From ca7df5f3ceddd317b1f55100a10833df90a46254 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 10 Nov 2014 12:02:43 +0900 Subject: [PATCH] 3.10-stable patches added patches: ext4-add-ext4_iget_normal-which-is-to-be-used-for-dir-tree-lookups.patch ext4-check-ea-value-offset-when-loading.patch ext4-check-s_chksum_driver-when-looking-for-bg-csum-presence.patch ext4-don-t-check-quota-format-when-there-are-no-quota-files.patch ext4-fix-oops-when-loading-block-bitmap-failed.patch ext4-fix-overflow-when-updating-superblock-backups-after-resize.patch ext4-fix-reservation-overflow-in-ext4_da_write_begin.patch ext4-grab-missed-write_count-for-ext4_ioc_swap_boot.patch jbd2-free-bh-when-descriptor-block-checksum-fails.patch --- ...h-is-to-be-used-for-dir-tree-lookups.patch | 87 +++++++++++++++ ...4-check-ea-value-offset-when-loading.patch | 100 ++++++++++++++++++ ...er-when-looking-for-bg-csum-presence.patch | 61 +++++++++++ ...format-when-there-are-no-quota-files.patch | 38 +++++++ ...ops-when-loading-block-bitmap-failed.patch | 35 ++++++ ...ting-superblock-backups-after-resize.patch | 36 +++++++ ...tion-overflow-in-ext4_da_write_begin.patch | 79 ++++++++++++++ ...d-write_count-for-ext4_ioc_swap_boot.patch | 63 +++++++++++ ...when-descriptor-block-checksum-fails.patch | 34 ++++++ queue-3.10/series | 9 ++ 10 files changed, 542 insertions(+) create mode 100644 queue-3.10/ext4-add-ext4_iget_normal-which-is-to-be-used-for-dir-tree-lookups.patch create mode 100644 queue-3.10/ext4-check-ea-value-offset-when-loading.patch create mode 100644 queue-3.10/ext4-check-s_chksum_driver-when-looking-for-bg-csum-presence.patch create mode 100644 queue-3.10/ext4-don-t-check-quota-format-when-there-are-no-quota-files.patch create mode 100644 queue-3.10/ext4-fix-oops-when-loading-block-bitmap-failed.patch create mode 100644 queue-3.10/ext4-fix-overflow-when-updating-superblock-backups-after-resize.patch create mode 100644 queue-3.10/ext4-fix-reservation-overflow-in-ext4_da_write_begin.patch create mode 100644 queue-3.10/ext4-grab-missed-write_count-for-ext4_ioc_swap_boot.patch create mode 100644 queue-3.10/jbd2-free-bh-when-descriptor-block-checksum-fails.patch diff --git a/queue-3.10/ext4-add-ext4_iget_normal-which-is-to-be-used-for-dir-tree-lookups.patch b/queue-3.10/ext4-add-ext4_iget_normal-which-is-to-be-used-for-dir-tree-lookups.patch new file mode 100644 index 00000000000..7df8e969d34 --- /dev/null +++ b/queue-3.10/ext4-add-ext4_iget_normal-which-is-to-be-used-for-dir-tree-lookups.patch @@ -0,0 +1,87 @@ +From f4bb2981024fc91b23b4d09a8817c415396dbabb Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o +Date: Sun, 5 Oct 2014 22:56:00 -0400 +Subject: ext4: add ext4_iget_normal() which is to be used for dir tree lookups + +From: Theodore Ts'o + +commit f4bb2981024fc91b23b4d09a8817c415396dbabb upstream. + +If there is a corrupted file system which has directory entries that +point at reserved, metadata inodes, prohibit them from being used by +treating them the same way we treat Boot Loader inodes --- that is, +mark them to be bad inodes. This prohibits them from being opened, +deleted, or modified via chmod, chown, utimes, etc. + +In particular, this prevents a corrupted file system which has a +directory entry which points at the journal inode from being deleted +and its blocks released, after