528 ext4_lock_group(sb, i); 3550 3529 count = ext4_mb_cleanup_pa(grinfo); ··· 4631 4606 struct ext4_free_data *entry; 4632 4607 4633 4608 grp = ext4_get_group_info(sb, group); 4609 + if (!grp) 4610 + return; 4634 4611 n = rb_first(&(grp->bb_free_root)); 4635 4612 4636 4613 while (n) { ··· 4659 4632 ext4_grpblk_t start; 4660 4633 int preallocated = 0; 4661 4634 int len; 4635 + 4636 + if (!grp) 4637 + return; 4662 4638 4663 4639 /* all form of preallocation discards first load group, 4664 4640 * so the only competing code is preallocation use. ··· 4899 4869 4900 4870 ei = EXT4_I(ac->ac_inode); 4901 4871 grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); 4872 + if (!grp) 4873 + return; 4902 4874 4903 4875 pa->pa_node_lock.inode_lock = &ei->i_prealloc_lock; 4904 4876 pa->pa_inode = ac->ac_inode; ··· 4950 4918 atomic_add(pa->pa_free, &EXT4_SB(sb)->s_mb_preallocated); 4951 4919 4952 4920 grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); 4921 + if (!grp) 4922 + return; 4953 4923 lg = ac->ac_lg; 4954 4924 BUG_ON(lg == NULL); 4955 4925 ··· 5047 5013 trace_ext4_mb_release_group_pa(sb, pa); 5048 5014 BUG_ON(pa->pa_deleted == 0); 5049 5015 ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit); 5050 - BUG_ON(group != e4b->bd_group && pa->pa_len != 0); 5016 + if (unlikely(group != e4b->bd_group && pa->pa_len != 0)) { 5017 + ext4_warning(sb, "bad group: expected %u, group %u, pa_start %llu", 5018 + e4b->bd_group, group, pa->pa_pstart); 5019 + return 0; 5020 + } 5051 5021 mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len); 5052 5022 atomic_add(pa->pa_len, &EXT4_SB(sb)->s_mb_discarded); 5053 5023 trace_ext4_mballoc_discard(sb, NULL, group, bit, pa->pa_len); ··· 5081 5043 int err; 5082 5044 int free = 0; 5083 5045 5046 + if (!grp) 5047 + return 0; 5084 5048 mb_debug(sb, "discard preallocation for group %u\n", group); 5085 5049 if (list_empty(&grp->bb_prealloc_list)) 5086 5050 goto out_dbg; ··· 5337 5297 struct ext4_prealloc_space *pa; 5338 5298 ext4_grpblk_t start; 5339 5299 struct list_head *cur; 5300 + 5301 + if (!grp) 5302 + continue; 5340 5303 ext4_lock_group(sb, i); 5341 5304 list_for_each(cur, &grp->bb_prealloc_list) { 5342 5305 pa = list_entry(cur, struct ext4_prealloc_space, ··· 6107 6064 struct buffer_head *bitmap_bh = NULL; 6108 6065 struct super_block *sb = inode->i_sb; 6109 6066 struct ext4_group_desc *gdp; 6067 + struct ext4_group_info *grp; 6110 6068 unsigned int overflow; 6111 6069 ext4_grpblk_t bit; 6112 6070 struct buffer_head *gd_bh; ··· 6133 6089 overflow = 0; 6134 6090 ext4_get_group_no_and_offset(sb, block, &block_group, &bit); 6135 6091 6136 - if (unlikely(EXT4_MB_GRP_BBITMAP_CORRUPT( 6137 - ext4_get_group_info(sb, block_group)))) 6092 + grp = ext4_get_group_info(sb, block_group); 6093 + if (unlikely(!grp || EXT4_MB_GRP_BBITMAP_CORRUPT(grp))) 6138 6094 return; 6139 6095 6140 6096 /* ··· 6736 6692 6737 6693 for (group = first_group; group <= last_group; group++) { 6738 6694 grp = ext4_get_group_info(sb, group); 6695 + if (!grp) 6696 + continue; 6739 6697 /* We only do this if the grp has never been initialized */ 6740 6698 if (unlikely(EXT4_MB_GRP_NEED_INIT(grp))) { 6741 6699 ret = ext4_mb_init_group(sb, group, GFP_NOFS);
