<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/fs/jbd2, branch linux-4.1.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>ext4: set h_journal if there is a failure starting a reserved handle</title>
<updated>2018-05-23T01:36:37+00:00</updated>
<author>
<name>Theodore Ts'o</name>
<email>tytso@mit.edu</email>
</author>
<published>2018-04-18T15:49:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=cfc992934dea5d019a24edb2a79274727aa0de48'/>
<id>cfc992934dea5d019a24edb2a79274727aa0de48</id>
<content type='text'>
[ Upstream commit b2569260d55228b617bd82aba6d0db2faeeb4116 ]

If ext4 tries to start a reserved handle via
jbd2_journal_start_reserved(), and the journal has been aborted, this
can result in a NULL pointer dereference.  This is because the fields
h_journal and h_transaction in the handle structure share the same
memory, via a union, so jbd2_journal_start_reserved() will clear
h_journal before calling start_this_handle().  If this function fails
due to an aborted handle, h_journal will still be NULL, and the call
to jbd2_journal_free_reserved() will pass a NULL journal to
sub_reserve_credits().

This can be reproduced by running "kvm-xfstests -c dioread_nolock
generic/475".

Cc: stable@kernel.org # 3.11
Fixes: 8f7d89f36829b ("jbd2: transaction reservation support")
Signed-off-by: Theodore Ts'o &lt;tytso@mit.edu&gt;
Reviewed-by: Andreas Dilger &lt;adilger@dilger.ca&gt;
Reviewed-by: Jan Kara &lt;jack@suse.cz&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@microsoft.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit b2569260d55228b617bd82aba6d0db2faeeb4116 ]

If ext4 tries to start a reserved handle via
jbd2_journal_start_reserved(), and the journal has been aborted, this
can result in a NULL pointer dereference.  This is because the fields
h_journal and h_transaction in the handle structure share the same
memory, via a union, so jbd2_journal_start_reserved() will clear
h_journal before calling start_this_handle().  If this function fails
due to an aborted handle, h_journal will still be NULL, and the call
to jbd2_journal_free_reserved() will pass a NULL journal to
sub_reserve_credits().

This can be reproduced by running "kvm-xfstests -c dioread_nolock
generic/475".

Cc: stable@kernel.org # 3.11
Fixes: 8f7d89f36829b ("jbd2: transaction reservation support")
Signed-off-by: Theodore Ts'o &lt;tytso@mit.edu&gt;
Reviewed-by: Andreas Dilger &lt;adilger@dilger.ca&gt;
Reviewed-by: Jan Kara &lt;jack@suse.cz&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@microsoft.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>jbd2: fix use after free in kjournald2()</title>
<updated>2018-05-23T01:36:36+00:00</updated>
<author>
<name>Sahitya Tummala</name>
<email>stummala@codeaurora.org</email>
</author>
<published>2017-02-02T01:49:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=0759c1c2f140ec56a9fec96dddf9e5beb89f3b48'/>
<id>0759c1c2f140ec56a9fec96dddf9e5beb89f3b48</id>
<content type='text'>
[ Upstream commit dbfcef6b0f4012c57bc0b6e0e660d5ed12a5eaed ]

Below is the synchronization issue between unmount and kjournald2
contexts, which results into use after free issue in kjournald2().
Fix this issue by using journal-&gt;j_state_lock to synchronize the
wait_event() done in journal_kill_thread() and the wake_up() done
in kjournald2().

TASK 1:
umount cmd:
   |--jbd2_journal_destroy() {
       |--journal_kill_thread() {
            write_lock(&amp;journal-&gt;j_state_lock);
	    journal-&gt;j_flags |= JBD2_UNMOUNT;
	    ...
	    write_unlock(&amp;journal-&gt;j_state_lock);
	    wake_up(&amp;journal-&gt;j_wait_commit);	   TASK 2 wakes up here:
	    					   kjournald2() {
						     ...
						     checks JBD2_UNMOUNT flag and calls goto end-loop;
						     ...
						     end_loop:
						       write_unlock(&amp;journal-&gt;j_state_lock);
						       journal-&gt;j_task = NULL; --&gt; If this thread gets
						       pre-empted here, then TASK 1 wait_event will
						       exit even before this thread is completely
						       done.
	    wait_event(journal-&gt;j_wait_done_commit, journal-&gt;j_task == NULL);
	    ...
	    write_lock(&amp;journal-&gt;j_state_lock);
	    write_unlock(&amp;journal-&gt;j_state_lock);
	  }
       |--kfree(journal);
     }
}
						       wake_up(&amp;journal-&gt;j_wait_done_commit); --&gt; this step
						       now results into use after free issue.
						   }