which point Much Hilarity Ensues. + +Reported-by: Sami Liedes +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/ext4.h | 1 + + fs/ext4/inode.c | 7 +++++++ + fs/ext4/namei.c | 4 ++-- + fs/ext4/super.c | 2 +- + 4 files changed, 11 insertions(+), 3 deletions(-) + +--- a/fs/ext4/ext4.h ++++ b/fs/ext4/ext4.h +@@ -2088,6 +2088,7 @@ int do_journal_get_write_access(handle_t + #define CONVERT_INLINE_DATA 2 + + extern struct inode *ext4_iget(struct super_block *, unsigned long); ++extern struct inode *ext4_iget_normal(struct super_block *, unsigned long); + extern int ext4_write_inode(struct inode *, struct writeback_control *); + extern int ext4_setattr(struct dentry *, struct iattr *); + extern int ext4_getattr(struct vfsmount *mnt, struct dentry *dentry, +--- a/fs/ext4/inode.c ++++ b/fs/ext4/inode.c +@@ -4351,6 +4351,13 @@ bad_inode: + return ERR_PTR(ret); + } + ++struct inode *ext4_iget_normal(struct super_block *sb, unsigned long ino) ++{ ++ if (ino < EXT4_FIRST_INO(sb) && ino != EXT4_ROOT_INO) ++ return ERR_PTR(-EIO); ++ return ext4_iget(sb, ino); ++} ++ + static int ext4_inode_blocks_set(handle_t *handle, + struct ext4_inode *raw_inode, + struct ext4_inode_info *ei) +--- a/fs/ext4/namei.c ++++ b/fs/ext4/namei.c +@@ -1430,7 +1430,7 @@ static struct dentry *ext4_lookup(struct + dentry->d_name.name); + return ERR_PTR(-EIO); + } +- inode = ext4_iget(dir->i_sb, ino); ++ inode = ext4_iget_normal(dir->i_sb, ino); + if (inode == ERR_PTR(-ESTALE)) { + EXT4_ERROR_INODE(dir, + "deleted inode referenced: %u", +@@ -1461,7 +1461,7 @@ struct dentry *ext4_get_parent(struct de + return ERR_PTR(-EIO); + } + +- return d_obtain_alias(ext4_iget(child->d_inode->i_sb, ino)); ++ return d_obtain_alias(ext4_iget_normal(child->d_inode->i_sb, ino)); + } + + /* +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -964,7 +964,7 @@ static struct inode *ext4_nfs_get_inode( + * Currently we don't know the generation for parent directory, so + * a generation of 0 means "accept any" + */ +- inode = ext4_iget(sb, ino); ++ inode = ext4_iget_normal(sb, ino); + if (IS_ERR(inode)) + return ERR_CAST(inode); + if (generation && inode->i_generation != generation) { diff --git a/queue-3.10/ext4-check-ea-value-offset-when-loading.patch b/queue-3.10/ext4-check-ea-value-offset-when-loading.patch new file mode 100644 index 00000000000..1d54d1c8309 --- /dev/null +++ b/queue-3.10/ext4-check-ea-value-offset-when-loading.patch @@ -0,0 +1,100 @@ +From a0626e75954078cfacddb00a4545dde821170bc5 Mon Sep 17 00:00:00 2001 +From: "Darrick J. Wong" +Date: Tue, 16 Sep 2014 14:34:59 -0400 +Subject: ext4: check EA value offset when loading + +From: "Darrick J. Wong" + +commit a0626e75954078cfacddb00a4545dde821170bc5 upstream. + +When loading extended attributes, check each entry's value offset to +make sure it doesn't collide with the entries. + +Without this check it is easy to crash the kernel by mounting a +malicious FS containing a file with an EA wherein e_value_offs = 0 and +e_value_size > 0 and then deleting the EA, which corrupts the name +list. + +(See the f_ea_value_crash test's FS image in e2fsprogs for an example.) + +Signed-off-by: Darrick J. Wong +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/xattr.c | 32 ++++++++++++++++++++++++-------- + 1 file changed, 24 insertions(+), 8 deletions(-) + +--- a/fs/ext4/xattr.c ++++ b/fs/ext4/xattr.c +@@ -189,14 +189,28 @@ ext4_listxattr(struct dentry *dentry, ch + } + + static int +-ext4_xattr_check_names(struct ext4_xattr_entry *entry, void *end) ++ext4_xattr_check_names(struct ext4_xattr_entry *entry, void *end, ++ void *value_start) + { +- while (!IS_LAST_ENTRY(entry)) { +- struct ext4_xattr_entry *next = EXT4_XATTR_NEXT(entry); ++ struct ext4_xattr_entry *e = entry; ++ ++ while (!IS_LAST_ENTRY(e)) { ++ struct ext4_xattr_entry *next = EXT4_XATTR_NEXT(e); + if ((void *)next >= end) + return -EIO; +- entry = next; ++ e = next; + } ++ ++ while (!IS_LAST_ENTRY(entry)) { ++ if (entry->e_value_size != 0 && ++ (value_start + le16_to_cpu(entry->e_value_offs) < ++ (void *)e + sizeof(__u32) || ++ value_start + le16_to_cpu(entry->e_value_offs) + ++ le32_to_cpu(entry->e_value_size) > end)) ++ return -EIO; ++ entry = EXT4_XATTR_NEXT(entry); ++ } ++ + return 0; + } + +@@ -213,7 +227,8 @@ ext4_xattr_check_block(struct inode *ino + return -EIO; + if (!ext4_xattr_block_csum_verify(inode, bh->b_blocknr, BHDR(bh))) + return -EIO; +- error = ext4_xattr_check_names(BFIRST(bh), bh->b_data + bh->b_size); ++ error = ext4_xattr_check_names(BFIRST(bh), bh->b_data + bh->b_size, ++ bh->b_data); + if (!error) + set_buffer_verified(bh); + return error; +@@ -329,7 +344,7 @@ ext4_xattr_ibody_get(struct inode *inode + header = IHDR(inode, raw_inode); + entry = IFIRST(header); + end = (void *)raw_inode + EXT4_SB(inode->i_sb)->s_inode_size; +- error = ext4_xattr_check_names(entry, end); ++ error = ext4_xattr_check_names(entry, end, entry); + if (error) + goto cleanup; + error = ext4_xattr_find_entry(&entry, name_index, name, +@@ -457,7 +472,7 @@ ext4_xattr_ibody_list(struct dentry *den + raw_inode = ext4_raw_inode(&iloc); + header = IHDR(inode, raw_inode); + end = (void *)raw_inode + EXT4_SB(inode->i_sb)->s_inode_size; +- error = ext4_xattr_check_names(IFIRST(header), end); ++ error = ext4_xattr_check_names(IFIRST(header), end, IFIRST(header)); + if (error) + goto cleanup; + error = ext4_xattr_list_entries(dentry, IFIRST(header), +@@ -972,7 +987,8 @@ int ext4_xattr_ibody_find(struct inode * + is->s.here = is->s.first; + is->s.end = (void *)raw_inode + EXT4_SB(inode->i_sb)->s_inode_size; + if (ext4_test_inode_state(inode, EXT4_STATE_XATTR)) { +- error = ext4_xattr_check_names(IFIRST(header), is->s.end); ++ error = ext4_xattr_check_names(IFIRST(header), is->s.end, ++ IFIRST(header)); + if (error) + return error; + /* Find the named attribute. */ diff --git a/queue-3.10/ext4-check-s_chksum_driver-when-looking-for-bg-csum-presence.patch b/queue-3.10/ext4-check-s_chksum_driver-when-looking-for-bg-csum-presence.patch new file mode 100644 index 00000000000..6752417251e --- /dev/null +++ b/queue-3.10/ext4-check-s_chksum_driver-when-looking-for-bg-csum-presence.patch @@ -0,0 +1,61 @@ +From 813d32f91333e4c33d5a19b67167c4bae42dae75 Mon Sep 17 00:00:00 2001 +From: "Darrick J. Wong" +Date: Tue, 14 Oct 2014 02:35:49 -0400 +Subject: ext4: check s_chksum_driver when looking for bg csum presence + +From: "Darrick J. Wong" + +commit 813d32f91333e4c33d5a19b67167c4bae42dae75 upstream. + +Convert the ext4_has_group_desc_csum predicate to look for a checksum +driver instead of the metadata_csum flag and change the bg checksum +calculation function to look for GDT_CSUM before taking