+6 -5
fs/ext4/migrate.c
··· 408 408 409 409 int ext4_ext_migrate(struct inode *inode) 410 410 { 411 - struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); 412 411 handle_t *handle; 413 412 int retval = 0, i; 414 413 __le32 *i_data; ··· 417 418 unsigned long max_entries; 418 419 __u32 goal, tmp_csum_seed; 419 420 uid_t owner[2]; 421 + int alloc_ctx; 420 422 421 423 /* 422 424 * If the filesystem does not support extents, or the inode ··· 434 434 */ 435 435 return retval; 436 436 437 - percpu_down_write(&sbi->s_writepages_rwsem); 437 + alloc_ctx = ext4_writepages_down_write(inode->i_sb); 438 438 439 439 /* 440 440 * Worst case we can touch the allocation bitmaps and a block ··· 586 586 unlock_new_inode(tmp_inode); 587 587 iput(tmp_inode); 588 588 out_unlock: 589 - percpu_up_write(&sbi->s_writepages_rwsem); 589 + ext4_writepages_up_write(inode->i_sb, alloc_ctx); 590 590 return retval; 591 591 } 592 592 ··· 605 605 ext4_fsblk_t blk; 606 606 handle_t *handle; 607 607 int ret, ret2 = 0; 608 + int alloc_ctx; 608 609 609 610 if (!ext4_has_feature_extents(inode->i_sb) || 610 611 (!ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS))) ··· 622 621 if (test_opt(inode->i_sb, DELALLOC)) 623 622 ext4_alloc_da_blocks(inode); 624 623 625 - percpu_down_write(&sbi->s_writepages_rwsem); 624 + alloc_ctx = ext4_writepages_down_write(inode->i_sb); 626 625 627 626 handle = ext4_journal_start(inode, EXT4_HT_MIGRATE, 1); 628 627 if (IS_ERR(handle)) { ··· 666 665 ext4_journal_stop(handle); 667 666 up_write(&EXT4_I(inode)->i_data_sem); 668 667 out_unlock: 669 - percpu_up_write(&sbi->s_writepages_rwsem); 668 + ext4_writepages_up_write(inode->i_sb, alloc_ctx); 670 669 return ret; 671 670 }
+21 -9
fs/ext4/mmp.c
··· 39 39 * Write the MMP block using REQ_SYNC to try to get the block on-disk 40 40 * faster. 41 41 */ 42 - static int write_mmp_block(struct super_block *sb, struct buffer_head *bh) 42 + static int write_mmp_block_thawed(struct super_block *sb, 43 + struct buffer_head *bh) 43 44 { 44 45 struct mmp_struct *mmp = (struct mmp_struct *)(bh->b_data); 45 46 46 - /* 47 - * We protect against freezing so that we don't create dirty buffers 48 - * on frozen filesystem. 