Commit 67eeb568 authored by Dmitry Monakhov's avatar Dmitry Monakhov Committed by Theodore Ts'o

ext4: Fix ext4_quota_write cross block boundary behaviour

We always assume what dquot update result in changes in one data block
But ext4_quota_write() function may handle cross block boundary writes
In fact if this ever happen it will result in incorrect journal
credits reservation, and later a BUG_ON.  As soon this never happen
the boundary cross loop is NOOP.  In order to make things straight
let's remove this loop and assert cross boundary condition.
Signed-off-by: default avatarDmitry Monakhov <dmonakhov@openvz.org>
Signed-off-by: default avatar"Theodore Ts'o" <tytso@mit.edu>
parent 273df556
...@@ -4010,9 +4010,7 @@ static ssize_t ext4_quota_write(struct super_block *sb, int type, ...@@ -4010,9 +4010,7 @@ static ssize_t ext4_quota_write(struct super_block *sb, int type,
ext4_lblk_t blk = off >> EXT4_BLOCK_SIZE_BITS(sb); ext4_lblk_t blk = off >> EXT4_BLOCK_SIZE_BITS(sb);
int err = 0; int err = 0;
int offset = off & (sb->s_blocksize - 1); int offset = off & (sb->s_blocksize - 1);
int tocopy;
int journal_quota = EXT4_SB(sb)->s_qf_names[type] != NULL; int journal_quota = EXT4_SB(sb)->s_qf_names[type] != NULL;
size_t towrite = len;
struct buffer_head *bh; struct buffer_head *bh;
handle_t *handle = journal_current_handle(); handle_t *handle = journal_current_handle();
...@@ -4022,10 +4020,18 @@ static ssize_t ext4_quota_write(struct super_block *sb, int type, ...@@ -4022,10 +4020,18 @@ static ssize_t ext4_quota_write(struct super_block *sb, int type,
(unsigned long long)off, (unsigned long long)len); (unsigned long long)off, (unsigned long long)len);
return -EIO; return -EIO;
} }
/*
* Since we account only one data block in transaction credits,
* then it is impossible to cross a block boundary.
*/
if (sb->s_blocksize - offset < len) {
ext4_msg(sb, KERN_WARNING, "Quota write (off=%llu, len=%llu)"
" cancelled because not block aligned",
(unsigned long long)off, (unsigned long long)len);
return -EIO;
}
mutex_lock_nested(&inode->i_mutex, I_MUTEX_QUOTA); mutex_lock_nested(&inode->i_mutex, I_MUTEX_QUOTA);
while (towrite > 0) {
tocopy = sb->s_blocksize - offset < towrite ?
sb->s_blocksize - offset : towrite;
bh = ext4_bread(handle, inode, blk, 1, &err); bh = ext4_bread(handle, inode, blk, 1, &err);
if (!bh) if (!bh)
goto out; goto out;
...@@ -4037,7 +4043,7 @@ static ssize_t ext4_quota_write(struct super_block *sb, int type, ...@@ -4037,7 +4043,7 @@ static ssize_t ext4_quota_write(struct super_block *sb, int type,
} }
} }
lock_buffer(bh); lock_buffer(bh);
memcpy(bh->b_data+offset, data, tocopy); memcpy(bh->b_data+offset, data, len);
flush_dcache_page(bh->b_page); flush_dcache_page(bh->b_page);
unlock_buffer(bh); unlock_buffer(bh);
if (journal_quota) if (journal_quota)
...@@ -4048,26 +4054,19 @@ static ssize_t ext4_quota_write(struct super_block *sb, int type, ...@@ -4048,26 +4054,19 @@ static ssize_t ext4_quota_write(struct super_block *sb, int type,
mark_buffer_dirty(bh); mark_buffer_dirty(bh);
} }
brelse(bh); brelse(bh);
if (err)
goto out;
offset = 0;
towrite -= tocopy;
data += tocopy;
blk++;
}
out: out:
if (len == towrite) { if (err) {
mutex_unlock(&inode->i_mutex); mutex_unlock(&inode->i_mutex);
return err; return err;
} }
if (inode->i_size < off+len-towrite) { if (inode->i_size < off + len) {
i_size_write(inode, off+len-towrite); i_size_write(inode, off + len);
EXT4_I(inode)->i_disksize = inode->i_size; EXT4_I(inode)->i_disksize = inode->i_size;
} }
inode->i_mtime = inode->i_ctime = CURRENT_TIME; inode->i_mtime = inode->i_ctime = CURRENT_TIME;
ext4_mark_inode_dirty(handle, inode); ext4_mark_inode_dirty(handle, inode);
mutex_unlock(&inode->i_mutex); mutex_unlock(&inode->i_mutex);
return len - towrite; return len;
} }
#endif #endif
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment