projects
/
GitHub
/
moto-9609
/
android_kernel_motorola_exynos9610.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
50460fe
)
ext4: prevent bugon on race between write/fcntl
author
Dmitry Monakhov
<dmonakhov@openvz.org>
Thu, 30 Oct 2014 14:53:16 +0000
(10:53 -0400)
committer
Theodore Ts'o
<tytso@mit.edu>
Thu, 30 Oct 2014 14:53:16 +0000
(10:53 -0400)
O_DIRECT flags can be toggeled via fcntl(F_SETFL). But this value checked
twice inside ext4_file_write_iter() and __generic_file_write() which
result in BUG_ON inside ext4_direct_IO.
Let's initialize iocb->private unconditionally.
TESTCASE: xfstest:generic/036 https://patchwork.ozlabs.org/patch/402445/
#TYPICAL STACK TRACE:
kernel BUG at fs/ext4/inode.c:2960!
invalid opcode: 0000 [#1] SMP
Modules linked in: brd iTCO_wdt lpc_ich mfd_core igb ptp dm_mirror dm_region_hash dm_log dm_mod
CPU: 6 PID: 5505 Comm: aio-dio-fcntl-r Not tainted
3.17.0-rc2-00176-gff5c017
#161
Hardware name: Intel Corporation W2600CR/W2600CR, BIOS SE5C600.86B.99.99.x028.
061320111235
06/13/2011
task:
ffff88080e95a7c0
ti:
ffff88080f908000
task.ti:
ffff88080f908000
RIP: 0010:[<
ffffffff811fabf2
>] [<
ffffffff811fabf2
>] ext4_direct_IO+0x162/0x3d0
RSP: 0018:
ffff88080f90bb58
EFLAGS:
00010246
RAX:
0000000000000400
RBX:
ffff88080fdb2a28
RCX:
00000000a802c818
RDX:
0000040000080000
RSI:
ffff88080d8aeb80
RDI:
0000000000000001
RBP:
ffff88080f90bbc8
R08:
0000000000000000
R09:
0000000000001581
R10:
0000000000000000
R11:
0000000000000000
R12:
ffff88080d8aeb80
R13:
ffff88080f90bbf8
R14:
ffff88080fdb28c8
R15:
ffff88080fdb2a28
FS:
00007f23b2055700
(0000) GS:
ffff880818400000
(0000) knlGS:
0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
CR2:
00007f23b2045000
CR3:
000000080cedf000
CR4:
00000000000407e0
Stack:
ffff88080f90bb98
0000000000000000
7ffffffffffffffe
ffff88080fdb2c30
0000000000000200
0000000000000200
0000000000000001
0000000000000200
ffff88080f90bbc8
ffff88080fdb2c30
ffff88080f90be08
0000000000000200
Call Trace:
[<
ffffffff8112ca9d
>] generic_file_direct_write+0xed/0x180
[<
ffffffff8112f2b2
>] __generic_file_write_iter+0x222/0x370
[<
ffffffff811f495b
>] ext4_file_write_iter+0x34b/0x400
[<
ffffffff811bd709
>] ? aio_run_iocb+0x239/0x410
[<
ffffffff811bd709
>] ? aio_run_iocb+0x239/0x410
[<
ffffffff810990e5
>] ? local_clock+0x25/0x30
[<
ffffffff810abd94
>] ? __lock_acquire+0x274/0x700
[<
ffffffff811f4610
>] ? ext4_unwritten_wait+0xb0/0xb0
[<
ffffffff811bd756
>] aio_run_iocb+0x286/0x410
[<
ffffffff810990e5
>] ? local_clock+0x25/0x30
[<
ffffffff810ac359
>] ? lock_release_holdtime+0x29/0x190
[<
ffffffff811bc05b
>] ? lookup_ioctx+0x4b/0xf0
[<
ffffffff811bde3b
>] do_io_submit+0x55b/0x740
[<
ffffffff811bdcaa
>] ? do_io_submit+0x3ca/0x740
[<
ffffffff811be030
>] SyS_io_submit+0x10/0x20
[<
ffffffff815ce192
>] system_call_fastpath+0x16/0x1b
Code: 01 48 8b 80 f0 01 00 00 48 8b 18 49 8b 45 10 0f 85 f1 01 00 00 48 03 45 c8 48 3b 43 48 0f 8f e3 01 00 00 49 83 7c
24 18 00 75 04 <0f> 0b eb fe f0 ff 83 ec 01 00 00 49 8b 44 24 18 8b 00 85 c0 89
RIP [<
ffffffff811fabf2
>] ext4_direct_IO+0x162/0x3d0
RSP <
ffff88080f90bb58
>
Reported-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
Cc: stable@vger.kernel.org
fs/ext4/file.c
patch
|
blob
|
blame
|
history
diff --git
a/fs/ext4/file.c
b/fs/ext4/file.c
index aca7b24a443243c3415221edd082c71e2a1a2ce5..8131be8c0af3166aac865557baa9f0371564a397 100644
(file)
--- a/
fs/ext4/file.c
+++ b/
fs/ext4/file.c
@@
-137,10
+137,10
@@
ext4_file_write_iter(struct kiocb *iocb, struct iov_iter *from)
iov_iter_truncate(from, sbi->s_bitmap_maxbytes - pos);
}
+ iocb->private = &overwrite;
if (o_direct) {
blk_start_plug(&plug);
- iocb->private = &overwrite;
/* check whether we do a DIO overwrite or not */
if (ext4_should_dioread_nolock(inode) && !aio_mutex &&