49 - */ 50 - sb_start_write(sb); 51 47 ext4_mmp_csum_set(sb, mmp); 52 48 lock_buffer(bh); 53 49 bh->b_end_io = end_buffer_write_sync; 54 50 get_bh(bh); 55 51 submit_bh(REQ_OP_WRITE | REQ_SYNC | REQ_META | REQ_PRIO, bh); 56 52 wait_on_buffer(bh); 57 - sb_end_write(sb); 58 53 if (unlikely(!buffer_uptodate(bh))) 59 54 return -EIO; 60 - 61 55 return 0; 56 + } 57 + 58 + static int write_mmp_block(struct super_block *sb, struct buffer_head *bh) 59 + { 60 + int err; 61 + 62 + /* 63 + * We protect against freezing so that we don't create dirty buffers 64 + * on frozen filesystem. 65 + */ 66 + sb_start_write(sb); 67 + err = write_mmp_block_thawed(sb, bh); 68 + sb_end_write(sb); 69 + return err; 62 70 } 63 71 64 72 /* ··· 352 344 seq = mmp_new_seq(); 353 345 mmp->mmp_seq = cpu_to_le32(seq); 354 346 355 - retval = write_mmp_block(sb, bh); 347 + /* 348 + * On mount / remount we are protected against fs freezing (by s_umount 349 + * semaphore) and grabbing freeze protection upsets lockdep 350 + */ 351 + retval = write_mmp_block_thawed(sb, bh); 356 352 if (retval) 357 353 goto failed; 358 354
+37 -16
fs/ext4/namei.c
··· 674 674 len = de->name_len; 675 675 if (!IS_ENCRYPTED(dir)) { 676 676 /* Directory is not encrypted */ 677 - ext4fs_dirhash(dir, de->name, 677 + (void) ext4fs_dirhash(dir, de->name, 678 678 de->name_len, &h); 679 679 printk("%*.s:(U)%x.%u ", len, 680 680 name, h.hash, ··· 709 709 if (IS_CASEFOLDED(dir)) 710 710 h.hash = EXT4_DIRENT_HASH(de); 711 711 else 712 - ext4fs_dirhash(dir, de->name, 713 - de->name_len, &h); 712 + (void) ext4fs_dirhash(dir, 713 + de->name, 714 + de->name_len, &h); 714 715 printk("%*.s:(E)%x.%u ", len, name, 715 716 h.hash, (unsigned) ((char *) de 716 717 - base)); ··· 721 720 #else 722 721 int len = de->name_len; 723 722 char *name = de->name; 724 - ext4fs_dirhash(dir, de->name, de->name_len, &h); 723 + (void) ext4fs_dirhash(dir, de->name, 724 + de->name_len, &h); 725 725 printk("%*.s:%x.%u ", len, name, h.hash, 726 726 (unsigned) ((char *) de - base)); 727 727 #endif ··· 851 849 hinfo->seed = EXT4_SB(dir->i_sb)->s_hash_seed; 852 850 /* hash is already computed for encrypted casefolded directory */ 853 851 if (fname && fname_name(fname) && 854 - !(IS_ENCRYPTED(dir) && IS_CASEFOLDED(dir))) 855 - ext4fs_dirhash(dir, fname_name(fname), fname_len(fname), hinfo); 852 + !(IS_ENCRYPTED(dir) && IS_CASEFOLDED(dir))) { 853 + int ret = ext4fs_dirhash(dir, fname_name(fname), 854 + fname_len(fname), hinfo); 855 + if (ret < 0) { 856 + ret_err = ERR_PTR(ret); 857 + goto fail; 858 + } 859 + } 856 860 hash = hinfo->hash; 857 861 858 862 if (root->info.unused_flags & 1) { ··· 1119 1111 hinfo->minor_hash = 0; 1120 1112 } 1121 1113 } else { 1122 - ext4fs_dirhash(dir, de->name, de->name_len, hinfo); 1114 + err = ext4fs_dirhash(dir, de->name, 1115 + de->name_len, hinfo); 1116 + if (err < 0) { 1117 + count = err; 1118 + goto errout; 1119 + } 1123 1120 } 1124 1121 if ((hinfo->hash < start_hash) || 1125 1122 ((hinfo->hash == start_hash) && ··· 