From: Jan Kara jack@suse.cz
mainline inclusion from mainline-5.5-rc1 commit 3c845acd0237caef617f330a0e3b37ad8ae9fea5 category: bugfix bugzilla: 25031 CVE: NA ---------------------------
The helper jbd2_handle_buffer_credits() doesn't correctly handle reserved handles which can lead to crashes. Fix it getting of journal pointer to work for reserved handles as well.
Fixes: a9a8344ee171 ("ext4, jbd2: Provide accessor function for handle credits") Reported-by: Eric Biggers ebiggers@kernel.org Signed-off-by: Jan Kara jack@suse.cz Link: https://lore.kernel.org/r/20191115102210.29445-1-jack@suse.cz Signed-off-by: Theodore Ts'o tytso@mit.edu
Signed-off-by: zhangyi (F) yi.zhang@huawei.com Reviewed-by: Yang Erkun yangerkun@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- include/linux/jbd2.h | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/include/linux/jbd2.h b/include/linux/jbd2.h index ee6de17e..7dd9d25 100644 --- a/include/linux/jbd2.h +++ b/include/linux/jbd2.h @@ -1654,10 +1654,14 @@ static inline tid_t jbd2_get_latest_transaction(journal_t *journal) return tid; }
- static inline int jbd2_handle_buffer_credits(handle_t *handle) { - journal_t *journal = handle->h_transaction->t_journal; + journal_t *journal; + + if (!handle->h_reserved) + journal = handle->h_transaction->t_journal; + else + journal = handle->h_journal;
return handle->h_total_credits - DIV_ROUND_UP(handle->h_revoke_credits_requested,