hulk inclusion category: bugfix bugzilla: 189306, https://gitee.com/openeuler/kernel/issues/I8BBWH CVE: NA
----------------------------------------
We need destination address when we do dio read, and this addr can come from mmap results for a journal data mode inode. Then dio_bio_complete will dirty the page which the mmap addr point to(since we have fill dirty data for this page). ext4_journalled_set_page_dirty will first set PageChecked and then dirty page(do not dirty buffer), which leave __ext4_journalled_writepage in ext4_writepage to do the rest thing needed for journal data mode.
We need first start handle and then lock the page, so in __ext4_journalled_writepage we first unlock the page and latter call ext4_journal_start; after we relock the page, we do some check to prevent the concurrence truncate and then walk through buffer to help join journal. Actually, once we unlock the page, since we has not add extra buffer refcount, so the buffer can also gone(concurrent happened for jbd2_journal_commit_transaction and jbd2_log_do_checkpoint can remove the extra buffer head ref and clear buffer dirty, so drop cache can release buffer), and upper walk through buffer will trigger the BUG_ON in page_buffers.
The problem does not exist in mainline since 3f079114bf52 ("ext4: Convert data=journal writeback to use ext4_writepages()") delete all this code, and this patchset seems too complex to do the backport. So we just fix it with a simpler way, check buffer valid before walk through buffer.
Signed-off-by: yangerkun yangerkun@huawei.com --- fs/ext4/inode.c | 7 +++++++ 1 file changed, 7 insertions(+)
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 9379a062dba4..0b5521cec637 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -1911,6 +1911,13 @@ static int __ext4_journalled_writepage(struct page *page, goto out; }
+ if (!page_has_buffers(page)) { + /* Check buffer valid since we ever unlock this page */ + ext4_journal_stop(handle); + ClearPageDirty(page); + goto out; + } + if (inline_data) { ret = ext4_mark_inode_dirty(handle, inode); } else {
反馈: 您发送到kernel@openeuler.org的补丁/补丁集,已成功转换为PR! PR链接地址: https://gitee.com/openeuler/kernel/pulls/2716 邮件列表地址:https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/K...
FeedBack: The patch(es) which you have sent to kernel@openeuler.org mailing list has been converted to a pull request successfully! Pull request link: https://gitee.com/openeuler/kernel/pulls/2716 Mailing list address: https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/K...
-
patchwork bot -
yangerkun