ext4: fix error handling in ext4_fc_record_modified_inode()
Current code does not fully takes care of krealloc() error case, which could lead to silent memory corruption or a kernel bug. This patch fixes that. Also it cleans up some duplicated error handling logic from various functions in fast_commit.c file. Reported-by: luo penghao <luo.penghao@zte.com.cn> Suggested-by: Lukas Czerner <lczerner@redhat.com> Signed-off-by: Ritesh Harjani <riteshh@linux.ibm.com> Reviewed-by: Jan Kara <jack@suse.cz> Link: https://lore.kernel.org/r/62e8b6a1cce9359682051deb736a3c0953c9d1e9.1642416995.git.riteshh@linux.ibm.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: stable@kernel.org
This commit is contained in:
Ritesh Harjani
committed by
Theodore Ts'o
Theodore Ts'o
parent
09355d9d03
commit
cdce59a154
@@ -1410,14 +1410,15 @@ static int ext4_fc_record_modified_inode(struct super_block *sb, int ino)
|
|||||||
if (state->fc_modified_inodes[i] == ino)
|
if (state->fc_modified_inodes[i] == ino)
|
||||||
return 0;
|
return 0;
|
||||||
if (state->fc_modified_inodes_used == state->fc_modified_inodes_size) {
|
if (state->fc_modified_inodes_used == state->fc_modified_inodes_size) {
|
||||||
state->fc_modified_inodes_size +=
|
|
||||||
EXT4_FC_REPLAY_REALLOC_INCREMENT;
|
|
||||||
state->fc_modified_inodes = krealloc(
|
state->fc_modified_inodes = krealloc(
|
||||||
state->fc_modified_inodes, sizeof(int) *
|
state->fc_modified_inodes,
|
||||||
state->fc_modified_inodes_size,
|
sizeof(int) * (state->fc_modified_inodes_size +
|
||||||
GFP_KERNEL);
|
EXT4_FC_REPLAY_REALLOC_INCREMENT),
|
||||||
|
GFP_KERNEL);
|
||||||
if (!state->fc_modified_inodes)
|
if (!state->fc_modified_inodes)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
state->fc_modified_inodes_size +=
|
||||||
|
EXT4_FC_REPLAY_REALLOC_INCREMENT;
|
||||||
}
|
}
|
||||||
state->fc_modified_inodes[state->fc_modified_inodes_used++] = ino;
|
state->fc_modified_inodes[state->fc_modified_inodes_used++] = ino;
|
||||||
return 0;
|
return 0;
|
||||||
@@ -1449,7 +1450,9 @@ static int ext4_fc_replay_inode(struct super_block *sb, struct ext4_fc_tl *tl,
|
|||||||
}
|
}
|
||||||
inode = NULL;
|
inode = NULL;
|
||||||
|
|
||||||
ext4_fc_record_modified_inode(sb, ino);
|
ret = ext4_fc_record_modified_inode(sb, ino);
|
||||||
|
if (ret)
|
||||||
|
goto out;
|
||||||
|
|
||||||
raw_fc_inode = (struct ext4_inode *)
|
raw_fc_inode = (struct ext4_inode *)
|
||||||
(val + offsetof(struct ext4_fc_inode, fc_raw_inode));
|
(val + offsetof(struct ext4_fc_inode, fc_raw_inode));
|
||||||
@@ -1649,6 +1652,8 @@ static int ext4_fc_replay_add_range(struct super_block *sb,
|
|||||||
}
|
}
|
||||||
|
|
||||||
ret = ext4_fc_record_modified_inode(sb, inode->i_ino);
|
ret = ext4_fc_record_modified_inode(sb, inode->i_ino);
|
||||||
|
if (ret)
|
||||||
|
goto out;
|
||||||
|
|
||||||
start = le32_to_cpu(ex->ee_block);
|
start = le32_to_cpu(ex->ee_block);
|
||||||
start_pblk = ext4_ext_pblock(ex);
|
start_pblk = ext4_ext_pblock(ex);
|
||||||
@@ -1666,18 +1671,14 @@ static int ext4_fc_replay_add_range(struct super_block *sb,
|
|||||||
map.m_pblk = 0;
|
map.m_pblk = 0;
|
||||||
ret = ext4_map_blocks(NULL, inode, &map, 0);
|
ret = ext4_map_blocks(NULL, inode, &map, 0);
|
||||||
|
|
||||||
if (ret < 0) {
|
if (ret < 0)
|
||||||
iput(inode);
|
goto out;
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
/* Range is not mapped */
|
/* Range is not mapped */
|
||||||
path = ext4_find_extent(inode, cur, NULL, 0);
|
path = ext4_find_extent(inode, cur, NULL, 0);
|
||||||
if (IS_ERR(path)) {
|
if (IS_ERR(path))
|
||||||
iput(inode);
|
goto out;
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
memset(&newex, 0, sizeof(newex));
|
memset(&newex, 0, sizeof(newex));
|
||||||
newex.ee_block = cpu_to_le32(cur);
|
newex.ee_block = cpu_to_le32(cur);
|
||||||
ext4_ext_store_pblock(
|
ext4_ext_store_pblock(
|
||||||
@@ -1691,10 +1692,8 @@ static int ext4_fc_replay_add_range(struct super_block *sb,
|
|||||||
up_write((&EXT4_I(inode)->i_data_sem));
|
