linux-ext4.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] jbd2: make sure jh have b_transaction set in refile/unlink_buffer
@ 2020-06-17  9:10 Lukas Czerner
  2020-06-17  9:25 ` [PATCH v2] jbd2: make sure jh have b_transaction set in refile/unfile_buffer Lukas Czerner
  2020-06-17 12:15 ` [PATCH] jbd2: make sure jh have b_transaction set in refile/unlink_buffer Jan Kara
  0 siblings, 2 replies; 3+ messages in thread
From: Lukas Czerner @ 2020-06-17  9:10 UTC (permalink / raw)
  To: linux-ext4; +Cc: Jan Kara

Callers of __jbd2_journal_unfile_buffer() and
__jbd2_journal_refile_buffer() assume that the b_transaction is set. In
fact if it's not, we can end up with journal_head refcounting errors
leading to crash much later that might be very hard to track down. Add
asserts to make sure that is the case.

We also make sure that b_next_transaction is NULL in
__jbd2_journal_unfile_buffer() since the callers expect that as well and
we should not get into that stage in this state anyway, leading to
problems later on if we do.

Tested with fstests.

Signed-off-by: Lukas Czerner <lczerner@redhat.com>
---
 fs/jbd2/transaction.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c
index e91aad3637a2..e65e0aca2826 100644
--- a/fs/jbd2/transaction.c
+++ b/fs/jbd2/transaction.c
@@ -2026,6 +2026,9 @@ static void __jbd2_journal_temp_unlink_buffer(struct journal_head *jh)
  */
 static void __jbd2_journal_unfile_buffer(struct journal_head *jh)
 {
+	J_ASSERT_JH(jh, jh->b_transaction != NULL);
+	J_ASSERT_JH(jh, jh->b_next_transaction == NULL);
+
 	__jbd2_journal_temp_unlink_buffer(jh);
 	jh->b_transaction = NULL;
 }
@@ -2572,6 +2575,13 @@ bool __jbd2_journal_refile_buffer(struct journal_head *jh)
 
 	was_dirty = test_clear_buffer_jbddirty(bh);
 	__jbd2_journal_temp_unlink_buffer(jh);
+
+	/*
+	 * b_transaction must be set, otherwise the new b_transaction won't
+	 * be holding jh reference
+	 */
+	J_ASSERT_JH(jh, jh->b_transaction != NULL);
+
 	/*
 	 * We set b_transaction here because b_next_transaction will inherit
 	 * our jh reference and thus __jbd2_journal_file_buffer() must not
-- 
2.21.3


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* [PATCH v2] jbd2: make sure jh have b_transaction set in refile/unfile_buffer
  2020-06-17  9:10 [PATCH] jbd2: make sure jh have b_transaction set in refile/unlink_buffer Lukas Czerner
@ 2020-06-17  9:25 ` Lukas Czerner
  2020-06-17 12:15 ` [PATCH] jbd2: make sure jh have b_transaction set in refile/unlink_buffer Jan Kara
  1 sibling, 0 replies; 3+ messages in thread
From: Lukas Czerner @ 2020-06-17  9:25 UTC (permalink / raw)
  To: linux-ext4; +Cc: Jan Kara

Callers of __jbd2_journal_unfile_buffer() and
__jbd2_journal_refile_buffer() assume that the b_transaction is set. In
fact if it's not, we can end up with journal_head refcounting errors
leading to crash much later that might be very hard to track down. Add
asserts to make sure that is the case.

We also make sure that b_next_transaction is NULL in
__jbd2_journal_unfile_buffer() since the callers expect that as well and
we should not get into that stage in this state anyway, leading to
problems later on if we do.

Tested with fstests.

