diff options
author | Bob Peterson <rpeterso@redhat.com> | 2017-07-03 18:37:02 +0200 |
---|---|---|
committer | Bob Peterson <rpeterso@redhat.com> | 2017-07-17 15:39:48 +0200 |
commit | 61eaadcd52924b8015ee57b9abd3844c5f9e03a8 (patch) | |
tree | 080229cc8a6b808d5bb471685281b1ab4e9a8dd7 /fs/gfs2/meta_io.c | |
parent | exec: Limit arg stack to at most 75% of _STK_LIM (diff) | |
download | linux-61eaadcd52924b8015ee57b9abd3844c5f9e03a8.tar.xz linux-61eaadcd52924b8015ee57b9abd3844c5f9e03a8.zip |
GFS2: Prevent double brelse in gfs2_meta_indirect_buffer
Before this patch, problems reading in indirect buffers would send
an IO error back to the caller, and release the buffer_head with
brelse() in function gfs2_meta_indirect_buffer, however, it would
still return the address of the buffer_head it released. After the
error was discovered, function gfs2_block_map would call function
release_metapath to free all buffers. That checked:
if (mp->mp_bh[i] == NULL) but since the value was set after the
error, it was non-zero, so brelse was called a second time. This
resulted in the following error:
kernel: WARNING: at fs/buffer.c:1224 __brelse+0x3a/0x40() (Tainted: G W -- ------------ )
kernel: Hardware name: RHEV Hypervisor
kernel: VFS: brelse: Trying to free free buffer
This patch changes gfs2_meta_indirect_buffer so it only sets
the buffer_head pointer in cases where it isn't released.
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Acked-by: Steven Whitehouse <swhiteho@redhat.com>
Diffstat (limited to 'fs/gfs2/meta_io.c')
-rw-r--r-- | fs/gfs2/meta_io.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/fs/gfs2/meta_io.c b/fs/gfs2/meta_io.c index fabe1614f879..4da7745c890a 100644 --- a/fs/gfs2/meta_io.c +++ b/fs/gfs2/meta_io.c @@ -419,8 +419,9 @@ int gfs2_meta_indirect_buffer(struct gfs2_inode *ip, int height, u64 num, if (ret == 0 && gfs2_metatype_check(sdp, bh, mtype)) { brelse(bh); ret = -EIO; + } else { + *bhp = bh; } - *bhp = bh; return ret; } |