the crc16 +path. + +Without this patch, if we mount with ^uninit_bg,^metadata_csum and +later metadata_csum gets turned on by accident, the block group +checksum functions will incorrectly assume that checksumming is +enabled (metadata_csum) but that crc16 should be used +(!s_chksum_driver). This is totally wrong, so fix the predicate +and the checksum formula selection. + +(Granted, if the metadata_csum feature bit gets enabled on a live FS +then something underhanded is going on, but we could at least avoid +writing garbage into the on-disk fields.) + +Signed-off-by: Darrick J. Wong +Signed-off-by: Theodore Ts'o +Reviewed-by: Dmitry Monakhov +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/ext4.h | 4 ++-- + fs/ext4/super.c | 4 ++++ + 2 files changed, 6 insertions(+), 2 deletions(-) + +--- a/fs/ext4/ext4.h ++++ b/fs/ext4/ext4.h +@@ -2261,8 +2261,8 @@ extern int ext4_register_li_request(stru + static inline int ext4_has_group_desc_csum(struct super_block *sb) + { + return EXT4_HAS_RO_COMPAT_FEATURE(sb, +- EXT4_FEATURE_RO_COMPAT_GDT_CSUM | +- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM); ++ EXT4_FEATURE_RO_COMPAT_GDT_CSUM) || ++ (EXT4_SB(sb)->s_chksum_driver != NULL); + } + + static inline ext4_fsblk_t ext4_blocks_count(struct ext4_super_block *es) +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -1950,6 +1950,10 @@ static __le16 ext4_group_desc_csum(struc + } + + /* old crc16 code */ ++ if (!(sbi->s_es->s_feature_ro_compat & ++ cpu_to_le32(EXT4_FEATURE_RO_COMPAT_GDT_CSUM))) ++ return 0; ++ + offset = offsetof(struct ext4_group_desc, bg_checksum); + + crc = crc16(~0, sbi->s_es->s_uuid, sizeof(sbi->s_es->s_uuid)); diff --git a/queue-3.10/ext4-don-t-check-quota-format-when-there-are-no-quota-files.patch b/queue-3.10/ext4-don-t-check-quota-format-when-there-are-no-quota-files.patch new file mode 100644 index 00000000000..b9dcdc07450 --- /dev/null +++ b/queue-3.10/ext4-don-t-check-quota-format-when-there-are-no-quota-files.patch @@ -0,0 +1,38 @@ +From 279bf6d390933d5353ab298fcc306c391a961469 Mon Sep 17 00:00:00 2001 +From: Jan Kara +Date: Thu, 18 Sep 2014 01:12:15 -0400 +Subject: ext4: don't check quota format when there are no quota files + +From: Jan Kara + +commit 279bf6d390933d5353ab298fcc306c391a961469 upstream. + +The check whether quota format is set even though there are no +quota files with journalled quota is pointless and it actually +makes it impossible to turn off journalled quotas (as there's +no way to unset journalled quota format). Just remove the check. + +Signed-off-by: Jan Kara +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/super.c | 7 ------- + 1 file changed, 7 deletions(-) + +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -1632,13 +1632,6 @@ static int parse_options(char *options, + "not specified"); + return 0; + } +- } else { +- if (sbi->s_jquota_fmt) { +- ext4_msg(sb, KERN_ERR, "journaled quota format " +- "specified with no journaling " +- "enabled"); +- return 0; +- } + } + #endif + if (test_opt(sb, DIOREAD_NOLOCK)) { diff --git a/queue-3.10/ext4-fix-oops-when-loading-block-bitmap-failed.patch b/queue-3.10/ext4-fix-oops-when-loading-block-bitmap-failed.patch new file mode 100644 index 00000000000..c556fc137aa --- /dev/null +++ b/queue-3.10/ext4-fix-oops-when-loading-block-bitmap-failed.patch @@ -0,0 +1,35 @@ +From 