forked from luck/tmp_suning_uos_patched
87b4126f10
One of our test team hit a reiserfs_panic while running fsstress tests on
2.6.19-rc1. The message looks like :
REISERFS: panic(device Null superblock):
reiserfs[5676]: assertion !(p->path_length != 1 ) failed at
fs/reiserfs/stree.c:397:reiserfs_check_path: path not properly relsed.
The backtrace looked :
kernel BUG in reiserfs_panic at fs/reiserfs/prints.c:361!
.reiserfs_check_path+0x58/0x74
.reiserfs_get_block+0x1444/0x1508
.__block_prepare_write+0x1c8/0x558
.block_prepare_write+0x34/0x64
.reiserfs_prepare_write+0x118/0x1d0
.generic_file_buffered_write+0x314/0x82c
.__generic_file_aio_write_nolock+0x350/0x3e0
.__generic_file_write_nolock+0x78/0xb0
.generic_file_write+0x60/0xf0
.reiserfs_file_write+0x198/0x2038
.vfs_write+0xd0/0x1b4
.sys_write+0x4c/0x8c
syscall_exit+0x0/0x4
Upon debugging I found that the restart_transaction was not releasing
the path if the th->refcount was > 1.
/*static*/
int restart_transaction(struct reiserfs_transaction_handle *th,
struct inode *inode, struct path *path)
{
[...]
/* we cannot restart while nested */
if (th->t_refcount > 1) { <<- Path is not released in this case!
return 0;
}
pathrelse(path); <<- Path released here.
[...]
This could happen in such a situation :
In reiserfs/inode.c: reiserfs_get_block() ::
if (repeat == NO_DISK_SPACE || repeat == QUOTA_EXCEEDED) {
/* restart the transaction to give the journal a chance to free
** some blocks. releases the path, so we have to go back to
** research if we succeed on the second try
*/
SB_JOURNAL(inode->i_sb)->j_next_async_flush = 1;
-->> retval = restart_transaction(th, inode, &path); <<--
We are supposed to release the path, no matter we succeed or fail. But
if the th->refcount is > 1, the path is still valid. And,
if (retval)
goto failure;
repeat =
_allocate_block(th, block, inode,
&allocated_block_nr, NULL, create);
If the above allocate_block fails with NO_DISK_SPACE or QUOTA_EXCEEDED,
we would have path which is not released.
if (repeat != NO_DISK_SPACE && repeat != QUOTA_EXCEEDED) {
goto research;
}
if (repeat == QUOTA_EXCEEDED)
retval = -EDQUOT;
else
retval = -ENOSPC;
goto failure;
[...]
failure:
[...]
reiserfs_check_path(&path); << Panics here !
Attached here is a patch which could fix the issue.
fix reiserfs/inode.c : restart_transaction() to release the path in all
cases.
The restart_transaction() doesn't release the path when the the journal
handle has a refcount > 1. This would trigger a reiserfs_panic() if we
encounter an -ENOSPC / -EDQUOT in reiserfs_get_block().
Signed-off-by: Suzuki K P <suzuki@in.ibm.com>
Cc: "Vladimir V. Saveliev" <vs@namesys.com>
Cc: <reiserfs-dev@namesys.com>
Cc: Jeff Mahoney <jeffm@suse.com>
Acked-by: Jan Kara <jack@suse.cz>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
||
|---|---|---|
| .. | ||
| 9p | ||
| adfs | ||
| affs | ||
| afs | ||
| autofs | ||
| autofs4 | ||
| befs | ||
| bfs | ||
| cifs | ||
| coda | ||
| configfs | ||
| cramfs | ||
| debugfs | ||
| devpts | ||
| dlm | ||
| ecryptfs | ||
| efs | ||
| exportfs | ||
| ext2 | ||
| ext3 | ||
| ext4 | ||
| fat | ||
| freevxfs | ||
| fuse | ||
| gfs2 | ||
| hfs | ||
| hfsplus | ||
| hostfs | ||
| hpfs | ||
| hppfs | ||
| hugetlbfs | ||
| isofs | ||
| jbd | ||
| jbd2 | ||
| jffs | ||
| jffs2 | ||
| jfs | ||
| lockd | ||
| minix | ||
| msdos | ||
| ncpfs | ||
| nfs | ||
| nfs_common | ||
| nfsd | ||
| nls | ||
| ntfs | ||
| ocfs2 | ||
| openpromfs | ||
| partitions | ||
| proc | ||
| qnx4 | ||
| ramfs | ||
| reiserfs | ||
| romfs | ||
| smbfs | ||
| sysfs | ||
| sysv | ||
| udf | ||
| ufs | ||
| vfat | ||
| xfs | ||
| aio.c | ||
| attr.c | ||
| bad_inode.c | ||
| binfmt_aout.c | ||
| binfmt_elf_fdpic.c | ||
| binfmt_elf.c | ||
| binfmt_em86.c | ||
| binfmt_flat.c | ||
| binfmt_misc.c | ||
| binfmt_script.c | ||
| binfmt_som.c | ||
| bio.c | ||
| block_dev.c | ||
| buffer.c | ||
| char_dev.c | ||
| compat_ioctl.c | ||
| compat.c | ||
| dcache.c | ||
| dcookies.c | ||
| direct-io.c | ||
| dnotify.c | ||
| dquot.c | ||
| drop_caches.c | ||
| eventpoll.c | ||
| exec.c | ||
| fcntl.c | ||
| fifo.c | ||
| file_table.c | ||
| file.c | ||
| filesystems.c | ||
| fs-writeback.c | ||
| generic_acl.c | ||
| inode.c | ||
| inotify_user.c | ||
| inotify.c | ||
| internal.h | ||
| ioctl.c | ||
| ioprio.c | ||
| Kconfig | ||
| Kconfig.binfmt | ||
| libfs.c | ||
| locks.c | ||
| Makefile | ||
| mbcache.c | ||
| mpage.c | ||
| namei.c | ||
| namespace.c | ||
| nfsctl.c | ||
| no-block.c | ||
| open.c | ||
| pipe.c | ||
| pnode.c | ||
| pnode.h | ||
| posix_acl.c | ||
| quota_v1.c | ||
| quota_v2.c | ||
| quota.c | ||
| read_write.c | ||
| read_write.h | ||
| readdir.c | ||
| select.c | ||
| seq_file.c | ||
| splice.c | ||
| stat.c | ||
| super.c | ||
| sync.c | ||
| utimes.c | ||
| xattr_acl.c | ||
| xattr.c | ||