[PATCH] add ext3-release-race.patch

author chrisw@osdl.org <chrisw@osdl.org>

Thu, 24 Mar 2005 21:44:35 +0000 (13:44 -0800)

committer Greg KH <gregkh@suse.de>

Thu, 12 May 2005 05:15:40 +0000 (22:15 -0700)
author chrisw@osdl.org <chrisw@osdl.org>
Thu, 24 Mar 2005 21:44:35 +0000 (13:44 -0800)
committer Greg KH <gregkh@suse.de>
Thu, 12 May 2005 05:15:40 +0000 (22:15 -0700)
diff --git a/queue/ext3-release-race.patch b/queue/ext3-release-race.patch

new file mode 100644 (file)

index 0000000..89b2ae5
--- /dev/null
+++ b/queue/ext3-release-race.patch
@@ -0,0 +1,56 @@
+From linux-kernel-owner+chrisw=40osdl.org-S262440AbVCXKkU@vger.kernel.org  Thu Mar 24 02:42:49 2005
+Date:  Thu, 24 Mar 2005 11:39:45 +0100
+From: Jan Kara <jack@suse.cz>
+To: Mark Wong <markw@osdl.org>, linux-kernel@vger.kernel.org, sct@redhat.com
+Subject: [PATCH] Prevent race condition in jbd
+
+From: Stephen Tweedie
+Subject: Prevent race condition in jbd
+
+This patch from Stephen Tweedie which fixes a race in jbd code (it
+demonstrated itself as more or less random NULL dereferences in the
+journal code).
+
+Acked-by: Jan Kara <jack@suse.cz>
+Acked-by: Chris Mason <mason@suse.com>
+Signed-off-by: Chris Wright <chrisw@osdl.org>
+
+--- linux-2.6-ext3/fs/jbd/transaction.c.=K0000=.orig
++++ linux-2.6-ext3/fs/jbd/transaction.c
+@@ -1775,10 +1775,10 @@ static int journal_unmap_buffer(journal_
+                       JBUFFER_TRACE(jh, "checkpointed: add to BJ_Forget");
+                       ret = __dispose_buffer(jh,
+                                       journal->j_running_transaction);
++                      journal_put_journal_head(jh);
+                       spin_unlock(&journal->j_list_lock);
+                       jbd_unlock_bh_state(bh);
+                       spin_unlock(&journal->j_state_lock);
+-                      journal_put_journal_head(jh);
+                       return ret;
+               } else {
+                       /* There is no currently-running transaction. So the
+@@ -1789,10 +1789,10 @@ static int journal_unmap_buffer(journal_
+                               JBUFFER_TRACE(jh, "give to committing trans");
+                               ret = __dispose_buffer(jh,
+                                       journal->j_committing_transaction);
++                              journal_put_journal_head(jh);
+                               spin_unlock(&journal->j_list_lock);
+                               jbd_unlock_bh_state(bh);
+                               spin_unlock(&journal->j_state_lock);
+-                              journal_put_journal_head(jh);
+                               return ret;
+                       } else {
+                               /* The orphan record's transaction has
+@@ -1813,10 +1813,10 @@ static int journal_unmap_buffer(journal_
+                                       journal->j_running_transaction);
+                       jh->b_next_transaction = NULL;
+               }
++              journal_put_journal_head(jh);
+               spin_unlock(&journal->j_list_lock);
+               jbd_unlock_bh_state(bh);
+               spin_unlock(&journal->j_state_lock);
+-              journal_put_journal_head(jh);
+               return 0;
+       } else {
+               /* Good, the buffer belongs to the running transaction.
+
author	chrisw@osdl.org <chrisw@osdl.org>
	Thu, 24 Mar 2005 21:44:35 +0000 (13:44 -0800)
committer	Greg KH <gregkh@suse.de>
	Thu, 12 May 2005 05:15:40 +0000 (22:15 -0700)