| From 6766d68659eb12aa8b189954d00d4575ac0965c2 Mon Sep 17 00:00:00 2001 |
| From: Theodore Ts'o <tytso@mit.edu> |
| Date: Sat, 4 Feb 2017 23:04:00 -0500 |
| Subject: [PATCH] ext4: fix inline data error paths |
| |
| commit eb5efbcb762aee4b454b04f7115f73ccbcf8f0ef upstream. |
| |
| The write_end() function must always unlock the page and drop its ref |
| count, even on an error. |
| |
| Signed-off-by: Theodore Ts'o <tytso@mit.edu> |
| Cc: stable@vger.kernel.org |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c |
| index 028329721bbe..37b521ed39df 100644 |
| --- a/fs/ext4/inline.c |
| +++ b/fs/ext4/inline.c |
| @@ -933,8 +933,15 @@ int ext4_da_write_inline_data_end(struct inode *inode, loff_t pos, |
| struct page *page) |
| { |
| int i_size_changed = 0; |
| + int ret; |
| |
| - copied = ext4_write_inline_data_end(inode, pos, len, copied, page); |
| + ret = ext4_write_inline_data_end(inode, pos, len, copied, page); |
| + if (ret < 0) { |
| + unlock_page(page); |
| + put_page(page); |
| + return ret; |
| + } |
| + copied = ret; |
| |
| /* |
| * No need to use i_size_read() here, the i_size |
| diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c |
| index cb3b70d77962..00ece902a3ff 100644 |
| --- a/fs/ext4/inode.c |
| +++ b/fs/ext4/inode.c |
| @@ -1324,8 +1324,11 @@ static int ext4_write_end(struct file *file, |
| if (ext4_has_inline_data(inode)) { |
| ret = ext4_write_inline_data_end(inode, pos, len, |
| copied, page); |
| - if (ret < 0) |
| + if (ret < 0) { |
| + unlock_page(page); |
| + put_page(page); |
| goto errout; |
| + } |
| copied = ret; |
| } else |
| copied = block_write_end(file, mapping, pos, |
| @@ -1427,10 +1430,16 @@ static int ext4_journalled_write_end(struct file *file, |
| |
| BUG_ON(!ext4_handle_valid(handle)); |
| |
| - if (ext4_has_inline_data(inode)) |
| - copied = ext4_write_inline_data_end(inode, pos, len, |
| - copied, page); |
| - else if (unlikely(copied < len) && !PageUptodate(page)) { |
| + if (ext4_has_inline_data(inode)) { |
| + ret = ext4_write_inline_data_end(inode, pos, len, |
| + copied, page); |
| + if (ret < 0) { |
| + unlock_page(page); |
| + put_page(page); |
| + goto errout; |
| + } |
| + copied = ret; |
| + } else if (unlikely(copied < len) && !PageUptodate(page)) { |
| copied = 0; |
| ext4_journalled_zero_new_buffers(handle, page, from, to); |
| } else { |
| @@ -1465,6 +1474,7 @@ static int ext4_journalled_write_end(struct file *file, |
| */ |
| ext4_orphan_add(handle, inode); |
| |
| +errout: |
| ret2 = ext4_journal_stop(handle); |
| if (!ret) |
| ret = ret2; |
| -- |
| 2.12.0 |
| |