On Oct 20, 2016, at 12:19 PM, Eric Sandeen <sandeen@xxxxxxxxxx> wrote: > > In ext4_put_super, we call brelse on the buffer head containing > the ext4 superblock, but then try to use it when we stop the > mmp thread, because when the thread shuts down it does: > > write_mmp_block > ext4_mmp_csum_set > ext4_has_metadata_csum > WARN_ON_ONCE(ext4_has_feature_metadata_csum(sb)...) > > which reaches into sb->s_fs_info->s_es->s_feature_ro_compat, > which lives in the superblock buffer s_sbh which we just released. > > Fix this by moving the brelse down to a point where we are no > longer using it. > > Reported-by: Wang Shu <shuwang@xxxxxxxxxx> > Signed-off-by: Eric Sandeen <sandeen@xxxxxxxxxx> Reviewed-by: Andreas Dilger <adilger@xxxxxxxxx> > --- > > Note: found by inspection after a bug report via KASAN, > compile-tested only. > > diff --git a/fs/ext4/super.c b/fs/ext4/super.c > index 6db81fb..f273212 100644 > --- a/fs/ext4/super.c > +++ b/fs/ext4/super.c > @@ -862,7 +862,6 @@ static void ext4_put_super(struct super_block *sb) > percpu_counter_destroy(&sbi->s_dirs_counter); > percpu_counter_destroy(&sbi->s_dirtyclusters_counter); > percpu_free_rwsem(&sbi->s_journal_flag_rwsem); > - brelse(sbi->s_sbh); > #ifdef CONFIG_QUOTA > for (i = 0; i < EXT4_MAXQUOTAS; i++) > kfree(sbi->s_qf_names[i]); > @@ -894,6 +893,9 @@ static void ext4_put_super(struct super_block *sb) > } > if (sbi->s_mmp_tsk) > kthread_stop(sbi->s_mmp_tsk); > + > + /* Don't let this go until everything is done with the ext4 super */ > + brelse(sbi->s_sbh); > sb->s_fs_info = NULL; > /* > * Now that we are completely done shutting down the > > > -- > To unsubscribe from this list: send the line "unsubscribe linux-ext4" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html Cheers, Andreas
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
