linux/fs
Suzuki K P 87b4126f10 [PATCH] fix reiserfs bad path release panic
One of our test team hit a reiserfs_panic while running fsstress tests on
2.6.19-rc1.  The message looks like :

  REISERFS: panic(device Null superblock):
  reiserfs[5676]: assertion !(p->path_length != 1 ) failed at
  fs/reiserfs/stree.c:397:reiserfs_check_path: path not properly relsed.

The backtrace looked :

  kernel BUG in reiserfs_panic at fs/reiserfs/prints.c:361!
	.reiserfs_check_path+0x58/0x74
	.reiserfs_get_block+0x1444/0x1508
	.__block_prepare_write+0x1c8/0x558
	.block_prepare_write+0x34/0x64
	.reiserfs_prepare_write+0x118/0x1d0
	.generic_file_buffered_write+0x314/0x82c
	.__generic_file_aio_write_nolock+0x350/0x3e0
	.__generic_file_write_nolock+0x78/0xb0
	.generic_file_write+0x60/0xf0
	.reiserfs_file_write+0x198/0x2038
	.vfs_write+0xd0/0x1b4
	.sys_write+0x4c/0x8c
	syscall_exit+0x0/0x4

Upon debugging I found that the restart_transaction was not releasing
the path if the th->refcount was > 1.

/*static*/
int restart_transaction(struct reiserfs_transaction_handle *th,
                           			struct inode *inode, struct path *path)
{
	[...]

         /* we cannot restart while nested */
         if (th->t_refcount > 1) { <<- Path is not released in this case!
                 return 0;
         }

         pathrelse(path); <<- Path released here.
	[...]

This could happen in such a situation :

In reiserfs/inode.c: reiserfs_get_block() ::

      if (repeat == NO_DISK_SPACE || repeat == QUOTA_EXCEEDED) {
          /* restart the transaction to give the journal a chance to free
           ** some blocks.  releases the path, so we have to go back to
           ** research if we succeed on the second try
           */
          SB_JOURNAL(inode->i_sb)->j_next_async_flush = 1;

        -->>  retval = restart_transaction(th, inode, &path); <<--

  We are supposed to release the path, no matter we succeed or fail. But
if the th->refcount is > 1, the path is still valid. And,

          if (retval)
                   goto failure;
          repeat =
              _allocate_block(th, block, inode,
                             &allocated_block_nr, NULL, create);

If the above allocate_block fails with NO_DISK_SPACE or QUOTA_EXCEEDED,
we would have path which is not released.

         if (repeat != NO_DISK_SPACE && repeat != QUOTA_EXCEEDED) {
                   goto research;
         }
         if (repeat == QUOTA_EXCEEDED)
                   retval = -EDQUOT;
         else
                   retval = -ENOSPC;
         goto failure;
	[...]

       failure:
	[...]
         reiserfs_check_path(&path); << Panics here !

Attached here is a patch which could fix the issue.

fix reiserfs/inode.c : restart_transaction() to release the path in all
cases.

The restart_transaction() doesn't release the path when the the journal
handle has a refcount > 1.  This would trigger a reiserfs_panic() if we
encounter an -ENOSPC / -EDQUOT in reiserfs_get_block().

