ext4: prevent partial update of the extent blocks
authorZhang Yi <yi.zhang@huawei.com>
Wed, 8 Sep 2021 12:08:50 +0000 (20:08 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 29 Dec 2021 11:28:36 +0000 (12:28 +0100)
commit 0f2f87d51aebcf71a709b52f661d681594c7dffa upstream.

In the most error path of current extents updating operations are not
roll back partial updates properly when some bad things happens(.e.g in
ext4_ext_insert_extent()). So we may get an inconsistent extents tree
if journal has been aborted due to IO error, which may probability lead
to BUGON later when we accessing these extent entries in errors=continue
mode. This patch drop extent buffer's verify flag before updatng the
contents in ext4_ext_get_access(), and reset it after updating in
__ext4_ext_dirty(). After this patch we could force to check the extent
buffer if extents tree updating was break off, make sure the extents are
consistent.

Signed-off-by: Zhang Yi <yi.zhang@huawei.com>
Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Link: https://lore.kernel.org/r/20210908120850.4012324-4-yi.zhang@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/ext4/extents.c

index 01c00ae8e06d67379c575498560a831a3a1e6b7f..e7703b10830a2ff34067c2fc52ec9d0773630efa 100644 (file)
@@ -136,15 +136,25 @@ int ext4_datasem_ensure_credits(handle_t *handle, struct inode *inode,
 static int ext4_ext_get_access(handle_t *handle, struct inode *inode,
                                struct ext4_ext_path *path)
 {
+       int err = 0;
+
        if (path->p_bh) {
                /* path points to block */
                BUFFER_TRACE(path->p_bh, "get_write_access");
-               return ext4_journal_get_write_access(handle, inode->i_sb,
-                                                    path->p_bh, EXT4_JTR_NONE);
+               err = ext4_journal_get_write_access(handle, inode->i_sb,
+                                                   path->p_bh, EXT4_JTR_NONE);
+               /*
+                * The extent buffer's verified bit will be set again in
+                * __ext4_ext_dirty(). We could leave an inconsistent
+                * buffer if the extents updating procudure break off du
+                * to some error happens, force to check it again.
+                */
+               if (!err)
+                       clear_buffer_verified(path->p_bh);
        }
        /* path points to leaf/index in inode body */
        /* we use in-core data, no need to protect them */
-       return 0;
+       return err;
 }
 
 /*
@@ -165,6 +175,9 @@ static int __ext4_ext_dirty(const char *where, unsigned int line,
                /* path points to block */
                err = __ext4_handle_dirty_metadata(where, line, handle,
                                                   inode, path->p_bh);
+               /* Extents updating done, re-set verified flag */
+               if (!err)
+                       set_buffer_verified(path->p_bh);
        } else {
                /* path points to leaf/index in inode body */
                err = ext4_mark_inode_dirty(handle, inode);