This is a note to let you know that I've just added the patch titled
ext4: fix inline data error paths
to the 4.9-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
ext4-fix-inline-data-error-paths.patch
and it can be found in the queue-4.9 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From eb5efbcb762aee4b454b04f7115f73ccbcf8f0ef Mon Sep 17 00:00:00 2001
From: Theodore Ts'o <tytso@xxxxxxx>
Date: Sat, 4 Feb 2017 23:04:00 -0500
Subject: ext4: fix inline data error paths
From: Theodore Ts'o <tytso@xxxxxxx>
commit eb5efbcb762aee4b454b04f7115f73ccbcf8f0ef upstream.
The write_end() function must always unlock the page and drop its ref
count, even on an error.
Signed-off-by: Theodore Ts'o <tytso@xxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
fs/ext4/inline.c | 9 ++++++++-
fs/ext4/inode.c | 20 +++++++++++++++-----
2 files changed, 23 insertions(+), 6 deletions(-)
--- a/fs/ext4/inline.c
+++ b/fs/ext4/inline.c
@@ -933,8 +933,15 @@ int ext4_da_write_inline_data_end(struct
struct page *page)
{
int i_size_changed = 0;
+ int ret;
- copied = ext4_write_inline_data_end(inode, pos, len, copied, page);
+ ret = ext4_write_inline_data_end(inode, pos, len, copied, page);
+ if (ret < 0) {
+ unlock_page(page);
+ put_page(page);
+ return ret;
+ }
+ copied = ret;
/*
* No need to use i_size_read() here, the i_size
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -1324,8 +1324,11 @@ static int ext4_write_end(struct file *f
if (ext4_has_inline_data(inode)) {
ret = ext4_write_inline_data_end(inode, pos, len,
copied, page);
- if (ret < 0)
+ if (ret < 0) {
+ unlock_page(page);
+ put_page(page);
goto errout;
+ }
copied = ret;
} else
copied = block_write_end(file, mapping, pos,
@@ -1427,10 +1430,16 @@ static int ext4_journalled_write_end(str
BUG_ON(!ext4_handle_valid(handle));
- if (ext4_has_inline_data(inode))
- copied = ext4_write_inline_data_end(inode, pos, len,
- copied, page);
- else if (unlikely(copied < len) && !PageUptodate(page)) {
+ if (ext4_has_inline_data(inode)) {
+ ret = ext4_write_inline_data_end(inode, pos, len,
+ copied, page);
+ if (ret < 0) {
+ unlock_page(page);
+ put_page(page);
+ goto errout;
+ }
+ copied = ret;
+ } else if (unlikely(copied < len) && !PageUptodate(page)) {
copied = 0;
ext4_journalled_zero_new_buffers(handle, page, from, to);
} else {
@@ -1465,6 +1474,7 @@ static int ext4_journalled_write_end(str
*/
ext4_orphan_add(handle, inode);
+errout:
ret2 = ext4_journal_stop(handle);
if (!ret)
ret = ret2;
Patches currently in stable-queue which might be from tytso@xxxxxxx are
queue-4.9/ext4-fix-data-corruption-in-data-journal-mode.patch
queue-4.9/ext4-fix-use-after-iput-when-fscrypt-contexts-are-inconsistent.patch
queue-4.9/ext4-return-erofs-if-device-is-r-o-and-journal-replay-is-needed.patch
queue-4.9/ext4-include-forgotten-start-block-on-fallocate-insert-range.patch
queue-4.9/ext4-preserve-the-needs_recovery-flag-when-the-journal-is-aborted.patch
queue-4.9/ext4-fix-deadlock-between-inline_data-and-ext4_expand_extra_isize_ea.patch
queue-4.9/ext4-trim-allocation-requests-to-group-size.patch
queue-4.9/ext4-do-not-polute-the-extents-cache-while-shifting-extents.patch
queue-4.9/ext4-fix-inline-data-error-paths.patch
queue-4.9/jbd2-don-t-leak-modified-metadata-buffers-on-an-aborted-journal.patch