599a9b77ab289d85c2d5c8607624efbe1f552b0f Mon Sep 17 00:00:00 2001 +From: Jan Kara +Date: Thu, 30 Oct 2014 10:53:16 -0400 +Subject: ext4: fix oops when loading block bitmap failed + +From: Jan Kara + +commit 599a9b77ab289d85c2d5c8607624efbe1f552b0f upstream. + +When we fail to load block bitmap in __ext4_new_inode() we will +dereference NULL pointer in ext4_journal_get_write_access(). So check +for error from ext4_read_block_bitmap(). + +Coverity-id: 989065 +Signed-off-by: Jan Kara +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/ialloc.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/fs/ext4/ialloc.c ++++ b/fs/ext4/ialloc.c +@@ -793,6 +793,10 @@ got: + struct buffer_head *block_bitmap_bh; + + block_bitmap_bh = ext4_read_block_bitmap(sb, group); ++ if (!block_bitmap_bh) { ++ err = -EIO; ++ goto out; ++ } + BUFFER_TRACE(block_bitmap_bh, "get block bitmap access"); + err = ext4_journal_get_write_access(handle, block_bitmap_bh); + if (err) { diff --git a/queue-3.10/ext4-fix-overflow-when-updating-superblock-backups-after-resize.patch b/queue-3.10/ext4-fix-overflow-when-updating-superblock-backups-after-resize.patch new file mode 100644 index 00000000000..b475f0b8b0f --- /dev/null +++ b/queue-3.10/ext4-fix-overflow-when-updating-superblock-backups-after-resize.patch @@ -0,0 +1,36 @@ +From 9378c6768e4fca48971e7b6a9075bc006eda981d Mon Sep 17 00:00:00 2001 +From: Jan Kara +Date: Thu, 30 Oct 2014 10:52:57 -0400 +Subject: ext4: fix overflow when updating superblock backups after resize + +From: Jan Kara + +commit 9378c6768e4fca48971e7b6a9075bc006eda981d upstream. + +When there are no meta block groups update_backups() will compute the +backup block in 32-bit arithmetics thus possibly overflowing the block +number and corrupting the filesystem. OTOH filesystems without meta +block groups larger than 16 TB should be rare. Fix the problem by doing +the counting in 64-bit arithmetics. + +Coverity-id: 741252 +Signed-off-by: Jan Kara +Signed-off-by: Theodore Ts'o +Reviewed-by: Lukas Czerner +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/resize.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/ext4/resize.c ++++ b/fs/ext4/resize.c +@@ -1066,7 +1066,7 @@ static void update_backups(struct super_ + break; + + if (meta_bg == 0) +- backup_block = group * bpg + blk_off; ++ backup_block = ((ext4_fsblk_t)group) * bpg + blk_off; + else + backup_block = (ext4_group_first_block_no(sb, group) + + ext4_bg_has_super(sb, group)); diff --git a/queue-3.10/ext4-fix-reservation-overflow-in-ext4_da_write_begin.patch b/queue-3.10/ext4-fix-reservation-overflow-in-ext4_da_write_begin.patch new file mode 100644 index 00000000000..4bdf598bbbc --- /dev/null +++ b/queue-3.10/ext4-fix-reservation-overflow-in-ext4_da_write_begin.patch @@ -0,0 +1,79 @@ +From 0ff8947fc5f700172b37cbca811a38eb9cb81e08 Mon Sep 17 00:00:00 2001 +From: Eric Sandeen +Date: Sat, 11 Oct 2014 19:51:17 -0400 +Subject: ext4: fix reservation overflow in ext4_da_write_begin + +From: Eric Sandeen + +commit 0ff8947fc5f700172b37cbca811a38eb9cb81e08 upstream. + +Delalloc write journal reservations only reserve 1 credit, +to update the inode if necessary. However, it may happen +once in a filesystem's lifetime that a file will cross +the 2G threshold, and require the LARGE_FILE feature to +be set in the superblock as well, if