Signed-off-by: Sahitya Tummala &lt;stummala@codeaurora.org&gt;
Signed-off-by: Theodore Ts'o &lt;tytso@mit.edu&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@microsoft.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit dbfcef6b0f4012c57bc0b6e0e660d5ed12a5eaed ]

Below is the synchronization issue between unmount and kjournald2
contexts, which results into use after free issue in kjournald2().
Fix this issue by using journal-&gt;j_state_lock to synchronize the
wait_event() done in journal_kill_thread() and the wake_up() done
in kjournald2().

TASK 1:
umount cmd:
   |--jbd2_journal_destroy() {
       |--journal_kill_thread() {
            write_lock(&amp;journal-&gt;j_state_lock);
	    journal-&gt;j_flags |= JBD2_UNMOUNT;
	    ...
	    write_unlock(&amp;journal-&gt;j_state_lock);
	    wake_up(&amp;journal-&gt;j_wait_commit);	   TASK 2 wakes up here:
	    					   kjournald2() {
						     ...
						     checks JBD2_UNMOUNT flag and calls goto end-loop;
						     ...
						     end_loop:
						       write_unlock(&amp;journal-&gt;j_state_lock);
						       journal-&gt;j_task = NULL; --&gt; If this thread gets
						       pre-empted here, then TASK 1 wait_event will
						       exit even before this thread is completely
						       done.
	    wait_event(journal-&gt;j_wait_done_commit, journal-&gt;j_task == NULL);
	    ...
	    write_lock(&amp;journal-&gt;j_state_lock);
	    write_unlock(&amp;journal-&gt;j_state_lock);
	  }
       |--kfree(journal);
     }
}
						       wake_up(&amp;journal-&gt;j_wait_done_commit); --&gt; this step
						       now results into use after free issue.
						   }

Signed-off-by: Sahitya Tummala &lt;stummala@codeaurora.org&gt;
Signed-off-by: Theodore Ts'o &lt;tytso@mit.edu&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@microsoft.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>jbd2: if the journal is aborted then don't allow update of the log tail</title>
<updated>2018-05-23T01:36:33+00:00</updated>
<author>
<name>Theodore Ts'o</name>
<email>tytso@mit.edu</email>
</author>
<published>2018-02-19T17:22:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=63df8d82efef1be1d8f6c55d8582e4aeaf7ab800'/>
<id>63df8d82efef1be1d8f6c55d8582e4aeaf7ab800</id>
<content type='text'>
[ Upstream commit 85e0c4e89c1b864e763c4e3bb15d0b6d501ad5d9 ]

This updates the jbd2 superblock unnecessarily, and on an abort we
shouldn't truncate the log.

Signed-off-by: Theodore Ts'o &lt;tytso@mit.edu&gt;
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin &lt;alexander.levin@microsoft.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 85e0c4e89c1b864e763c4e3bb15d0b6d501ad5d9 ]

This updates the jbd2 superblock unnecessarily, and on an abort we
shouldn't truncate the log.

Signed-off-by: Theodore Ts'o &lt;tytso@mit.edu&gt;
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin &lt;alexander.levin@microsoft.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>jbd2: don't leak modified metadata buffers on an aborted journal</title>
<updated>2017-05-17T19:06:58+00:00</updated>
<author>
<name>Theodore Ts'o</name>
<email>tytso@mit.edu</email>
</author>
<published>2017-02-05T04:14:19+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=4c47ad359cc865fb6ea8c2ab0f20875bc4d538c0'/>
<id>4c47ad359cc865fb6ea8c2ab0f20875bc4d538c0</id>
<content type='text'>
[ Upstream commit e112666b4959b25a8552d63bc564e1059be703e8 ]

If the journal has been aborted, we shouldn't mark the underlying
buffer head as dirty, since that will cause the metadata block to get
modified.  And if the journal has been aborted, we shouldn't allow
this since it will almost certainly lead to a corrupted file system.