Signed-off-by: Suzuki K P <suzuki@in.ibm.com>
Cc: "Vladimir V. Saveliev" <vs@namesys.com>
Cc: <reiserfs-dev@namesys.com>
Cc: Jeff Mahoney <jeffm@suse.com>
Acked-by: Jan Kara <jack@suse.cz>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-12-07 08:39:32 -08:00
..
9p Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6 2006-12-05 17:01:28 +00:00
adfs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
affs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
afs [PATCH] Add include/linux/freezer.h and move definitions from sched.h 2006-12-07 08:39:27 -08:00
autofs [PATCH] autofs4: panic after mount fail 2006-11-14 09:09:27 -08:00
autofs4 [PATCH] autofs4: panic after mount fail 2006-11-14 09:09:27 -08:00
befs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
bfs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
cifs [PATCH] Add include/linux/freezer.h and move definitions from sched.h 2006-12-07 08:39:27 -08:00
coda [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
configfs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
cramfs [PATCH] cramfs: make cramfs_uncompress_exit() return void 2006-09-29 09:18:20 -07:00
debugfs [PATCH] debugfs: add header file 2006-11-25 13:28:33 -08:00
devpts [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
dlm [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
ecryptfs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
efs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
exportfs [PATCH] VFS: Make filldir_t and struct kstat deal in 64-bit inode numbers 2006-10-03 08:03:40 -07:00
ext2 [PATCH] ext2: fsid for statvfs 2006-12-07 08:39:31 -08:00
ext3 [PATCH] ext3: fsid for statvfs 2006-12-07 08:39:31 -08:00
ext4 [PATCH] ext4: fsid for statvfs 2006-12-07 08:39:31 -08:00
fat [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
freevxfs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
fuse [PATCH] fuse: fix compile without CONFIG_BLOCK 2006-12-07 08:39:32 -08:00
gfs2 [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
hfs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
hfsplus [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
hostfs [PATCH] Streamline generic_file_* interfaces and filemap cleanups 2006-10-01 00:39:28 -07:00
hpfs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
hppfs [PATCH] hppfs: readdir callback missed in prototype change 2006-10-09 14:19:08 -07:00
hugetlbfs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
isofs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
jbd [PATCH] Add include/linux/freezer.h and move definitions from sched.h 2006-12-07 08:39:27 -08:00
jbd2 [PATCH] Add include/linux/freezer.h and move definitions from sched.h 2006-12-07 08:39:27 -08:00
jffs [PATCH] Add include/linux/freezer.h and move definitions from sched.h 2006-12-07 08:39:27 -08:00
jffs2 [PATCH] Add include/linux/freezer.h and move definitions from sched.h 2006-12-07 08:39:27 -08:00
jfs [PATCH] Add include/linux/freezer.h and move definitions from sched.h 2006-12-07 08:39:27 -08:00
lockd [PATCH] Add include/linux/freezer.h and move definitions from sched.h 2006-12-07 08:39:27 -08:00
minix [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
msdos [PATCH] fat: add fat_getattr() 2006-11-16 11:43:38 -08:00
ncpfs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
nfs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
nfs_common [PATCH] nfs_common endianness annotations 2006-10-20 10:26:41 -07:00
nfsd [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
nls fix file specification in comments 2006-10-03 23:01:26 +02:00
ntfs [PATCH] slab: remove SLAB_NOFS 2006-12-07 08:39:23 -08:00
ocfs2 [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
openpromfs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
partitions [PATCH] Fix check_partition routines 2006-12-07 08:39:30 -08:00
proc [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
qnx4 [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
ramfs [PATCH] r/o bind mount prepwork: inc_nlink() helper 2006-10-01 00:39:30 -07:00
reiserfs [PATCH] fix reiserfs bad path release panic 2006-12-07 08:39:32 -08:00
romfs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
smbfs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
sysfs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
sysv [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
udf [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
ufs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
vfat [PATCH] fat: add fat_getattr() 2006-11-16 11:43:38 -08:00
xfs [PATCH] Use freezeable workqueues in XFS 2006-12-07 08:39:29 -08:00
aio.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
attr.c [PATCH] capable/capability.h (fs/) 2006-01-11 18:42:13 -08:00
bad_inode.c [PATCH] Remove readv/writev methods and use aio_read/aio_write instead 2006-10-01 00:39:28 -07:00
binfmt_aout.c [PATCH] Require mmap handler for a.out executables 2006-09-29 09:18:08 -07:00
binfmt_elf_fdpic.c [PATCH] elf_fdpic_core_dump: don't take tasklist_lock 2006-09-29 09:18:14 -07:00