it was not set already. + +This overruns the transaction reservation, and can be +demonstrated simply on any ext4 filesystem without the LARGE_FILE +feature already set: + +dd if=/dev/zero of=testfile bs=1 seek=2147483646 count=1 \ + conv=notrunc of=testfile +sync +dd if=/dev/zero of=testfile bs=1 seek=2147483647 count=1 \ + conv=notrunc of=testfile + +leads to: + +EXT4-fs: ext4_do_update_inode:4296: aborting transaction: error 28 in __ext4_handle_dirty_super +EXT4-fs error (device loop0) in ext4_do_update_inode:4301: error 28 +EXT4-fs error (device loop0) in ext4_reserve_inode_write:4757: Readonly filesystem +EXT4-fs error (device loop0) in ext4_dirty_inode:4876: error 28 +EXT4-fs error (device loop0) in ext4_da_write_end:2685: error 28 + +Adjust the number of credits based on whether the flag is +already set, and whether the current write may extend past the +LARGE_FILE limit. + +Signed-off-by: Eric Sandeen +Signed-off-by: Theodore Ts'o +Reviewed-by: Andreas Dilger +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/inode.c | 17 ++++++++++++++++- + 1 file changed, 16 insertions(+), 1 deletion(-) + +--- a/fs/ext4/inode.c ++++ b/fs/ext4/inode.c +@@ -2647,6 +2647,20 @@ static int ext4_nonda_switch(struct supe + return 0; + } + ++/* We always reserve for an inode update; the superblock could be there too */ ++static int ext4_da_write_credits(struct inode *inode, loff_t pos, unsigned len) ++{ ++ if (likely(EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb, ++ EXT4_FEATURE_RO_COMPAT_LARGE_FILE))) ++ return 1; ++ ++ if (pos + len <= 0x7fffffffULL) ++ return 1; ++ ++ /* We might need to update the superblock to set LARGE_FILE */ ++ return 2; ++} ++ + static int ext4_da_write_begin(struct file *file, struct address_space *mapping, + loff_t pos, unsigned len, unsigned flags, + struct page **pagep, void **fsdata) +@@ -2697,7 +2711,8 @@ retry_grab: + * of file which has an already mapped buffer. + */ + retry_journal: +- handle = ext4_journal_start(inode, EXT4_HT_WRITE_PAGE, 1); ++ handle = ext4_journal_start(inode, EXT4_HT_WRITE_PAGE, ++ ext4_da_write_credits(inode, pos, len)); + if (IS_ERR(handle)) { + page_cache_release(page); + return PTR_ERR(handle); diff --git a/queue-3.10/ext4-grab-missed-write_count-for-ext4_ioc_swap_boot.patch b/queue-3.10/ext4-grab-missed-write_count-for-ext4_ioc_swap_boot.patch new file mode 100644 index 00000000000..15a836a3124 --- /dev/null +++ b/queue-3.10/ext4-grab-missed-write_count-for-ext4_ioc_swap_boot.patch @@ -0,0 +1,63 @@ +From 3e67cfad22230ebed85c56cbe413876f33fea82b Mon Sep 17 00:00:00 2001 +From: Dmitry Monakhov +Date: Fri, 3 Oct 2014 12:47:23 -0400 +Subject: ext4: grab missed write_count for EXT4_IOC_SWAP_BOOT + +From: Dmitry Monakhov + +commit 3e67cfad22230ebed85c56cbe413876f33fea82b upstream. + +Otherwise this provokes complain like follows: +WARNING: CPU: 12 PID: 5795 at fs/ext4/ext4_jbd2.c:48 ext4_journal_check_start+0x4e/0xa0() +Modules linked in: brd iTCO_wdt lpc_ich mfd_core igb ptp dm_mirror dm_region_hash dm_log dm_mod +CPU: 12 PID: 5795 Comm: python Not tainted 3.17.0-rc2-00175-gae5344f #158 +Hardware name: Intel Corporation W2600CR/W2600CR, BIOS SE5C600.86B.99.99.x028.061320111235 06/13/2011 + 0000000000000030 ffff8808116cfd28 ffffffff815c7dfc 0000000000000030 + 0000000000000000 ffff8808116cfd68 ffffffff8106ce8c