Signed-off-by: Theodore Ts'o &lt;tytso@mit.edu&gt;
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit e112666b4959b25a8552d63bc564e1059be703e8 ]

If the journal has been aborted, we shouldn't mark the underlying
buffer head as dirty, since that will cause the metadata block to get
modified.  And if the journal has been aborted, we shouldn't allow
this since it will almost certainly lead to a corrupted file system.

Signed-off-by: Theodore Ts'o &lt;tytso@mit.edu&gt;
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>jbd2: fix incorrect unlock on j_list_lock</title>
<updated>2016-11-01T18:37:42+00:00</updated>
<author>
<name>Taesoo Kim</name>
<email>tsgatesv@gmail.com</email>
</author>
<published>2016-10-13T03:19:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=dcf4c1144f3af47e451773d4f989db255c46ff11'/>
<id>dcf4c1144f3af47e451773d4f989db255c46ff11</id>
<content type='text'>
[ Upstream commit 559cce698eaf4ccecb2213b2519ea3a0413e5155 ]

When 'jh-&gt;b_transaction == transaction' (asserted by below)

  J_ASSERT_JH(jh, (jh-&gt;b_transaction == transaction || ...

'journal-&gt;j_list_lock' will be incorrectly unlocked, since
the the lock is aquired only at the end of if / else-if
statements (missing the else case).

Signed-off-by: Taesoo Kim &lt;tsgatesv@gmail.com&gt;
Signed-off-by: Theodore Ts'o &lt;tytso@mit.edu&gt;
Reviewed-by: Andreas Dilger &lt;adilger@dilger.ca&gt;
Fixes: 6e4862a5bb9d12be87e4ea5d9a60836ebed71d28
Cc: stable@vger.kernel.org # 3.14+
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 559cce698eaf4ccecb2213b2519ea3a0413e5155 ]

When 'jh-&gt;b_transaction == transaction' (asserted by below)

  J_ASSERT_JH(jh, (jh-&gt;b_transaction == transaction || ...

'journal-&gt;j_list_lock' will be incorrectly unlocked, since
the the lock is aquired only at the end of if / else-if
statements (missing the else case).

Signed-off-by: Taesoo Kim &lt;tsgatesv@gmail.com&gt;
Signed-off-by: Theodore Ts'o &lt;tytso@mit.edu&gt;
Reviewed-by: Andreas Dilger &lt;adilger@dilger.ca&gt;
Fixes: 6e4862a5bb9d12be87e4ea5d9a60836ebed71d28
Cc: stable@vger.kernel.org # 3.14+
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>jbd2: fix FS corruption possibility in jbd2_journal_destroy() on umount path</title>
<updated>2016-04-18T12:50:52+00:00</updated>
<author>
<name>OGAWA Hirofumi</name>
<email>hirofumi@mail.parknet.co.jp</email>
</author>
<published>2016-03-10T04:47:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=3b6a70271a4e1e72585b3a7236cbd17d646b38d1'/>
<id>3b6a70271a4e1e72585b3a7236cbd17d646b38d1</id>
<content type='text'>
[ Upstream commit c0a2ad9b50dd80eeccd73d9ff962234590d5ec93 ]

On umount path, jbd2_journal_destroy() writes latest transaction ID
(-&gt;j_tail_sequence) to be used at next mount.

The bug is that -&gt;j_tail_sequence is not holding latest transaction ID
in some cases. So, at next mount, there is chance to conflict with
remaining (not overwritten yet) transactions.

	mount (id=10)
	write transaction (id=11)
	write transaction (id=12)
	umount (id=10) &lt;= the bug doesn't write latest ID

	mount (id=10)
	write transaction (id=11)
	crash

	mount
	[recovery process]
		transaction (id=11)
		transaction (id=12) &lt;= valid transaction ID, but old commit
                                       must not replay

Like above, this bug become the cause of recovery failure, or FS
corruption.

So why -&gt;j_tail_sequence doesn't point latest ID?

