From: chrisw@osdl.org <chrisw@osdl.org>
Date: Thu, 24 Mar 2005 21:44:35 +0000 (-0800)
Subject: [PATCH] add ext3-release-race.patch
X-Git-Tag: v2.6.11.9~29
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=20607f18836e6ecdef0525978e70f569531a2dd9;p=thirdparty%2Fkernel%2Fstable-queue.git

[PATCH] add ext3-release-race.patch
---

diff --git a/queue/ext3-release-race.patch b/queue/ext3-release-race.patch
new file mode 100644
index 00000000000..89b2ae55561
--- /dev/null
+++ b/queue/ext3-release-race.patch
@@ -0,0 +1,56 @@
+From linux-kernel-owner+chrisw=40osdl.org-S262440AbVCXKkU@vger.kernel.org  Thu Mar 24 02:42:49 2005
+Date: 	Thu, 24 Mar 2005 11:39:45 +0100
+From: Jan Kara <jack@suse.cz>
+To: Mark Wong <markw@osdl.org>, linux-kernel@vger.kernel.org, sct@redhat.com
+Subject: [PATCH] Prevent race condition in jbd
+
+From: Stephen Tweedie
+Subject: Prevent race condition in jbd
+
+This patch from Stephen Tweedie which fixes a race in jbd code (it
+demonstrated itself as more or less random NULL dereferences in the
+journal code).
+
+Acked-by: Jan Kara <jack@suse.cz>
+Acked-by: Chris Mason <mason@suse.com>
+Signed-off-by: Chris Wright <chrisw@osdl.org>
+
+--- linux-2.6-ext3/fs/jbd/transaction.c.=K0000=.orig
++++ linux-2.6-ext3/fs/jbd/transaction.c
+@@ -1775,10 +1775,10 @@ static int journal_unmap_buffer(journal_
+ 			JBUFFER_TRACE(jh, "checkpointed: add to BJ_Forget");
+ 			ret = __dispose_buffer(jh,
+ 					journal->j_running_transaction);
++			journal_put_journal_head(jh);
+ 			spin_unlock(&journal->j_list_lock);
+ 			jbd_unlock_bh_state(bh);
+ 			spin_unlock(&journal->j_state_lock);
+-			journal_put_journal_head(jh);
+ 			return ret;
+ 		} else {
+ 			/* There is no currently-running transaction. So the
+@@ -1789,10 +1789,10 @@ static int journal_unmap_buffer(journal_
+ 				JBUFFER_TRACE(jh, "give to committing trans");
+ 				ret = __dispose_buffer(jh,
+ 					journal->j_committing_transaction);
++				journal_put_journal_head(jh);
+ 				spin_unlock(&journal->j_list_lock);
+ 				jbd_unlock_bh_state(bh);
+ 				spin_unlock(&journal->j_state_lock);
+-				journal_put_journal_head(jh);
+ 				return ret;
+ 			} else {
+ 				/* The orphan record's transaction has
+@@ -1813,10 +1813,10 @@ static int journal_unmap_buffer(journal_
+ 					journal->j_running_transaction);
+ 			jh->b_next_transaction = NULL;
+ 		}
++		journal_put_journal_head(jh);
+ 		spin_unlock(&journal->j_list_lock);
+ 		jbd_unlock_bh_state(bh);
+ 		spin_unlock(&journal->j_state_lock);
+-		journal_put_journal_head(jh);
+ 		return 0;
+ 	} else {
+ 		/* Good, the buffer belongs to the running transaction.
+