[PATCH 2/2] ext4: fix eofblock flag handling

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



- Fix NULL pointer deference on error path
- Extent header we found may be not latest node of the inode. In order to
  find latest extent we have to traverse a path from very beginning.

https://bugzilla.kernel.org/show_bug.cgi?id=15792

Signed-off-by: Dmitry Monakhov <dmonakhov@xxxxxxxxxx>
---
 fs/ext4/extents.c |   50 +++++++++++++++++++++++++++++++++++++++-----------
 1 files changed, 39 insertions(+), 11 deletions(-)

diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
index 7c7b1d5..13758c3 100644
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -3327,7 +3327,7 @@ int ext4_ext_get_blocks(handle_t *handle, struct inode *inode,
 {
 	struct ext4_ext_path *path = NULL;
 	struct ext4_extent_header *eh;
-	struct ext4_extent newex, *ex, *last_ex;
+	struct ext4_extent newex, *ex;
 	ext4_fsblk_t newblock;
 	int err = 0, depth, ret, cache_type;
 	unsigned int allocated = 0;
@@ -3510,17 +3510,38 @@ int ext4_ext_get_blocks(handle_t *handle, struct inode *inode,
 	}
 
 	if (unlikely(ext4_test_inode_flag(inode, EXT4_INODE_EOFBLOCKS))) {
-		if (unlikely(!eh->eh_entries)) {
-			EXT4_ERROR_INODE(inode,
-					 "eh->eh_entries == 0 ee_block %d",
-					 ex->ee_block);
-			err = -EIO;
-			goto out2;
-		}
-		last_ex = EXT_LAST_EXTENT(eh);
+		struct ext4_extent *last_ex = EXT_LAST_EXTENT(eh);
+		/*
+		 * Optimization: Extent header we found may not be the latest
+		 * extent of the inode, but it is already in-core memory.
+		 * Let's test against this EH to avoid unecessery IO.
+		*/
+		if (unlikely(!eh->eh_entries))
+			goto bad_eh;
 		if (iblock + ar.len > le32_to_cpu(last_ex->ee_block)
-		    + ext4_ext_get_actual_len(last_ex))
-			ext4_clear_inode_flag(inode, EXT4_INODE_EOFBLOCKS);
+			+ ext4_ext_get_actual_len(last_ex)) {
+			struct ext4_ext_path *path2;
+			struct ext4_extent_header *eh2;
+			/* Real search of the latests extent is necessery */
+			path2 = ext4_ext_find_extent(inode, EXT_MAX_BLOCK, NULL);
+			eh2 = path2[depth].p_hdr;
+			if (IS_ERR(path2)) {
+				err = PTR_ERR(path2);
+				goto out2;
+			}
+			last_ex = path2[depth].p_ext;
+			if (unlikely(!eh2->eh_entries || !last_ex)) {
+				ext4_ext_drop_refs(path2);
+				kfree(path2);
+				goto bad_eh;
+			}
+			if (iblock + ar.len > le32_to_cpu(last_ex->ee_block)
+				+ ext4_ext_get_actual_len(last_ex))
+				ext4_clear_inode_flag(inode, EXT4_INODE_EOFBLOCKS);
+			ext4_ext_drop_refs(path2);
+			kfree(path2);
+		}
+
 	}
 	err = ext4_ext_insert_extent(handle, inode, path, &newex, flags);
 	if (err) {
@@ -3570,6 +3591,12 @@ out2:
 		kfree(path);
 	}
 	return err ? err : allocated;
+
+bad_eh:
+	EXT4_ERROR_INODE(inode, "eh->eh_entries == 0, i_flags = %lx iblock = %u"
+			, EXT4_I(inode)->i_flags, iblock);
+	err = -EIO;
+	goto out2;
 }
 
 void ext4_ext_truncate(struct inode *inode)
@@ -3580,6 +3607,7 @@ void ext4_ext_truncate(struct inode *inode)
 	handle_t *handle;
 	int err = 0;
 
+	BUG_ON(ext4_test_inode_flag(inode, EXT4_INODE_EOFBLOCKS));
 	/*
 	 * probably first extent we're gonna free will be last in block
 	 */
-- 
1.6.6.1

--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Reiser Filesystem Development]     [Ceph FS]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite National Park]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]     [Linux Media]

  Powered by Linux