up_write((&EXT4_I(inode)->i_data_sem));
|
||||||
ext4_ext_drop_refs(path);
|
ext4_ext_drop_refs(path);
|
||||||
kfree(path);
|
kfree(path);
|
||||||
if (ret) {
|
if (ret)
|
||||||
iput(inode);
|
goto out;
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
goto next;
|
goto next;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1707,10 +1706,8 @@ static int ext4_fc_replay_add_range(struct super_block *sb,
|
|||||||
ret = ext4_ext_replay_update_ex(inode, cur, map.m_len,
|
ret = ext4_ext_replay_update_ex(inode, cur, map.m_len,
|
||||||
ext4_ext_is_unwritten(ex),
|
ext4_ext_is_unwritten(ex),
|
||||||
start_pblk + cur - start);
|
start_pblk + cur - start);
|
||||||
if (ret) {
|
if (ret)
|
||||||
iput(inode);
|
goto out;
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
/*
|
/*
|
||||||
* Mark the old blocks as free since they aren't used
|
* Mark the old blocks as free since they aren't used
|
||||||
* anymore. We maintain an array of all the modified
|
* anymore. We maintain an array of all the modified
|
||||||
@@ -1730,10 +1727,8 @@ static int ext4_fc_replay_add_range(struct super_block *sb,
|
|||||||
ext4_ext_is_unwritten(ex), map.m_pblk);
|
ext4_ext_is_unwritten(ex), map.m_pblk);
|
||||||
ret = ext4_ext_replay_update_ex(inode, cur, map.m_len,
|
ret = ext4_ext_replay_update_ex(inode, cur, map.m_len,
|
||||||
ext4_ext_is_unwritten(ex), map.m_pblk);
|
ext4_ext_is_unwritten(ex), map.m_pblk);
|
||||||
if (ret) {
|
if (ret)
|
||||||
iput(inode);
|
goto out;
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
/*
|
/*
|
||||||
* We may have split the extent tree while toggling the state.
|
* We may have split the extent tree while toggling the state.
|
||||||
* Try to shrink the extent tree now.
|
* Try to shrink the extent tree now.
|
||||||
@@ -1745,6 +1740,7 @@ next:
|
|||||||
}
|
}
|
||||||
ext4_ext_replay_shrink_inode(inode, i_size_read(inode) >>
|
ext4_ext_replay_shrink_inode(inode, i_size_read(inode) >>
|
||||||
sb->s_blocksize_bits);
|
sb->s_blocksize_bits);
|
||||||
|
out:
|
||||||
iput(inode);
|
iput(inode);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@@ -1774,6 +1770,8 @@ ext4_fc_replay_del_range(struct super_block *sb, struct ext4_fc_tl *tl,
|
|||||||
}
|
}
|
||||||
|
|
||||||
ret = ext4_fc_record_modified_inode(sb, inode->i_ino);
|
ret = ext4_fc_record_modified_inode(sb, inode->i_ino);
|
||||||
|
if (ret)
|
||||||
|
goto out;
|
||||||
|
|
||||||
jbd_debug(1, "DEL_RANGE, inode %ld, lblk %d, len %d\n",
|
jbd_debug(1, "DEL_RANGE, inode %ld, lblk %d, len %d\n",
|
||||||
inode->i_ino, le32_to_cpu(lrange.fc_lblk),
|
inode->i_ino, le32_to_cpu(lrange.fc_lblk),
|
||||||
@@ -1783,10 +1781,8 @@ ext4_fc_replay_del_range(struct super_block *sb, struct ext4_fc_tl *tl,
|
|||||||
map.m_len = remaining;
|
map.m_len = remaining;
|
||||||
|
|
||||||
ret = ext4_map_blocks(NULL, inode, &map, 0);
|
ret = ext4_map_blocks(NULL, inode, &map, 0);
|
||||||
if (ret < 0) {
|
if (ret < 0)
|
||||||
iput(inode);
|
goto out;
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
if (ret > 0) {
|
if (ret > 0) {
|
||||||
remaining -= ret;
|
remaining -= ret;
|
||||||
cur += ret;
|
cur += ret;
|
||||||
@@ -1801,15 +1797,13 @@ ext4_fc_replay_del_range(struct super_block *sb, struct ext4_fc_tl *tl,
|
|||||||
ret = ext4_ext_remove_space(inode, lrange.fc_lblk,
|
ret = ext4_ext_remove_space(inode, lrange.fc_lblk,
|
||||||
lrange.fc_lblk + lrange.fc_len - 1);
|
lrange.fc_lblk + lrange.fc_len - 1);
|
||||||
up_write(&EXT4_I(inode)->i_data_sem);
|
up_write(&EXT4_I(inode)->i_data_sem);
|
||||||
if (ret) {
|
if (ret)
|
||||||
iput(inode);
|
goto out;
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
ext4_ext_replay_shrink_inode(inode,
|
ext4_ext_replay_shrink_inode(inode,
|
||||||
i_size_read(inode) >> sb->s_blocksize_bits);
|
i_size_read(inode) >> sb->s_blocksize_bits);
|
||||||
ext4_mark_inode_dirty(NULL, inode);
|
ext4_mark_inode_dirty(NULL, inode);
|
||||||
|
out:
|
||||||
iput(inode);
|
iput(inode);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user