1326 1313 if (de->name_len && de->inode) { 1327 1314 if (ext4_hash_in_dirent(dir)) 1328 1315 h.hash = EXT4_DIRENT_HASH(de); 1329 - else 1330 - ext4fs_dirhash(dir, de->name, de->name_len, &h); 1316 + else { 1317 + int err = ext4fs_dirhash(dir, de->name, 1318 + de->name_len, &h); 1319 + if (err < 0) 1320 + return err; 1321 + } 1331 1322 map_tail--; 1332 1323 map_tail->hash = h.hash; 1333 1324 map_tail->offs = ((char *) de - base)>>2; ··· 1469 1452 hinfo->hash_version = DX_HASH_SIPHASH; 1470 1453 hinfo->seed = NULL; 1471 1454 if (cf_name->name) 1472 - ext4fs_dirhash(dir, cf_name->name, cf_name->len, hinfo); 1455 + return ext4fs_dirhash(dir, cf_name->name, cf_name->len, hinfo); 1473 1456 else 1474 - ext4fs_dirhash(dir, iname->name, iname->len, hinfo); 1475 - return 0; 1457 + return ext4fs_dirhash(dir, iname->name, iname->len, hinfo); 1476 1458 } 1477 1459 #endif 1478 1460 ··· 2314 2298 fname->hinfo.seed = EXT4_SB(dir->i_sb)->s_hash_seed; 2315 2299 2316 2300 /* casefolded encrypted hashes are computed on fname setup */ 2317 - if (!ext4_hash_in_dirent(dir)) 2318 - ext4fs_dirhash(dir, fname_name(fname), 2319 - fname_len(fname), &fname->hinfo); 2320 - 2301 + if (!ext4_hash_in_dirent(dir)) { 2302 + int err = ext4fs_dirhash(dir, fname_name(fname), 2303 + fname_len(fname), &fname->hinfo); 2304 + if (err < 0) { 2305 + brelse(bh2); 2306 + brelse(bh); 2307 + return err; 2308 + } 2309 + } 2321 2310 memset(frames, 0, sizeof(frames)); 2322 2311 frame = frames; 2323 2312 frame->entries = entries;
+25 -12
fs/ext4/super.c
··· 1048 1048 struct ext4_group_desc *gdp = ext4_get_group_desc(sb, group, NULL); 1049 1049 int ret; 1050 1050 1051 + if (!grp || !gdp) 1052 + return; 1051 1053 if (flags & EXT4_GROUP_INFO_BBITMAP_CORRUPT) { 1052 1054 ret = ext4_test_and_set_bit(EXT4_GROUP_INFO_BBITMAP_CORRUPT_BIT, 1053 1055 &grp->bb_state); ··· 3240 3238 crc = crc16(crc, (__u8 *)gdp, offset); 3241 3239 offset += sizeof(gdp->bg_checksum); /* skip checksum */ 3242 3240 /* for checksum of struct ext4_group_desc do the rest...*/ 3243 - if (ext4_has_feature_64bit(sb) && 3244 - offset < le16_to_cpu(sbi->s_es->s_desc_size)) 3241 + if (ext4_has_feature_64bit(sb) && offset < sbi->s_desc_size) 3245 3242 crc = crc16(crc, (__u8 *)gdp + offset, 3246 - le16_to_cpu(sbi->s_es->s_desc_size) - 3247 - offset); 3243 + sbi->s_desc_size - offset); 3248 3244 3249 3245 out: 3250 3246 return cpu_to_le16(crc); ··· 5684 5684 descr = "out journal"; 5685 5685 5686 5686 if (___ratelimit(&ext4_mount_msg_ratelimit, "EXT4-fs mount")) 5687 - ext4_msg(sb, KERN_INFO, "mounted filesystem %pU with%s. " 5688 - "Quota mode: %s.", &sb->s_uuid, descr, 5687 + ext4_msg(sb, KERN_INFO, "mounted filesystem %pU %s with%s. " 5688 + "Quota mode: %s.", &sb->s_uuid, 5689 + sb_rdonly(sb) ? "ro" : "r/w", descr, 5689 5690 ext4_quota_mode(sb)); 