Because if checkpoint transactions was reclaimed by memory pressure
(i.e. bdev_try_to_free_page()), then -&gt;j_tail_sequence is not updated.
(And another case is, __jbd2_journal_clean_checkpoint_list() is called
with empty transaction.)

So in above cases, -&gt;j_tail_sequence is not pointing latest
transaction ID at umount path. Plus, REQ_FLUSH for checkpoint is not
done too.

So, to fix this problem with minimum changes, this patch updates
-&gt;j_tail_sequence, and issue REQ_FLUSH.  (With more complex changes,
some optimizations would be possible to avoid unnecessary REQ_FLUSH
for example though.)

BTW,

	journal-&gt;j_tail_sequence =
		++journal-&gt;j_transaction_sequence;

Increment of -&gt;j_transaction_sequence seems to be unnecessary, but
ext3 does this.

Signed-off-by: OGAWA Hirofumi &lt;hirofumi@mail.parknet.co.jp&gt;
Signed-off-by: Theodore Ts'o &lt;tytso@mit.edu&gt;
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin &lt;sasha.levin@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit c0a2ad9b50dd80eeccd73d9ff962234590d5ec93 ]

On umount path, jbd2_journal_destroy() writes latest transaction ID
(-&gt;j_tail_sequence) to be used at next mount.

The bug is that -&gt;j_tail_sequence is not holding latest transaction ID
in some cases. So, at next mount, there is chance to conflict with
remaining (not overwritten yet) transactions.

	mount (id=10)
	write transaction (id=11)
	write transaction (id=12)
	umount (id=10) &lt;= the bug doesn't write latest ID

	mount (id=10)
	write transaction (id=11)
	crash

	mount
	[recovery process]
		transaction (id=11)
		transaction (id=12) &lt;= valid transaction ID, but old commit
                                       must not replay

Like above, this bug become the cause of recovery failure, or FS
corruption.

So why -&gt;j_tail_sequence doesn't point latest ID?

Because if checkpoint transactions was reclaimed by memory pressure
(i.e. bdev_try_to_free_page()), then -&gt;j_tail_sequence is not updated.
(And another case is, __jbd2_journal_clean_checkpoint_list() is called
with empty transaction.)

So in above cases, -&gt;j_tail_sequence is not pointing latest
transaction ID at umount path. Plus, REQ_FLUSH for checkpoint is not
done too.

So, to fix this problem with minimum changes, this patch updates
-&gt;j_tail_sequence, and issue REQ_FLUSH.  (With more complex changes,
some optimizations would be possible to avoid unnecessary REQ_FLUSH
for example though.)

BTW,

	journal-&gt;j_tail_sequence =
		++journal-&gt;j_transaction_sequence;

Increment of -&gt;j_transaction_sequence seems to be unnecessary, but
ext3 does this.

Signed-off-by: OGAWA Hirofumi &lt;hirofumi@mail.parknet.co.jp&gt;
Signed-off-by: Theodore Ts'o &lt;tytso@mit.edu&gt;
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin &lt;sasha.levin@oracle.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ext4, jbd2: ensure entering into panic after recording an error in superblock</title>
<updated>2015-12-15T05:24:35+00:00</updated>
<author>
<name>Daeho Jeong</name>
<email>daeho.jeong@samsung.com</email>
</author>
<published>2015-10-18T21:02:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=3e447b618b9d6f486ab441bc4bd4507628318209'/>
<id>3e447b618b9d6f486ab441bc4bd4507628318209</id>
<content type='text'>
commit 4327ba52afd03fc4b5afa0ee1d774c9c5b0e85c5 upstream.

If a EXT4 filesystem utilizes JBD2 journaling and an error occurs, the
journaling will be aborted first and the error number will be recorded
into JBD2 superblock and, finally, the system will enter into the
panic state in "errors=panic" option.  But, in the rare case, this
sequence is little twisted like the below figure and it will happen
that the system enters into panic state, which means the system reset
in mobile environment, before completion of recording an error in the
journal superblock. In this case, e2fsck cannot recognize that the
filesystem failure occurred in the previous run and the corruption
wouldn't be fixed.