ffff8808116cfdc8 + ffff880813b16000 ffff880806ad6ae8 ffffffff81202008 0000000000000000 +Call Trace: + [] dump_stack+0x51/0x6d + [] warn_slowpath_common+0x8c/0xc0 + [] ? ext4_ioctl+0x9e8/0xeb0 + [] warn_slowpath_null+0x1a/0x20 + [] ext4_journal_check_start+0x4e/0xa0 + [] __ext4_journal_start_sb+0x90/0x110 + [] ext4_ioctl+0x9e8/0xeb0 + [] ? ptrace_stop+0x24d/0x2f0 + [] ? alloc_pid+0x480/0x480 + [] ? ptrace_do_notify+0x92/0xb0 + [] do_vfs_ioctl+0x4e5/0x550 + [] ? _raw_spin_unlock_irq+0x2b/0x40 + [] SyS_ioctl+0x53/0x80 + [] tracesys+0xd0/0xd5 + +Reviewed-by: Jan Kara +Signed-off-by: Dmitry Monakhov +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/ioctl.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +--- a/fs/ext4/ioctl.c ++++ b/fs/ext4/ioctl.c +@@ -549,9 +549,17 @@ group_add_out: + } + + case EXT4_IOC_SWAP_BOOT: ++ { ++ int err; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; +- return swap_inode_boot_loader(sb, inode); ++ err = mnt_want_write_file(filp); ++ if (err) ++ return err; ++ err = swap_inode_boot_loader(sb, inode); ++ mnt_drop_write_file(filp); ++ return err; ++ } + + case EXT4_IOC_RESIZE_FS: { + ext4_fsblk_t n_blocks_count; diff --git a/queue-3.10/jbd2-free-bh-when-descriptor-block-checksum-fails.patch b/queue-3.10/jbd2-free-bh-when-descriptor-block-checksum-fails.patch new file mode 100644 index 00000000000..a70011786ad --- /dev/null +++ b/queue-3.10/jbd2-free-bh-when-descriptor-block-checksum-fails.patch @@ -0,0 +1,34 @@ +From 064d83892e9ba547f7d4eae22cbca066d95210ce Mon Sep 17 00:00:00 2001 +From: "Darrick J. Wong" +Date: Tue, 16 Sep 2014 14:43:09 -0400 +Subject: jbd2: free bh when descriptor block checksum fails + +From: "Darrick J. Wong" + +commit 064d83892e9ba547f7d4eae22cbca066d95210ce upstream. + +Free the buffer head if the journal descriptor block fails checksum +verification. + +This is the jbd2 port of the e2fsprogs patch "e2fsck: free bh on csum +verify error in do_one_pass". + +Signed-off-by: Darrick J. Wong +Signed-off-by: Theodore Ts'o +Reviewed-by: Eric Sandeen +Signed-off-by: Greg Kroah-Hartman + +--- + fs/jbd2/recovery.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/jbd2/recovery.c ++++ b/fs/jbd2/recovery.c +@@ -522,6 +522,7 @@ static int do_one_pass(journal_t *journa + !jbd2_descr_block_csum_verify(journal, + bh->b_data)) { + err = -EIO; ++ brelse(bh); + goto failed; + } + diff --git a/queue-3.10/series b/queue-3.10/series index 8bd3d942398..3770e374153 100644 --- a/queue-3.10/series +++ b/queue-3.10/series @@ -61,3 +61,12 @@ qla_target-don-t-delete-changed-nacls.patch target-fix-queue-full-status-null-pointer-for-scf_transport_task_sense.patch target-fix-aptpl-metadata-handling-for-dynamic-mappedluns.patch mips-tlbex-properly-fix-huge-tlb-refill-exception-handler.patch +jbd2-free-bh-when-descriptor-block-checksum-fails.patch +ext4-check-ea-value-offset-when-loading.patch +ext4-don-t-check-quota-format-when-there-are-no-quota-files.patch +ext4-grab-missed-write_count-for-ext4_ioc_swap_boot.patch +ext4-add-ext4_iget_normal-which-is-to-be-used-for-dir-tree-lookups.patch +ext4-fix-reservation-overflow-in-ext4_da_write_begin.patch +ext4-check-s_chksum_driver-when-looking-for-bg-csum-presence.patch +ext4-fix-overflow-when-updating-superblock-backups-after-resize.patch +ext4-fix-oops-when-loading-block-bitmap-failed.patch -- 2.47.3