Signed-off-by: Lukas Czerner <lczerner@redhat.com>
---
v2: Fix subject line s/unlink/unfile/

 fs/jbd2/transaction.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c
index e91aad3637a2..e65e0aca2826 100644
--- a/fs/jbd2/transaction.c
+++ b/fs/jbd2/transaction.c
@@ -2026,6 +2026,9 @@ static void __jbd2_journal_temp_unlink_buffer(struct journal_head *jh)
  */
 static void __jbd2_journal_unfile_buffer(struct journal_head *jh)
 {
+	J_ASSERT_JH(jh, jh->b_transaction != NULL);
+	J_ASSERT_JH(jh, jh->b_next_transaction == NULL);
+
 	__jbd2_journal_temp_unlink_buffer(jh);
 	jh->b_transaction = NULL;
 }
@@ -2572,6 +2575,13 @@ bool __jbd2_journal_refile_buffer(struct journal_head *jh)
 
 	was_dirty = test_clear_buffer_jbddirty(bh);
 	__jbd2_journal_temp_unlink_buffer(jh);
+
+	/*
+	 * b_transaction must be set, otherwise the new b_transaction won't
+	 * be holding jh reference
+	 */
+	J_ASSERT_JH(jh, jh->b_transaction != NULL);
+
 	/*
 	 * We set b_transaction here because b_next_transaction will inherit
 	 * our jh reference and thus __jbd2_journal_file_buffer() must not
-- 
2.21.3


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] jbd2: make sure jh have b_transaction set in refile/unlink_buffer
  2020-06-17  9:10 [PATCH] jbd2: make sure jh have b_transaction set in refile/unlink_buffer Lukas Czerner
  2020-06-17  9:25 ` [PATCH v2] jbd2: make sure jh have b_transaction set in refile/unfile_buffer Lukas Czerner
@ 2020-06-17 12:15 ` Jan Kara
  1 sibling, 0 replies; 3+ messages in thread
From: Jan Kara @ 2020-06-17 12:15 UTC (permalink / raw)
  To: Lukas Czerner; +Cc: linux-ext4, Jan Kara

On Wed 17-06-20 11:10:31, Lukas Czerner wrote:
> Callers of __jbd2_journal_unfile_buffer() and
> __jbd2_journal_refile_buffer() assume that the b_transaction is set. In
> fact if it's not, we can end up with journal_head refcounting errors
> leading to crash much later that might be very hard to track down. Add
> asserts to make sure that is the case.
> 
> We also make sure that b_next_transaction is NULL in
> __jbd2_journal_unfile_buffer() since the callers expect that as well and
> we should not get into that stage in this state anyway, leading to
> problems later on if we do.
> 
> Tested with fstests.
> 
> Signed-off-by: Lukas Czerner <lczerner@redhat.com>

Thanks! The patch looks good to me. You can add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza

> ---
>  fs/jbd2/transaction.c | 10 ++++++++++
>  1 file changed, 10 insertions(+)
> 
> diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c
> index e91aad3637a2..e65e0aca2826 100644
> --- a/fs/jbd2/transaction.c
> +++ b/fs/jbd2/transaction.c
> @@ -2026,6 +2026,9 @@ static void __jbd2_journal_temp_unlink_buffer(struct journal_head *jh)
>   */
>  static void __jbd2_journal_unfile_buffer(struct journal_head *jh)
>  {
> +	J_ASSERT_JH(jh, jh->b_transaction != NULL);
> +	J_ASSERT_JH(jh, jh->b_next_transaction == NULL);
> +
>  	__jbd2_journal_temp_unlink_buffer(jh);
>  	jh->b_transaction = NULL;
>  }
> @@ -2572,6 +2575,13 @@ bool __jbd2_journal_refile_buffer(struct journal_head *jh)
>  
>  	was_dirty = test_clear_buffer_jbddirty(bh);
>  	__jbd2_journal_temp_unlink_buffer(jh);
> +
> +	/*
> +	 * b_transaction must be set, otherwise the new b_transaction won't
> +	 * be holding jh reference
> +	 */
> +	J_ASSERT_JH(jh, jh->b_transaction != NULL);
> +
>  	/*
>  	 * We set b_transaction here because b_next_transaction will inherit
>  	 * our jh reference and thus __jbd2_journal_file_buffer() must not
> -- 
> 2.21.3
> 
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-06-17 12:15 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-17  9:10 [PATCH] jbd2: make sure jh have b_transaction set in refile/unlink_buffer Lukas Czerner
2020-06-17  9:25 ` [PATCH v2] jbd2: make sure jh have b_transaction set in refile/unfile_buffer Lukas Czerner
2020-06-17 12:15 ` [PATCH] jbd2: make sure jh have b_transaction set in refile/unlink_buffer Jan Kara

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).