From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.0 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4BD86C43381 for ; Mon, 1 Apr 2019 17:31:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 1E5CE20830 for ; Mon, 1 Apr 2019 17:31:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1554139891; bh=rKoe32QPkOLa3OYBvGvwVOD1qxwlIVxKxIo16pFIw3I=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=InMhvQLGOD4+RweR0vLbXZ4DNHsSD8iSk+7DkRloPO9JTYwBGtbHFFIYbS8tWKjLd FipgAs/AefMxuf3NsSBlF7xYFhHBcMvhiCg6JTm1RQxfnKFbxXYf4A94xbWArwqt96 IpvKeb10qlY7qzWE2p4Y/2GdVMsUxDxqKYn23+54= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1733052AbfDARb3 (ORCPT ); Mon, 1 Apr 2019 13:31:29 -0400 Received: from mail.kernel.org ([198.145.29.99]:38990 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732850AbfDARb1 (ORCPT ); Mon, 1 Apr 2019 13:31:27 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 811772070B; Mon, 1 Apr 2019 17:31:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1554139886; bh=rKoe32QPkOLa3OYBvGvwVOD1qxwlIVxKxIo16pFIw3I=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=hqMbjA1WgCZjSAJFgaf5fZGUpPzobR/R0VIhJT5fR5ZWaqfgrYRfGG/nI0vCV8Fzi pwW2t8gLrkgxrMLZ1nhVAUOwQlvwPEty44Hz5RHqlVnDxIFvp7i2TOmU6y2iHiYDT5 N7dPbBHLNVvR+VfvRtq0TUWfbfrhqH0/qIzLnB4I= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Hulk Robot , "zhangyi (F)" , Theodore Tso , Jan Kara , stable@kernel.org Subject: [PATCH 4.4 009/131] ext4: brelse all indirect buffer in ext4_ind_remove_space() Date: Mon, 1 Apr 2019 19:01:19 +0200 Message-Id: <20190401170052.555833178@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190401170051.645954551@linuxfoundation.org> References: <20190401170051.645954551@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: zhangyi (F) commit 674a2b27234d1b7afcb0a9162e81b2e53aeef217 upstream. All indirect buffers get by ext4_find_shared() should be released no mater the branch should be freed or not. But now, we forget to release the lower depth indirect buffers when removing space from the same higher depth indirect block. It will lead to buffer leak and futher more, it may lead to quota information corruption when using old quota, consider the following case. - Create and mount an empty ext4 filesystem without extent and quota features, - quotacheck and enable the user & group quota, - Create some files and write some data to them, and then punch hole to some files of them, it may trigger the buffer leak problem mentioned above. - Disable quota and run quotacheck again, it will create two new aquota files and write the checked quota information to them, which probably may reuse the freed indirect block(the buffer and page cache was not freed) as data block. - Enable quota again, it will invoke vfs_load_quota_inode()->invalidate_bdev() to try to clean unused buffers and pagecache. Unfortunately, because of the buffer of quota data block is still referenced, quota code cannot read the up to date quota info from the device and lead to quota information corruption. This problem can be reproduced by xfstests generic/231 on ext3 file system or ext4 file system without extent and quota features. This patch fix this problem by releasing the missing indirect buffers, in ext4_ind_remove_space(). Reported-by: Hulk Robot Signed-off-by: zhangyi (F) Signed-off-by: Theodore Ts'o Reviewed-by: Jan Kara Cc: stable@kernel.org Signed-off-by: Greg Kroah-Hartman --- fs/ext4/indirect.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) --- a/fs/ext4/indirect.c +++ b/fs/ext4/indirect.c @@ -1491,10 +1491,14 @@ end_range: partial->p + 1, partial2->p, (chain+n-1) - partial); - BUFFER_TRACE(partial->bh, "call brelse"); - brelse(partial->bh); - BUFFER_TRACE(partial2->bh, "call brelse"); - brelse(partial2->bh); + while (partial > chain) { + BUFFER_TRACE(partial->bh, "call brelse"); + brelse(partial->bh); + } + while (partial2 > chain2) { + BUFFER_TRACE(partial2->bh, "call brelse"); + brelse(partial2->bh); + } return 0; }