Task A                        Task B
ext4_handle_error()
-&gt; jbd2_journal_abort()
  -&gt; __journal_abort_soft()
    -&gt; __jbd2_journal_abort_hard()
    | -&gt; journal-&gt;j_flags |= JBD2_ABORT;
    |
    |                         __ext4_abort()
    |                         -&gt; jbd2_journal_abort()
    |                         | -&gt; __journal_abort_soft()
    |                         |   -&gt; if (journal-&gt;j_flags &amp; JBD2_ABORT)
    |                         |           return;
    |                         -&gt; panic()
    |
    -&gt; jbd2_journal_update_sb_errno()

Tested-by: Hobin Woo &lt;hobin.woo@samsung.com&gt;
Signed-off-by: Daeho Jeong &lt;daeho.jeong@samsung.com&gt;
Signed-off-by: Theodore Ts'o &lt;tytso@mit.edu&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 4327ba52afd03fc4b5afa0ee1d774c9c5b0e85c5 upstream.

If a EXT4 filesystem utilizes JBD2 journaling and an error occurs, the
journaling will be aborted first and the error number will be recorded
into JBD2 superblock and, finally, the system will enter into the
panic state in "errors=panic" option.  But, in the rare case, this
sequence is little twisted like the below figure and it will happen
that the system enters into panic state, which means the system reset
in mobile environment, before completion of recording an error in the
journal superblock. In this case, e2fsck cannot recognize that the
filesystem failure occurred in the previous run and the corruption
wouldn't be fixed.

Task A                        Task B
ext4_handle_error()
-&gt; jbd2_journal_abort()
  -&gt; __journal_abort_soft()
    -&gt; __jbd2_journal_abort_hard()
    | -&gt; journal-&gt;j_flags |= JBD2_ABORT;
    |
    |                         __ext4_abort()
    |                         -&gt; jbd2_journal_abort()
    |                         | -&gt; __journal_abort_soft()
    |                         |   -&gt; if (journal-&gt;j_flags &amp; JBD2_ABORT)
    |                         |           return;
    |                         -&gt; panic()
    |
    -&gt; jbd2_journal_update_sb_errno()

Tested-by: Hobin Woo &lt;hobin.woo@samsung.com&gt;
Signed-off-by: Daeho Jeong &lt;daeho.jeong@samsung.com&gt;
Signed-off-by: Theodore Ts'o &lt;tytso@mit.edu&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>jbd2: avoid infinite loop when destroying aborted journal</title>
<updated>2015-09-29T17:26:19+00:00</updated>
<author>
<name>Jan Kara</name>
<email>jack@suse.com</email>
</author>
<published>2015-07-28T18:57:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=164802e408904270d95f74de66404ba54df3fc60'/>
<id>164802e408904270d95f74de66404ba54df3fc60</id>
<content type='text'>
commit 841df7df196237ea63233f0f9eaa41db53afd70f upstream.

Commit 6f6a6fda2945 "jbd2: fix ocfs2 corrupt when updating journal
superblock fails" changed jbd2_cleanup_journal_tail() to return EIO
when the journal is aborted. That makes logic in
jbd2_log_do_checkpoint() bail out which is fine, except that
jbd2_journal_destroy() expects jbd2_log_do_checkpoint() to always make
a progress in cleaning the journal. Without it jbd2_journal_destroy()
just loops in an infinite loop.

Fix jbd2_journal_destroy() to cleanup journal checkpoint lists of
jbd2_log_do_checkpoint() fails with error.

Reported-by: Eryu Guan &lt;guaneryu@gmail.com&gt;
Tested-by: Eryu Guan &lt;guaneryu@gmail.com&gt;
Fixes: 6f6a6fda294506dfe0e3e0a253bb2d2923f28f0a
Signed-off-by: Jan Kara &lt;jack@suse.com&gt;
Signed-off-by: Theodore Ts'o &lt;tytso@mit.edu&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 841df7df196237ea63233f0f9eaa41db53afd70f upstream.

Commit 6f6a6fda2945 "jbd2: fix ocfs2 corrupt when updating journal
superblock fails" changed jbd2_cleanup_journal_tail() to return EIO
when the journal is aborted. That makes logic in
jbd2_log_do_checkpoint() bail out which is fine, except that
jbd2_journal_destroy() expects jbd2_log_do_checkpoint() to always make
a progress in cleaning the journal. Without it jbd2_journal_destroy()
just loops in an infinite loop.

