ext4: prevent partial update of the extents path

In ext4_ext_rm_idx() and ext4_ext_correct_indexes(), there is no proper
rollback of already executed updates when updating a level of the extents
path fails, so we may get an inconsistent extents tree, which may trigger
some bad things in errors=continue mode.

Hence clear the verified bit of modified extents buffers if the tree fails
to be updated in ext4_ext_rm_idx() or ext4_ext_correct_indexes(), which
forces the extents buffers to be checked in ext4_valid_extent_entries(),
ensuring that the extents tree is consistent.

Signed-off-by: zhanchengbin <zhanchengbin1@huawei.com>
Link: https://lore.kernel.org/r/20230213080514.535568-3-zhanchengbin1@huawei.com/
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Ojaswin Mujoo <ojaswin@linux.ibm.com>
Tested-by: Ojaswin Mujoo <ojaswin@linux.ibm.com>
Link: https://patch.msgid.link/20240822023545.1994557-3-libaokun@huaweicloud.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
index ca08b4036e283d118e5762caf46d216b456ea88b..4395e2b668ec47b1b910227c4feb76a87a92dc62 100644 (file)
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -1749,12 +1749,23 @@ static int ext4_ext_correct_indexes(handle_t *handle, struct inode *inode,
                        break;
                err = ext4_ext_get_access(handle, inode, path + k);
                if (err)
-                       break;
+                       goto clean;
                path[k].p_idx->ei_block = border;
                err = ext4_ext_dirty(handle, inode, path + k);
                if (err)
-                       break;
+                       goto clean;
        }
+       return 0;
+
+clean:
+       /*
+        * The path[k].p_bh is either unmodified or with no verified bit
+        * set (see ext4_ext_get_access()). So just clear the verified bit
+        * of the successfully modified extents buffers, which will force
+        * these extents to be checked to avoid using inconsistent data.
+        */
+       while (++k < depth)
+               clear_buffer_verified(path[k].p_bh);
 
        return err;
 }
@@ -2312,12 +2323,24 @@ static int ext4_ext_rm_idx(handle_t *handle, struct inode *inode,
                        break;
                err = ext4_ext_get_access(handle, inode, path + k);
                if (err)
-                       break;
+                       goto clean;
                path[k].p_idx->ei_block = path[k + 1].p_idx->ei_block;
                err = ext4_ext_dirty(handle, inode, path + k);
                if (err)
-                       break;
+                       goto clean;
        }
+       return 0;
+
+clean:
+       /*
+        * The path[k].p_bh is either unmodified or with no verified bit
+        * set (see ext4_ext_get_access()). So just clear the verified bit
+        * of the successfully modified extents buffers, which will force
+        * these extents to be checked to avoid using inconsistent data.
+        */
+       while (++k < depth)
+               clear_buffer_verified(path[k].p_bh);
+
        return err;
 }