From: Ye Bin yebin10@huawei.com
hulk inclusion category: bugfix bugzilla: 50785 CVE: NA
-----------------------------------------------
We got follow bug_on: [130747.323114] kernel BUG at fs/ext4/extents_status.c:762! [130747.323117] Internal error: Oops - BUG: 0 [#1] SMP ...... [130747.334329] Call trace: [130747.334553] ext4_es_cache_extent+0x150/0x168 [ext4] [130747.334975] ext4_cache_extents+0x64/0xe8 [ext4] [130747.335368] ext4_find_extent+0x300/0x330 [ext4] [130747.335759] ext4_ext_map_blocks+0x74/0x1178 [ext4] [130747.336179] ext4_map_blocks+0x2f4/0x5f0 [ext4] [130747.336567] ext4_mpage_readpages+0x4a8/0x7a8 [ext4] [130747.336995] ext4_readpage+0x54/0x100 [ext4] [130747.337359] generic_file_buffered_read+0x410/0xae8 [130747.337767] generic_file_read_iter+0x114/0x190 [130747.338152] ext4_file_read_iter+0x5c/0x140 [ext4] [130747.338556] __vfs_read+0x11c/0x188 [130747.338851] vfs_read+0x94/0x150 [130747.339110] ksys_read+0x74/0xf0
If call ext4_ext_insert_extent failed but new extent already inserted, we just update "ex->ee_len = orig_ex.ee_len", this will lead to extent overlap, then cause bug on when cache extent.
Signed-off-by: Ye Bin yebin10@huawei.com Reviewed-by: zhangyi (F) yi.zhang@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- fs/ext4/extents.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c index ebf024258e3c2..3bc2cb4cc5cc5 100644 --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c @@ -3331,7 +3331,7 @@ static int ext4_split_extent_at(handle_t *handle,
goto out; } else if (err) - goto fix_extent_len; + goto err;
out: ext4_ext_show_leaf(inode, path); @@ -3339,6 +3339,7 @@ static int ext4_split_extent_at(handle_t *handle,
fix_extent_len: ex->ee_len = orig_ex.ee_len; +err: ext4_ext_dirty(handle, inode, path + path->p_depth); return err; }