Fix jbd2_journal_destroy() to cleanup journal checkpoint lists of
jbd2_log_do_checkpoint() fails with error.

Reported-by: Eryu Guan &lt;guaneryu@gmail.com&gt;
Tested-by: Eryu Guan &lt;guaneryu@gmail.com&gt;
Fixes: 6f6a6fda294506dfe0e3e0a253bb2d2923f28f0a
Signed-off-by: Jan Kara &lt;jack@suse.com&gt;
Signed-off-by: Theodore Ts'o &lt;tytso@mit.edu&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>jbd2: fix ocfs2 corrupt when updating journal superblock fails</title>
<updated>2015-08-03T16:29:00+00:00</updated>
<author>
<name>Joseph Qi</name>
<email>joseph.qi@huawei.com</email>
</author>
<published>2015-06-15T18:36:01+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=99d0ebdb4b9811ebe8e89ab07480b7836b4aa87a'/>
<id>99d0ebdb4b9811ebe8e89ab07480b7836b4aa87a</id>
<content type='text'>
commit 6f6a6fda294506dfe0e3e0a253bb2d2923f28f0a upstream.

If updating journal superblock fails after journal data has been
flushed, the error is omitted and this will mislead the caller as a
normal case.  In ocfs2, the checkpoint will be treated successfully
and the other node can get the lock to update. Since the sb_start is
still pointing to the old log block, it will rewrite the journal data
during journal recovery by the other node. Thus the new updates will
be overwritten and ocfs2 corrupts.  So in above case we have to return
the error, and ocfs2_commit_cache will take care of the error and
prevent the other node to do update first.  And only after recovering
journal it can do the new updates.

The issue discussion mail can be found at:
https://oss.oracle.com/pipermail/ocfs2-devel/2015-June/010856.html
http://comments.gmane.org/gmane.comp.file-systems.ext4/48841

[ Fixed bug in patch which allowed a non-negative error return from
  jbd2_cleanup_journal_tail() to leak out of jbd2_fjournal_flush(); this
  was causing xfstests ext4/306 to fail. -- Ted ]

Reported-by: Yiwen Jiang &lt;jiangyiwen@huawei.com&gt;
Signed-off-by: Joseph Qi &lt;joseph.qi@huawei.com&gt;
Signed-off-by: Theodore Ts'o &lt;tytso@mit.edu&gt;
Tested-by: Yiwen Jiang &lt;jiangyiwen@huawei.com&gt;
Cc: Junxiao Bi &lt;junxiao.bi@oracle.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 6f6a6fda294506dfe0e3e0a253bb2d2923f28f0a upstream.

If updating journal superblock fails after journal data has been
flushed, the error is omitted and this will mislead the caller as a
normal case.  In ocfs2, the checkpoint will be treated successfully
and the other node can get the lock to update. Since the sb_start is
still pointing to the old log block, it will rewrite the journal data
during journal recovery by the other node. Thus the new updates will
be overwritten and ocfs2 corrupts.  So in above case we have to return
the error, and ocfs2_commit_cache will take care of the error and
prevent the other node to do update first.  And only after recovering
journal it can do the new updates.

The issue discussion mail can be found at:
https://oss.oracle.com/pipermail/ocfs2-devel/2015-June/010856.html
http://comments.gmane.org/gmane.comp.file-systems.ext4/48841

[ Fixed bug in patch which allowed a non-negative error return from
  jbd2_cleanup_journal_tail() to leak out of jbd2_fjournal_flush(); this
  was causing xfstests ext4/306 to fail. -- Ted ]

