[Ocfs2-devel] [PATCH RESEND] ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry
piaojun
piaojun at huawei.com
Fri Nov 9 22:33:56 PST 2018
Hi Changwei,
On 2018/5/28 22:40, Changwei Ge wrote:
> From: Changwei Ge <ge.changwei at h3c.com>
>
> Somehow, file system metadata was corrupted, which causes
> ocfs2_check_dir_entry() to fail in function ocfs2_dir_foreach_blk_el().
>
> According to the original design intention, if above happens we should
> skip the problematic block and continue to retrieve dir entry. But there
> is obviouse misuse of brelse around related code.
>
> After failure of ocfs2_check_dir_entry(), currunt code just moves to next
> position and uses the problematic buffer head again and again during
> which the problematic buffer head is released for multiple times. I
> suppose, this a serious issue which is long-lived in ocfs2. This may
> cause other file systems which is also used in a the same host insane.
>
> So we should also consider about bakcporting this patch into
> linux -stable.
>
> Suggested-by: Changkuo Shi <shi.changkuo at h3c.com>
> Cc: stable at vger.kernel.org
> Signed-off-by: Changwei Ge <ge.changwei at h3c.com>
> ---
> fs/ocfs2/dir.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/fs/ocfs2/dir.c b/fs/ocfs2/dir.c
> index b048d4f..c121abb 100644
> --- a/fs/ocfs2/dir.c
> +++ b/fs/ocfs2/dir.c
> @@ -1897,8 +1897,7 @@ static int ocfs2_dir_foreach_blk_el(struct inode *inode,
> /* On error, skip the f_pos to the
> next block. */
> ctx->pos = (ctx->pos | (sb->s_blocksize - 1)) + 1;
> - brelse(bh);
> - continue;
> + break;
I guess return is more appropriate than break here as it will cause double
free buffer:
"
ctx->pos = (ctx->pos | (sb->s_blocksize - 1)) + 1;
brelse(bh);
break;
"
"
brelse(bh);
bh = NULL;
if (!persist && stored)
break;
"
Thanks,
Jun
> }
> if (le64_to_cpu(de->inode)) {
> unsigned char d_type = DT_UNKNOWN;
>
More information about the Ocfs2-devel
mailing list