binfmt_elf.c [POWERPC] coredump: Add SPU elf notes to coredump. 2006-12-04 20:40:19 +11:00
binfmt_em86.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
binfmt_flat.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
binfmt_misc.c [PATCH] Fix unserialized task->files changing 2006-09-29 09:18:12 -07:00
binfmt_script.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
binfmt_som.c [PARISC] Fix fs/binfmt_som.c 2006-10-04 06:51:26 -06:00
bio.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
block_dev.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
buffer.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
char_dev.c [PATCH] BLOCK: Move extern declarations out of fs/*.c into header files [try #6] 2006-09-30 20:52:18 +02:00
compat_ioctl.c [PATCH] 32-bit compatibility HDIO IOCTLs 2006-10-11 11:14:22 -07:00
compat.c [PATCH] skip data conversion in compat_sys_mount when data_page is NULL 2006-12-07 08:39:20 -08:00
dcache.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
dcookies.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
direct-io.c [PATCH] lockdep: annotate direct io 2006-07-03 15:27:06 -07:00
dnotify.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
dquot.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
drop_caches.c [PATCH] drop-pagecache 2006-01-08 20:12:40 -08:00
eventpoll.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
exec.c [PATCH] slab: remove SLAB_KERNEL 2006-12-07 08:39:24 -08:00
fcntl.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
fifo.c [PATCH] pipe.c/fifo.c code cleanups 2006-04-11 13:53:33 +02:00
file_table.c [PATCH] file: modify struct fown_struct to use a struct pid 2006-10-02 07:57:14 -07:00
file.c [PATCH] file: kill unnecessary timer in fdtable_defer 2006-12-07 08:39:32 -08:00
filesystems.c [PATCH] Ban register_filesystem(NULL); 2006-09-29 09:18:20 -07:00
fs-writeback.c [PATCH] BLOCK: Remove dependence on existence of blockdev_superblock [try #6] 2006-09-30 20:52:26 +02:00
generic_acl.c [PATCH] Generic infrastructure for acls 2006-09-29 09:18:24 -07:00
inode.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
inotify_user.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
inotify.c [PATCH] severing fs.h, radix-tree.h -> sched.h 2006-12-04 02:00:24 -05:00
internal.h [PATCH] CONFIG_BLOCK internal.h cleanups 2006-09-30 20:52:32 +02:00
ioctl.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
ioprio.c [PATCH] block layer: ioprio_best function fix 2006-10-12 15:09:51 +02:00
Kconfig Fix typos in doc and comments 2006-11-30 05:32:19 +01:00
Kconfig.binfmt [PATCH] frv: suppress configuration of certain features for FRV 2006-01-08 20:13:36 -08:00
libfs.c [PATCH] r/o bind mount prepwork: inc_nlink() helper 2006-10-01 00:39:30 -07:00
locks.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
Makefile [PATCH] jbd2: enable building of jbd2 and have ext4 use it rather than jbd 2006-10-11 11:14:16 -07:00
mbcache.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
mpage.c [PATCH] BLOCK: Dissociate generic_writepages() from mpage stuff [try #6] 2006-09-30 20:52:26 +02:00
namei.c [PATCH] honour MNT_NOEXEC for access() 2006-12-07 08:39:30 -08:00
namespace.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
nfsctl.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
no-block.c [PATCH] BLOCK: Make it possible to disable the block layer [try #6] 2006-09-30 20:52:31 +02:00
open.c [PATCH] r/o bind mounts: prepare for write access checks: collapse if() 2006-10-01 00:39:30 -07:00
pipe.c [PATCH] Some cleanup in the pipe code 2006-10-01 00:39:33 -07:00
pnode.c [PATCH] core: use list_move() 2006-06-26 09:58:17 -07:00
pnode.h [PATCH] unbindable mounts 2005-11-07 18:18:11 -08:00
posix_acl.c [PATCH] kmemdup: some users 2006-10-01 00:39:19 -07:00
quota_v1.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
quota_v2.c [PATCH] sem2mutex: quota 2006-03-23 07:38:11 -08:00
quota.c [PATCH] BLOCK: Make it possible to disable the block layer [try #6] 2006-09-30 20:52:31 +02:00
read_write.c [PATCH] Add vector AIO support 2006-10-01 00:39:29 -07:00
read_write.h [PATCH] Remove readv/writev methods and use aio_read/aio_write instead 2006-10-01 00:39:28 -07:00
readdir.c [PATCH] VFS: Make filldir_t and struct kstat deal in 64-bit inode numbers 2006-10-03 08:03:40 -07:00
select.c [PATCH] enforce RLIMIT_NOFILE in poll() 2006-09-29 09:18:23 -07:00
seq_file.c [PATCH] sem2mutex: fs/seq_file.c 2006-03-23 07:38:12 -08:00
splice.c [PATCH] splice: fix problem introduced with inode diet 2006-11-04 08:45:39 -08:00
stat.c [PATCH] VFS: Make filldir_t and struct kstat deal in 64-bit inode numbers 2006-10-03 08:03:40 -07:00
super.c [PATCH] severing fs.h, radix-tree.h -> sched.h 2006-12-04 02:00:24 -05:00
sync.c [PATCH] severing fs.h, radix-tree.h -> sched.h 2006-12-04 02:00:24 -05:00
utimes.c [PATCH] severing fs.h, radix-tree.h -> sched.h 2006-12-04 02:00:24 -05:00
xattr_acl.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
xattr.c [PATCH] Fix user.* xattr permission check for sticky dirs 2006-11-03 12:27:59 -08:00