Reported-by: Yiwen Jiang &lt;jiangyiwen@huawei.com&gt;
Signed-off-by: Joseph Qi &lt;joseph.qi@huawei.com&gt;
Signed-off-by: Theodore Ts'o &lt;tytso@mit.edu&gt;
Tested-by: Yiwen Jiang &lt;jiangyiwen@huawei.com&gt;
Cc: Junxiao Bi &lt;junxiao.bi@oracle.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>jbd2: use GFP_NOFS in jbd2_cleanup_journal_tail()</title>
<updated>2015-08-03T16:29:00+00:00</updated>
<author>
<name>Dmitry Monakhov</name>
<email>dmonakhov@openvz.org</email>
</author>
<published>2015-06-15T04:18:02+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=14624906f5f4356dd69e62b2ed671275cb3a0ed3'/>
<id>14624906f5f4356dd69e62b2ed671275cb3a0ed3</id>
<content type='text'>
commit b4f1afcd068f6e533230dfed00782cd8a907f96b upstream.

jbd2_cleanup_journal_tail() can be invoked by jbd2__journal_start()
So allocations should be done with GFP_NOFS

[Full stack trace snipped from 3.10-rh7]
[&lt;ffffffff815c4bd4&gt;] dump_stack+0x19/0x1b
[&lt;ffffffff8105dba1&gt;] warn_slowpath_common+0x61/0x80
[&lt;ffffffff8105dcca&gt;] warn_slowpath_null+0x1a/0x20
[&lt;ffffffff815c2142&gt;] slab_pre_alloc_hook.isra.31.part.32+0x15/0x17
[&lt;ffffffff8119c045&gt;] kmem_cache_alloc+0x55/0x210
[&lt;ffffffff811477f5&gt;] ? mempool_alloc_slab+0x15/0x20
[&lt;ffffffff811477f5&gt;] mempool_alloc_slab+0x15/0x20
[&lt;ffffffff81147939&gt;] mempool_alloc+0x69/0x170
[&lt;ffffffff815cb69e&gt;] ? _raw_spin_unlock_irq+0xe/0x20
[&lt;ffffffff8109160d&gt;] ? finish_task_switch+0x5d/0x150
[&lt;ffffffff811f1a8e&gt;] bio_alloc_bioset+0x1be/0x2e0
[&lt;ffffffff8127ee49&gt;] blkdev_issue_flush+0x99/0x120
[&lt;ffffffffa019a733&gt;] jbd2_cleanup_journal_tail+0x93/0xa0 [jbd2] --&gt;GFP_KERNEL
[&lt;ffffffffa019aca1&gt;] jbd2_log_do_checkpoint+0x221/0x4a0 [jbd2]
[&lt;ffffffffa019afc7&gt;] __jbd2_log_wait_for_space+0xa7/0x1e0 [jbd2]
[&lt;ffffffffa01952d8&gt;] start_this_handle+0x2d8/0x550 [jbd2]
[&lt;ffffffff811b02a9&gt;] ? __memcg_kmem_put_cache+0x29/0x30
[&lt;ffffffff8119c120&gt;] ? kmem_cache_alloc+0x130/0x210
[&lt;ffffffffa019573a&gt;] jbd2__journal_start+0xba/0x190 [jbd2]
[&lt;ffffffff811532ce&gt;] ? lru_cache_add+0xe/0x10
[&lt;ffffffffa01c9549&gt;] ? ext4_da_write_begin+0xf9/0x330 [ext4]
[&lt;ffffffffa01f2c77&gt;] __ext4_journal_start_sb+0x77/0x160 [ext4]
[&lt;ffffffffa01c9549&gt;] ext4_da_write_begin+0xf9/0x330 [ext4]
[&lt;ffffffff811446ec&gt;] generic_file_buffered_write_iter+0x10c/0x270
[&lt;ffffffff81146918&gt;] __generic_file_write_iter+0x178/0x390
[&lt;ffffffff81146c6b&gt;] __generic_file_aio_write+0x8b/0xb0
[&lt;ffffffff81146ced&gt;] generic_file_aio_write+0x5d/0xc0
[&lt;ffffffffa01bf289&gt;] ext4_file_write+0xa9/0x450 [ext4]
[&lt;ffffffff811c31d9&gt;] ? pipe_read+0x379/0x4f0
[&lt;ffffffff811b93f0&gt;] do_sync_write+0x90/0xe0
[&lt;ffffffff811b9b6d&gt;] vfs_write+0xbd/0x1e0
[&lt;ffffffff811ba5b8&gt;] SyS_write+0x58/0xb0
[&lt;ffffffff815d4799&gt;] system_call_fastpath+0x16/0x1b

