Commit e7086982 authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4

Pull ext4 fixes from Ted Ts'o:
 "Two more bug fixes (including a regression) for 5.6"

* tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
  ext4: potential crash on allocation error in ext4_alloc_flex_bg_array()
  jbd2: fix data races at struct journal_head
parents f853ed90 37b0b6b8
...@@ -2391,7 +2391,7 @@ int ext4_alloc_flex_bg_array(struct super_block *sb, ext4_group_t ngroup) ...@@ -2391,7 +2391,7 @@ int ext4_alloc_flex_bg_array(struct super_block *sb, ext4_group_t ngroup)
{ {
struct ext4_sb_info *sbi = EXT4_SB(sb); struct ext4_sb_info *sbi = EXT4_SB(sb);
struct flex_groups **old_groups, **new_groups; struct flex_groups **old_groups, **new_groups;
int size, i; int size, i, j;
if (!sbi->s_log_groups_per_flex) if (!sbi->s_log_groups_per_flex)
return 0; return 0;
...@@ -2412,8 +2412,8 @@ int ext4_alloc_flex_bg_array(struct super_block *sb, ext4_group_t ngroup) ...@@ -2412,8 +2412,8 @@ int ext4_alloc_flex_bg_array(struct super_block *sb, ext4_group_t ngroup)
sizeof(struct flex_groups)), sizeof(struct flex_groups)),
GFP_KERNEL); GFP_KERNEL);
if (!new_groups[i]) { if (!new_groups[i]) {
for (i--; i >= sbi->s_flex_groups_allocated; i--) for (j = sbi->s_flex_groups_allocated; j < i; j++)
kvfree(new_groups[i]); kvfree(new_groups[j]);
kvfree(new_groups); kvfree(new_groups);
ext4_msg(sb, KERN_ERR, ext4_msg(sb, KERN_ERR,
"not enough memory for %d flex groups", size); "not enough memory for %d flex groups", size);
......
...@@ -1150,8 +1150,8 @@ static bool jbd2_write_access_granted(handle_t *handle, struct buffer_head *bh, ...@@ -1150,8 +1150,8 @@ static bool jbd2_write_access_granted(handle_t *handle, struct buffer_head *bh,
/* For undo access buffer must have data copied */ /* For undo access buffer must have data copied */
if (undo && !jh->b_committed_data) if (undo && !jh->b_committed_data)
goto out; goto out;
if (jh->b_transaction != handle->h_transaction && if (READ_ONCE(jh->b_transaction) != handle->h_transaction &&
jh->b_next_transaction != handle->h_transaction) READ_ONCE(jh->b_next_transaction) != handle->h_transaction)
goto out; goto out;
/* /*
* There are two reasons for the barrier here: * There are two reasons for the barrier here:
...@@ -2569,8 +2569,8 @@ bool __jbd2_journal_refile_buffer(struct journal_head *jh) ...@@ -2569,8 +2569,8 @@ bool __jbd2_journal_refile_buffer(struct journal_head *jh)
* our jh reference and thus __jbd2_journal_file_buffer() must not * our jh reference and thus __jbd2_journal_file_buffer() must not
* take a new one. * take a new one.
*/ */
jh->b_transaction = jh->b_next_transaction; WRITE_ONCE(jh->b_transaction, jh->b_next_transaction);
jh->b_next_transaction = NULL; WRITE_ONCE(jh->b_next_transaction, NULL);
if (buffer_freed(bh)) if (buffer_freed(bh))
jlist = BJ_Forget; jlist = BJ_Forget;
else if (jh->b_modified) else if (jh->b_modified)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment