From: Luis Henriques (SUSE) <luis.henriques@xxxxxxxxx> commit faab35a0370fd6e0821c7a8dd213492946fc776f upstream. Calling ext4_fc_mark_ineligible() with a NULL handle is racy and may result in a fast-commit being done before the filesystem is effectively marked as ineligible. This patch fixes the calls to this function in __track_dentry_update() by adding an extra parameter to the callback used in ext4_fc_track_template(). Suggested-by: Jan Kara <jack@xxxxxxx> Signed-off-by: Luis Henriques (SUSE) <luis.henriques@xxxxxxxxx> Reviewed-by: Jan Kara <jack@xxxxxxx> Link: https://patch.msgid.link/20240923104909.18342-2-luis.henriques@xxxxxxxxx Signed-off-by: Theodore Ts'o <tytso@xxxxxxx> Cc: stable@xxxxxxxxxx Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- fs/ext4/fast_commit.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) --- a/fs/ext4/fast_commit.c +++ b/fs/ext4/fast_commit.c @@ -344,7 +344,7 @@ void ext4_fc_mark_ineligible(struct supe */ static int ext4_fc_track_template( handle_t *handle, struct inode *inode, - int (*__fc_track_fn)(struct inode *, void *, bool), + int (*__fc_track_fn)(handle_t *handle, struct inode *, void *, bool), void *args, int enqueue) { bool update = false; @@ -361,7 +361,7 @@ static int ext4_fc_track_template( ext4_fc_reset_inode(inode); ei->i_sync_tid = tid; } - ret = __fc_track_fn(inode, args, update); + ret = __fc_track_fn(handle, inode, args, update); mutex_unlock(&ei->i_fc_lock); if (!enqueue) @@ -385,7 +385,8 @@ struct __track_dentry_update_args { }; /* __track_fn for directory entry updates. Called with ei->i_fc_lock. */ -static int __track_dentry_update(struct inode *inode, void *arg, bool update) +static int __track_dentry_update(handle_t *handle, struct inode *inode, + void *arg, bool update) { struct ext4_fc_dentry_update *node; struct ext4_inode_info *ei = EXT4_I(inode); @@ -400,14 +401,14 @@ static int __track_dentry_update(struct if (IS_ENCRYPTED(dir)) { ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_ENCRYPTED_FILENAME, - NULL); + handle); mutex_lock(&ei->i_fc_lock); return -EOPNOTSUPP; } node = kmem_cache_alloc(ext4_fc_dentry_cachep, GFP_NOFS); if (!node) { - ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_NOMEM, NULL); + ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_NOMEM, handle); mutex_lock(&ei->i_fc_lock); return -ENOMEM; } @@ -419,7 +420,7 @@ static int __track_dentry_update(struct node->fcd_name.name = kmalloc(dentry->d_name.len, GFP_NOFS); if (!node->fcd_name.name) { kmem_cache_free(ext4_fc_dentry_cachep, node); - ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_NOMEM, NULL); + ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_NOMEM, handle); mutex_lock(&ei->i_fc_lock); return -ENOMEM; } @@ -533,7 +534,8 @@ void ext4_fc_track_create(handle_t *hand } /* __track_fn for inode tracking */ -static int __track_inode(struct inode *inode, void *arg, bool update) +static int __track_inode(handle_t *handle, struct inode *inode, void *arg, + bool update) { if (update) return -EEXIST; @@ -573,7 +575,8 @@ struct __track_range_args { }; /* __track_fn for tracking data updates */ -static int __track_range(struct inode *inode, void *arg, bool update) +static int __track_range(handle_t *handle, struct inode *inode, void *arg, + bool update) { struct ext4_inode_info *ei = EXT4_I(inode); ext4_lblk_t oldstart; Patches currently in stable-queue which might be from luis.henriques@xxxxxxxxx are queue-5.15/ext4-mark-fc-as-ineligible-using-an-handle-in-ext4_xattr_set.patch queue-5.15/ext4-fix-incorrect-tid-assumption-in-ext4_wait_for_tail_page_commit.patch queue-5.15/ext4-fix-fast-commit-inode-enqueueing-during-a-full-journal-commit.patch queue-5.15/ext4-fix-incorrect-tid-assumption-in-jbd2_journal_shrink_checkpoint_list.patch queue-5.15/ext4-fix-incorrect-tid-assumption-in-__jbd2_log_wait_for_space.patch queue-5.15/ext4-use-handle-to-mark-fc-as-ineligible-in-__track_dentry_update.patch