5690 5691 5691 5692 /* Update the s_overhead_clusters if necessary */ ··· 6388 6387 struct ext4_mount_options old_opts; 6389 6388 ext4_group_t g; 6390 6389 int err = 0; 6390 + int enable_rw = 0; 6391 6391 #ifdef CONFIG_QUOTA 6392 6392 int enable_quota = 0; 6393 6393 int i, j; ··· 6575 6573 if (err) 6576 6574 goto restore_opts; 6577 6575 6578 - sb->s_flags &= ~SB_RDONLY; 6576 + enable_rw = 1; 6579 6577 if (ext4_has_feature_mmp(sb)) { 6580 6578 err = ext4_multi_mount_protect(sb, 6581 6579 le64_to_cpu(es->s_mmp_block)); ··· 6618 6616 } 6619 6617 6620 6618 #ifdef CONFIG_QUOTA 6621 - /* Release old quota file names */ 6622 - for (i = 0; i < EXT4_MAXQUOTAS; i++) 6623 - kfree(old_opts.s_qf_names[i]); 6624 6619 if (enable_quota) { 6625 6620 if (sb_any_quota_suspended(sb)) 6626 6621 dquot_resume(sb, -1); ··· 6627 6628 goto restore_opts; 6628 6629 } 6629 6630 } 6631 + /* Release old quota file names */ 6632 + for (i = 0; i < EXT4_MAXQUOTAS; i++) 6633 + kfree(old_opts.s_qf_names[i]); 6630 6634 #endif 6631 6635 if (!test_opt(sb, BLOCK_VALIDITY) && sbi->s_system_blks) 6632 6636 ext4_release_system_zone(sb); 6637 + 6638 + if (enable_rw) 6639 + sb->s_flags &= ~SB_RDONLY; 6633 6640 6634 6641 if (!ext4_has_feature_mmp(sb) || sb_rdonly(sb)) 6635 6642 ext4_stop_mmpd(sbi); ··· 6643 6638 return 0; 6644 6639 6645 6640 restore_opts: 6641 + /* 6642 + * If there was a failing r/w to ro transition, we may need to 6643 + * re-enable quota 6644 + */ 6645 + if ((sb->s_flags & SB_RDONLY) && !(old_sb_flags & SB_RDONLY) && 6646 + sb_any_quota_suspended(sb)) 6647 + dquot_resume(sb, -1); 6646 6648 sb->s_flags = old_sb_flags; 6647 6649 sbi->s_mount_opt = old_opts.s_mount_opt; 6648 6650 sbi->s_mount_opt2 = old_opts.s_mount_opt2; ··· 6690 6678 if (ret < 0) 6691 6679 return ret; 6692 6680 6693 - ext4_msg(sb, KERN_INFO, "re-mounted %pU. Quota mode: %s.", 6694 - &sb->s_uuid, ext4_quota_mode(sb)); 6681 + ext4_msg(sb, KERN_INFO, "re-mounted %pU %s. Quota mode: %s.", 6682 + &sb->s_uuid, sb_rdonly(sb) ? "ro" : "r/w", 6683 + ext4_quota_mode(sb)); 6695 6684 6696 6685 return 0; 6697 6686 }
+3 -2
fs/ext4/xattr.c
··· 2614 2614 .in_inode = !!entry->e_value_inum, 2615 2615 }; 2616 2616 struct ext4_xattr_ibody_header *header = IHDR(inode, raw_inode); 2617 + int needs_kvfree = 0; 2617 2618 int error; 2618 2619 2619 2620 is = kzalloc(sizeof(struct ext4_xattr_ibody_find), GFP_NOFS); ··· 2637 2636 error = -ENOMEM; 2638 2637 goto out; 2639 2638 } 2640 - 2639 + needs_kvfree = 1; 2641 2640 error = ext4_xattr_inode_get(inode, entry, buffer, value_size); 2642 2641 if (error) 2643 2642 goto out; ··· 2676 2675 2677 2676 out: 2678 2677 kfree(b_entry_name); 2679 - if (entry->e_value_inum && buffer) 2678 + if (needs_kvfree && buffer) 2680 2679 kvfree(buffer); 2681 2680 if (is) 2682 2681 brelse(is->iloc.bh);