asgardius/android_kernel_motorola_sm6225
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_motorola_sm6225/fs/ocfs2
History
Gang He e31057d4e9 ocfs2: fix oops when writing cloned file 
[ Upstream commit 2d797e9ff95ecbcf0a83d657928ed20579444857 ]

Writing a cloned file triggers a kernel oops and the user-space command
process is also killed by the system.  The bug can be reproduced stably
via:

1) create a file under ocfs2 file system directory.

  journalctl -b > aa.txt

2) create a cloned file for this file.

  reflink aa.txt bb.txt

3) write the cloned file with dd command.

  dd if=/dev/zero of=bb.txt bs=512 count=1 conv=notrunc

The dd command is killed by the kernel, then you can see the oops message
via dmesg command.

[  463.875404] BUG: kernel NULL pointer dereference, address: 0000000000000028
[  463.875413] #PF: supervisor read access in kernel mode
[  463.875416] #PF: error_code(0x0000) - not-present page
[  463.875418] PGD 0 P4D 0
[  463.875425] Oops: 0000 [#1] SMP PTI
[  463.875431] CPU: 1 PID: 2291 Comm: dd Tainted: G           OE     5.3.16-2-default
[  463.875433] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
[  463.875500] RIP: 0010:ocfs2_refcount_cow+0xa4/0x5d0 [ocfs2]
[  463.875505] Code: 06 89 6c 24 38 89 eb f6 44 24 3c 02 74 be 49 8b 47 28
[  463.875508] RSP: 0018:ffffa2cb409dfce8 EFLAGS: 00010202
[  463.875512] RAX: ffff8b1ebdca8000 RBX: 0000000000000001 RCX: ffff8b1eb73a9df0
[  463.875515] RDX: 0000000000056a01 RSI: 0000000000000000 RDI: 0000000000000000
[  463.875517] RBP: 0000000000000001 R08: ffff8b1eb73a9de0 R09: 0000000000000000
[  463.875520] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
[  463.875522] R13: ffff8b1eb922f048 R14: 0000000000000000 R15: ffff8b1eb922f048
[  463.875526] FS:  00007f8f44d15540(0000) GS:ffff8b1ebeb00000(0000) knlGS:0000000000000000
[  463.875529] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  463.875532] CR2: 0000000000000028 CR3: 000000003c17a000 CR4: 00000000000006e0
[  463.875546] Call Trace:
[  463.875596]  ? ocfs2_inode_lock_full_nested+0x18b/0x960 [ocfs2]
[  463.875648]  ocfs2_file_write_iter+0xaf8/0xc70 [ocfs2]
[  463.875672]  new_sync_write+0x12d/0x1d0
[  463.875688]  vfs_write+0xad/0x1a0
[  463.875697]  ksys_write+0xa1/0xe0
[  463.875710]  do_syscall_64+0x60/0x1f0
[  463.875743]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  463.875758] RIP: 0033:0x7f8f4482ed44
[  463.875762] Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 80 00 00 00
[  463.875765] RSP: 002b:00007fff300a79d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  463.875769] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8f4482ed44
[  463.875771] RDX: 0000000000000200 RSI: 000055f771b5c000 RDI: 0000000000000001
[  463.875774] RBP: 0000000000000200 R08: 00007f8f44af9c78 R09: 0000000000000003
[  463.875776] R10: 000000000000089f R11: 0000000000000246 R12: 000055f771b5c000
[  463.875779] R13: 0000000000000200 R14: 0000000000000000 R15: 000055f771b5c000

This regression problem was introduced by commit e74540b28556 ("ocfs2:
protect extent tree in ocfs2_prepare_inode_for_write()").