Signed-off-by: Dmitry Monakhov &lt;dmonakhov@openvz.org&gt;
Signed-off-by: Theodore Ts'o &lt;tytso@mit.edu&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit b4f1afcd068f6e533230dfed00782cd8a907f96b upstream.

jbd2_cleanup_journal_tail() can be invoked by jbd2__journal_start()
So allocations should be done with GFP_NOFS

[Full stack trace snipped from 3.10-rh7]
[&lt;ffffffff815c4bd4&gt;] dump_stack+0x19/0x1b
[&lt;ffffffff8105dba1&gt;] warn_slowpath_common+0x61/0x80
[&lt;ffffffff8105dcca&gt;] warn_slowpath_null+0x1a/0x20
[&lt;ffffffff815c2142&gt;] slab_pre_alloc_hook.isra.31.part.32+0x15/0x17
[&lt;ffffffff8119c045&gt;] kmem_cache_alloc+0x55/0x210
[&lt;ffffffff811477f5&gt;] ? mempool_alloc_slab+0x15/0x20
[&lt;ffffffff811477f5&gt;] mempool_alloc_slab+0x15/0x20
[&lt;ffffffff81147939&gt;] mempool_alloc+0x69/0x170
[&lt;ffffffff815cb69e&gt;] ? _raw_spin_unlock_irq+0xe/0x20
[&lt;ffffffff8109160d&gt;] ? finish_task_switch+0x5d/0x150
[&lt;ffffffff811f1a8e&gt;] bio_alloc_bioset+0x1be/0x2e0
[&lt;ffffffff8127ee49&gt;] blkdev_issue_flush+0x99/0x120
[&lt;ffffffffa019a733&gt;] jbd2_cleanup_journal_tail+0x93/0xa0 [jbd2] --&gt;GFP_KERNEL
[&lt;ffffffffa019aca1&gt;] jbd2_log_do_checkpoint+0x221/0x4a0 [jbd2]
[&lt;ffffffffa019afc7&gt;] __jbd2_log_wait_for_space+0xa7/0x1e0 [jbd2]
[&lt;ffffffffa01952d8&gt;] start_this_handle+0x2d8/0x550 [jbd2]
[&lt;ffffffff811b02a9&gt;] ? __memcg_kmem_put_cache+0x29/0x30
[&lt;ffffffff8119c120&gt;] ? kmem_cache_alloc+0x130/0x210
[&lt;ffffffffa019573a&gt;] jbd2__journal_start+0xba/0x190 [jbd2]
[&lt;ffffffff811532ce&gt;] ? lru_cache_add+0xe/0x10
[&lt;ffffffffa01c9549&gt;] ? ext4_da_write_begin+0xf9/0x330 [ext4]
[&lt;ffffffffa01f2c77&gt;] __ext4_journal_start_sb+0x77/0x160 [ext4]
[&lt;ffffffffa01c9549&gt;] ext4_da_write_begin+0xf9/0x330 [ext4]
[&lt;ffffffff811446ec&gt;] generic_file_buffered_write_iter+0x10c/0x270
[&lt;ffffffff81146918&gt;] __generic_file_write_iter+0x178/0x390
[&lt;ffffffff81146c6b&gt;] __generic_file_aio_write+0x8b/0xb0
[&lt;ffffffff81146ced&gt;] generic_file_aio_write+0x5d/0xc0
[&lt;ffffffffa01bf289&gt;] ext4_file_write+0xa9/0x450 [ext4]
[&lt;ffffffff811c31d9&gt;] ? pipe_read+0x379/0x4f0
[&lt;ffffffff811b93f0&gt;] do_sync_write+0x90/0xe0
[&lt;ffffffff811b9b6d&gt;] vfs_write+0xbd/0x1e0
[&lt;ffffffff811ba5b8&gt;] SyS_write+0x58/0xb0
[&lt;ffffffff815d4799&gt;] system_call_fastpath+0x16/0x1b

Signed-off-by: Dmitry Monakhov &lt;dmonakhov@openvz.org&gt;
Signed-off-by: Theodore Ts'o &lt;tytso@mit.edu&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
</feed>
