Skip to content

Commit ffb5387

Browse files
Eric Sandeentytso
authored andcommitted
ext4: fix unjournaled inode bitmap modification
commit 119c0d4 changed ext4_new_inode() such that the inode bitmap was being modified outside a transaction, which could lead to corruption, and was discovered when journal_checksum found a bad checksum in the journal during log replay. Nix ran into this when using the journal_async_commit mount option, which enables journal checksumming. The ensuing journal replay failures due to the bad checksums led to filesystem corruption reported as the now infamous "Apparent serious progressive ext4 data corruption bug" [ Changed by tytso to only call ext4_journal_get_write_access() only when we're fairly certain that we're going to allocate the inode. ] I've tested this by mounting with journal_checksum and running fsstress then dropping power; I've also tested by hacking DM to create snapshots w/o first quiescing, which allows me to test journal replay repeatedly w/o actually power-cycling the box. Without the patch I hit a journal checksum error every time. With this fix it survives many iterations. Reported-by: Nix <nix@esperi.org.uk> Signed-off-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu> Cc: stable@vger.kernel.org
1 parent 8f0d816 commit ffb5387

File tree

1 file changed

+9
-10
lines changed

1 file changed

+9
-10
lines changed

fs/ext4/ialloc.c

Lines changed: 9 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -725,6 +725,10 @@ struct inode *ext4_new_inode(handle_t *handle, struct inode *dir, umode_t mode,
725725
"inode=%lu", ino + 1);
726726
continue;
727727
}
728+
BUFFER_TRACE(inode_bitmap_bh, "get_write_access");
729+
err = ext4_journal_get_write_access(handle, inode_bitmap_bh);
730+
if (err)
731+
goto fail;
728732
ext4_lock_group(sb, group);
729733
ret2 = ext4_test_and_set_bit(ino, inode_bitmap_bh->b_data);
730734
ext4_unlock_group(sb, group);
@@ -738,6 +742,11 @@ struct inode *ext4_new_inode(handle_t *handle, struct inode *dir, umode_t mode,
738742
goto out;
739743

740744
got:
745+
BUFFER_TRACE(inode_bitmap_bh, "call ext4_handle_dirty_metadata");
746+
err = ext4_handle_dirty_metadata(handle, NULL, inode_bitmap_bh);
747+
if (err)
748+
goto fail;
749+
741750
/* We may have to initialize the block bitmap if it isn't already */
742751
if (ext4_has_group_desc_csum(sb) &&
743752
gdp->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT)) {
@@ -771,11 +780,6 @@ struct inode *ext4_new_inode(handle_t *handle, struct inode *dir, umode_t mode,
771780
goto fail;
772781
}
773782

774-
BUFFER_TRACE(inode_bitmap_bh, "get_write_access");
775-
err = ext4_journal_get_write_access(handle, inode_bitmap_bh);
776-
if (err)
777-
goto fail;
778-
779783
BUFFER_TRACE(group_desc_bh, "get_write_access");
780784
err = ext4_journal_get_write_access(handle, group_desc_bh);
781785
if (err)
@@ -823,11 +827,6 @@ struct inode *ext4_new_inode(handle_t *handle, struct inode *dir, umode_t mode,
823827
}
824828
ext4_unlock_group(sb, group);
825829

826-
BUFFER_TRACE(inode_bitmap_bh, "call ext4_handle_dirty_metadata");
827-
err = ext4_handle_dirty_metadata(handle, NULL, inode_bitmap_bh);
828-
if (err)
829-
goto fail;
830-
831830
BUFFER_TRACE(group_desc_bh, "call ext4_handle_dirty_metadata");
832831
err = ext4_handle_dirty_metadata(handle, NULL, group_desc_bh);
833832
if (err)

0 commit comments

Comments
 (0)