Link: http://lkml.kernel.org/r/20200121050153.13290-1-ghe@suse.com
Fixes: e74540b28556 ("ocfs2: protect extent tree in ocfs2_prepare_inode_for_write()").
Signed-off-by: Gang He <ghe@suse.com>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Jun Piao <piaojun@huawei.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-02-11 04:33:51 -08:00
..
cluster ocfs2: fix a panic problem caused by o2cb_ctl 2019-04-05 22:32:59 +02:00
dlm fs/ocfs2/dlm/dlmdebug.c: fix a sleep-in-atomic-context bug in dlm_print_one_mle() 2019-12-01 09:17:02 +01:00
dlmfs ocfs2: improve ocfs2 Makefile 2019-02-12 19:47:18 +01:00
acl.c ocfs2: fix passing zero to 'PTR_ERR' warning 2020-01-04 19:13:16 +01:00
acl.h
alloc.c ocfs2: clean up some unnecessary code 2018-08-17 16:20:27 -07:00
alloc.h ocfs2: try to reuse extent block in dealloc without meta_alloc 2018-01-31 17:18:35 -08:00
aops.c fs: ocfs2: fix a possible null-pointer dereference in ocfs2_write_end_nolock() 2019-11-06 13:05:57 +01:00
aops.h ocfs2: keep the trace point consistent with the function name 2018-04-05 21:36:21 -07:00
blockcheck.c
blockcheck.h
buffer_head_io.c ocfs2: don't put and assigning null to bh allocated outside 2019-12-01 09:17:15 +01:00
buffer_head_io.h
dcache.c fs/ocfs2: fix race in ocfs2_dentry_attach_lock() 2019-06-19 08:18:00 +02:00
dcache.h
dir.c ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry 2018-11-21 09:19:18 +01:00
dir.h
dlmglue.c ocfs2: remove ocfs2_is_o2cb_active() 2019-12-01 09:17:36 +01:00
dlmglue.h ocfs2: ocfs2_inode_lock_tracker does not distinguish lock level 2018-06-07 17:34:33 -07:00
export.c ocfs2: fix ocfs2 read inode data panic in ocfs2_iget 2019-05-22 07:37:40 +02:00
export.h
extent_map.c ocfs2: add ocfs2_overwrite_io() 2018-01-31 17:18:35 -08:00
extent_map.h ocfs2: add ocfs2_overwrite_io() 2018-01-31 17:18:35 -08:00
file.c ocfs2: fix oops when writing cloned file 2020-02-11 04:33:51 -08:00
file.h ocfs2: clean up redundant function declarations 2018-06-07 17:34:33 -07:00
filecheck.c ocfs2: fix error path kobject memory leak 2019-06-22 08:15:21 +02:00
filecheck.h ocfs2: add kobject for online file check 2018-04-05 21:36:22 -07:00
heartbeat.c
heartbeat.h
inode.c ocfs2: clean up some unnecessary code 2018-08-17 16:20:27 -07:00
inode.h
ioctl.c fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc() 2019-11-06 13:05:58 +01:00
ioctl.h
journal.c ocfs2: call journal flush to mark journal as empty after journal recovery when mount 2020-01-17 19:47:17 +01:00
journal.h
Kconfig
localalloc.c ocfs2: fix panic due to ocfs2_wq is null 2019-10-29 09:19:38 +01:00
localalloc.h
locks.c
locks.h
Makefile ocfs2: improve ocfs2 Makefile 2019-02-12 19:47:18 +01:00
mmap.c fs: ocfs2: use new return type vm_fault_t 2018-06-07 17:34:34 -07:00
mmap.h
move_extents.c ocfs2: fix clusters leak in ocfs2_defrag_extent() 2019-12-01 09:17:15 +01:00
move_extents.h
namei.c ocfs2: drop a VLA in ocfs2_orphan_del() 2018-06-07 17:34:34 -07:00
namei.h
ocfs1_fs_compat.h
ocfs2.h ocfs2: add kobject for online file check 2018-04-05 21:36:22 -07:00
ocfs2_fs.h ocfs2: correct the comments position of struct ocfs2_dir_block_trailer 2018-06-07 17:34:34 -07:00
ocfs2_ioctl.h
ocfs2_lockid.h ocfs2: add trimfs dlm lock resource 2018-01-31 17:18:35 -08:00
ocfs2_lockingver.h
ocfs2_trace.h ocfs2: keep the trace point consistent with the function name 2018-04-05 21:36:21 -07:00
quota.h
quota_global.c quota: Check that quota is not dirty before release 2019-12-17 20:35:17 +01:00
quota_local.c ocfs2: return -EROFS when filesystem becomes read-only 2018-08-17 16:20:27 -07:00
refcounttree.c ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock 2019-04-03 06:26:23 +02:00
refcounttree.h
reservations.c
reservations.h
resize.c
resize.h
slot_map.c
slot_map.h
stack_o2cb.c
stack_user.c treewide: Align function definition open/close braces 2018-03-26 11:13:09 +02:00
stackglue.c ocfs2: remove ocfs2_is_o2cb_active() 2019-12-01 09:17:36 +01:00
stackglue.h ocfs2: remove ocfs2_is_o2cb_active() 2019-12-01 09:17:36 +01:00
suballoc.c ocfs2: remove two unused functions from suballoc.c 2018-04-05 21:36:22 -07:00
suballoc.h
super.c ocfs2: add kobject for online file check 2018-04-05 21:36:22 -07:00
super.h
symlink.c
symlink.h
sysfile.c treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
sysfile.h
uptodate.c ocfs2: remove unnecessary null pointer check before kmem_cache_destroy() 2018-04-05 21:36:22 -07:00
uptodate.h
xattr.c Revert "fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()" 2019-12-01 09:16:10 +01:00
xattr.h