Patch "ext4: fix ext4_discard_allocated_blocks() if we can't allocate the pa struct" has been added to the 3.10-stable tree

Discussion:

g***@linuxfoundation.org

2014-08-29 19:12:02 UTC

Permalink

This is a note to let you know that I've just added the patch titled

ext4: fix ext4_discard_allocated_blocks() if we can't allocate the pa struct

to the 3.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
ext4-fix-ext4_discard_allocated_blocks-if-we-can-t-allocate-the-pa-struct.patch
and it can be found in the queue-3.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,

From 86f0afd463215fc3e58020493482faa4ac3a4d69 Mon Sep 17 00:00:00 2001

From: Theodore Ts'o <***@mit.edu>
Date: Wed, 30 Jul 2014 22:17:17 -0400
Subject: ext4: fix ext4_discard_allocated_blocks() if we can't allocate the pa struct

From: Theodore Ts'o <***@mit.edu>

commit 86f0afd463215fc3e58020493482faa4ac3a4d69 upstream.

If there is a failure while allocating the preallocation structure, a
number of blocks can end up getting marked in the in-memory buddy
bitmap, and then not getting released. This can result in the
following corruption getting reported by the kernel:

EXT4-fs error (device sda3): ext4_mb_generate_buddy:758: group 1126,
12793 clusters in bitmap, 12729 in gd

In that case, we need to release the blocks using mb_free_blocks().

Tested: fs smoke test; also demonstrated that with injected errors,
the file system is no longer getting corrupted

Google-Bug-Id: 16657874

Signed-off-by: "Theodore Ts'o" <***@mit.edu>
Signed-off-by: Greg Kroah-Hartman <***@linuxfoundation.org>

---
fs/ext4/mballoc.c | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)

--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
@@ -3177,8 +3177,27 @@ static void ext4_mb_collect_stats(struct
static void ext4_discard_allocated_blocks(struct ext4_allocation_context *ac)
{
struct ext4_prealloc_space *pa = ac->ac_pa;
+ struct ext4_buddy e4b;
+ int err;

- if (pa && pa->pa_type == MB_INODE_PA)
+ if (pa == NULL) {
+ err = ext4_mb_load_buddy(ac->ac_sb, ac->ac_f_ex.fe_group, &e4b);
+ if (err) {
+ /*
+ * This should never happen since we pin the
+ * pages in the ext4_allocation_context so
+ * ext4_mb_load_buddy() should never fail.
+ */
+ WARN(1, "mb_load_buddy failed (%d)", err);
+ return;
+ }
+ ext4_lock_group(ac->ac_sb, ac->ac_f_ex.fe_group);
+ mb_free_blocks(ac->ac_inode, &e4b, ac->ac_f_ex.fe_start,
+ ac->ac_f_ex.fe_len);
+ ext4_unlock_group(ac->ac_sb, ac->ac_f_ex.fe_group);
+ return;
+ }
+ if (pa->pa_type == MB_INODE_PA)
pa->pa_free += ac->ac_b_ex.fe_len;
}

Patches currently in stable-queue which might be from ***@mit.edu are

queue-3.10/ext4-fix-ext4_discard_allocated_blocks-if-we-can-t-allocate-the-pa-struct.patch

Theodore Ts'o

2014-08-29 21:38:06 UTC

Permalink

Post by g***@linuxfoundation.org
This is a note to let you know that I've just added the patch titled
ext4: fix ext4_discard_allocated_blocks() if we can't allocate the pa struct
From 86f0afd463215fc3e58020493482faa4ac3a4d69 Mon Sep 17 00:00:00 2001

Hi Greg,

Please sure you also grab this commit (which just hit mainline today,
along with a bunch of other ext4 patches marked for the stable kernel)
as well, since this commit fixes a bug introduced by "86f0afd46321:
ext4: fix ext4_discard_allocated_blocks() if we can't allocate the pa
struct".

Cheers,

- Ted

commit c99d1e6e83b06744c75d9f5e491ed495a7086b7b
Author: Theodore Ts'o <***@mit.edu>
Date: Sat Aug 23 17:47:28 2014 -0400

ext4: fix BUG_ON in mb_free_blocks()

If we suffer a block allocation failure (for example due to a memory
allocation failure), it's possible that we will call
ext4_discard_allocated_blocks() before we've actually allocated any
blocks. In that case, fe_len and fe_start in ac->ac_f_ex will still
be zero, and this will result in mb_free_blocks(inode, e4b, 0, 0)
triggering the BUG_ON on mb_free_blocks():

BUG_ON(last >= (sb->s_blocksize << 3));

Fix this by bailing out of ext4_discard_allocated_blocks() if fs_len
is zero.

Also fix a missing ext4_mb_unload_buddy() call in
ext4_discard_allocated_blocks().

Google-Bug-Id: 16844242

Fixes: 86f0afd463215fc3e58020493482faa4ac3a4d69
Signed-off-by: Theodore Ts'o <***@mit.edu>
Cc: ***@vger.kernel.org

Greg KH

2014-08-29 22:14:24 UTC

Permalink

Post by Theodore Ts'o

Normally I wait for the patches to hit a -rc release, but if you say
the ext4 patches should go in now, I'll not object and go queue them up
in a few minutes.

thanks,

greg k-h

Theodore Ts'o

2014-08-29 22:24:22 UTC

Permalink

Post by Greg KH
Normally I wait for the patches to hit a -rc release, but if you say
the ext4 patches should go in now, I'll not object and go queue them up
in a few minutes.

Or you could delay "ext4: fix ext4_discard_allocated_blocks() if we
can't allocate the pa struct" until the -rc release, so that
86f0afd46321 and c99d1e6e83b0 hit -stable in the same 3.x.y.z release.

In practice, I don't think it's going to make that much difference in
practice, since I assume Linus will be releasing -rc3 by Monday or
Tuesday at the latest. So whatever you prefer,

Cheers,

- Ted

Ben Hutchings

2014-10-20 12:21:46 UTC

Permalink

Post by Theodore Ts'o

Hi Greg,
Please sure you also grab this commit (which just hit mainline today,
along with a bunch of other ext4 patches marked for the stable kernel)
ext4: fix ext4_discard_allocated_blocks() if we can't allocate the pa
struct".
Cheers,
- Ted
commit c99d1e6e83b06744c75d9f5e491ed495a7086b7b
Date: Sat Aug 23 17:47:28 2014 -0400
ext4: fix BUG_ON in mb_free_blocks()

[...]

I've (finally) queued this up for 3.2.

Ben.

--
Ben Hutchings
[W]e found...that it wasn't as easy to get programs right as we had thought.
... I realized that a large part of my life from then on was going to be spent
in finding mistakes in my own programs. - Maurice Wilkes, 1949