Jan Kara
a61d90d75d
jbd: fix race in buffer processing in commit code
...
In commit code, we scan buffers attached to a transaction. During this
scan, we sometimes have to drop j_list_lock and then we recheck whether
the journal buffer head didn't get freed by journal_try_to_free_buffers().
But checking for buffer_jbd(bh) isn't enough because a new journal head
could get attached to our buffer head. So add a check whether the journal
head remained the same and whether it's still at the same transaction and
list.
This is a nasty bug and can cause problems like memory corruption (use after
free) or trigger various assertions in JBD code (observed).
Signed-off-by: Jan Kara <jack@suse.cz>
Cc: <stable@kernel.org>
Cc: <linux-ext4@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-06-09 16:59:03 -07:00
..
2009-05-09 10:49:40 -04:00
2009-04-02 19:05:08 -07:00
2009-05-09 10:51:34 -04:00
2009-05-09 10:51:34 -04:00
2009-04-20 23:01:15 -04:00
2009-06-09 16:59:03 -07:00
2009-04-08 10:21:43 -07:00
2009-06-05 11:54:28 -07:00
2009-05-27 10:20:13 -07:00
2009-05-23 18:57:25 +00:00
2009-03-27 14:44:00 -04:00
2009-04-21 12:59:21 -07:00
2009-04-02 19:05:08 -07:00
2009-03-23 16:25:46 +01:00
2009-05-15 08:03:23 -07:00
2009-03-11 12:23:59 -05:00
2009-05-09 10:49:40 -04:00
2009-04-02 19:05:09 -07:00
2009-03-31 19:44:38 +03:00
2009-04-27 16:49:52 +02:00
2009-04-08 13:15:10 -04:00
2009-05-15 09:07:28 -04:00
2009-04-17 09:32:11 -07:00
2009-05-27 10:20:13 -07:00
2009-05-13 16:32:57 -07:00
2009-05-10 10:49:08 -07:00
2009-04-13 15:04:29 -07:00
2009-04-02 21:09:10 -07:00
2009-03-27 14:44:00 -04:00
2009-05-09 10:51:34 -04:00
2009-04-02 19:04:53 -07:00
2009-05-13 08:04:45 -07:00
2009-04-02 19:05:09 -07:00
2009-06-09 16:59:03 -07:00
2009-04-14 07:50:56 -04:00
2009-05-29 10:44:46 +01:00
2009-03-31 23:00:26 -04:00
2009-05-06 17:19:36 -04:00
2009-04-02 19:05:09 -07:00
2009-04-20 23:02:51 -04:00
2009-05-26 14:51:00 -04:00
2009-05-27 17:40:06 -04:00
2009-05-30 22:07:50 +09:00
2009-05-06 16:36:09 -07:00
2009-04-01 08:59:18 -07:00
2009-05-09 10:49:40 -04:00
2009-04-02 21:09:10 -07:00
2009-04-02 00:49:02 +02:00
2009-05-29 08:40:02 -07:00
2009-04-02 19:05:10 -07:00
2009-04-27 16:49:52 +02:00
2009-04-07 07:39:59 -07:00
2009-05-17 11:45:45 -07:00
2009-05-09 10:49:41 -04:00
2009-03-27 14:44:00 -04:00
2009-05-13 03:25:20 +01:00
2009-05-28 14:24:07 -07:00
2009-04-02 19:05:10 -07:00
2009-05-09 10:49:40 -04:00
2009-04-02 13:36:28 +02:00
2009-05-09 10:49:42 -04:00
2009-06-02 09:47:21 -07:00
2009-03-19 15:57:18 -07:00
2009-03-27 14:44:03 -04:00
2009-03-26 02:18:35 +01:00
2009-05-02 15:36:10 -07:00
2009-03-31 23:00:27 -04:00
2009-05-29 08:40:02 -07:00
2009-03-31 23:00:28 -04:00
2009-03-24 12:35:17 +01:00
2009-04-28 20:24:29 +02:00
2009-04-01 07:07:16 -04:00
2009-06-06 06:17:25 -04:00
2009-04-20 23:01:16 -04:00
2009-04-24 07:39:45 -07:00
2009-05-09 10:49:40 -04:00
2009-04-15 12:10:13 +02:00
2009-04-02 19:04:48 -07:00
2009-04-01 08:59:20 -07:00
2009-05-12 14:11:35 -07:00
2009-05-09 10:49:42 -04:00
2009-05-11 12:18:06 -07:00
2009-03-30 15:22:03 +02:00
2009-04-20 23:02:52 -04:00
2009-03-31 23:00:27 -04:00
2009-04-03 15:24:35 -07:00
2009-03-31 23:00:26 -04:00
2009-06-06 14:33:41 -07:00
2009-03-31 23:00:26 -04:00
2009-05-06 16:36:09 -07:00
2009-04-07 08:31:16 -07:00
2009-05-09 10:49:40 -04:00
2009-04-07 08:31:16 -07:00
2009-04-01 07:38:54 -04:00
2009-05-09 10:49:42 -04:00
2009-05-09 10:51:34 -04:00
2009-05-09 10:49:42 -04:00
2009-04-15 12:10:12 +02:00
2009-04-04 14:20:34 -07:00
2009-03-30 22:05:11 +10:30
2009-04-17 07:38:07 -07:00
2009-04-20 23:02:52 -04:00
2009-05-09 10:49:41 -04:00
2009-03-27 14:48:34 -07:00
2009-02-18 15:37:53 -08:00
2009-04-20 23:02:50 -04:00