release/4.8.22/ext4-fix-inline-data-error-paths.patch - pub/scm/linux/kernel/git/paulg/longterm-queue-4.8 - Git at Google

 From 6766d68659eb12aa8b189954d00d4575ac0965c2 Mon Sep 17 00:00:00 2001
 From: Theodore Ts'o <tytso@mit.edu>
 Date: Sat, 4 Feb 2017 23:04:00 -0500
 Subject: [PATCH] ext4: fix inline data error paths

 commit eb5efbcb762aee4b454b04f7115f73ccbcf8f0ef upstream.

 The write_end() function must always unlock the page and drop its ref
 count, even on an error.

 Signed-off-by: Theodore Ts'o <tytso@mit.edu>
 Cc: stable@vger.kernel.org
 Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>

 diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
 index 028329721bbe..37b521ed39df 100644
 --- a/fs/ext4/inline.c
 +++ b/fs/ext4/inline.c
 @@ -933,8 +933,15 @@ int ext4_da_write_inline_data_end(struct inode *inode, loff_t pos,
  				  struct page *page)
  {
  	int i_size_changed = 0;
 +	int ret;

 -	copied = ext4_write_inline_data_end(inode, pos, len, copied, page);
 +	ret = ext4_write_inline_data_end(inode, pos, len, copied, page);
 +	if (ret < 0) {
 +		unlock_page(page);
 +		put_page(page);
 +		return ret;
 +	}
 +	copied = ret;

  	/*
  	 * No need to use i_size_read() here, the i_size
 diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
 index cb3b70d77962..00ece902a3ff 100644
 --- a/fs/ext4/inode.c
 +++ b/fs/ext4/inode.c
 @@ -1324,8 +1324,11 @@ static int ext4_write_end(struct file *file,
  	if (ext4_has_inline_data(inode)) {
  		ret = ext4_write_inline_data_end(inode, pos, len,
  						 copied, page);
 -		if (ret < 0)
 +		if (ret < 0) {
 +			unlock_page(page);
 +			put_page(page);
  			goto errout;
 +		}
  		copied = ret;
  	} else
  		copied = block_write_end(file, mapping, pos,
 @@ -1427,10 +1430,16 @@ static int ext4_journalled_write_end(struct file *file,

  	BUG_ON(!ext4_handle_valid(handle));

 -	if (ext4_has_inline_data(inode))
 -		copied = ext4_write_inline_data_end(inode, pos, len,
 -						    copied, page);
 -	else if (unlikely(copied < len) && !PageUptodate(page)) {
 +	if (ext4_has_inline_data(inode)) {
 +		ret = ext4_write_inline_data_end(inode, pos, len,
 +						 copied, page);
 +		if (ret < 0) {
 +			unlock_page(page);
 +			put_page(page);
 +			goto errout;
 +		}
 +		copied = ret;
 +	} else if (unlikely(copied < len) && !PageUptodate(page)) {
  		copied = 0;
  		ext4_journalled_zero_new_buffers(handle, page, from, to);
  	} else {
 @@ -1465,6 +1474,7 @@ static int ext4_journalled_write_end(struct file *file,
  		 */
  		ext4_orphan_add(handle, inode);

 +errout:
  	ret2 = ext4_journal_stop(handle);
  	if (!ret)
  		ret = ret2;
 --
 2.12.0
	From 6766d68659eb12aa8b189954d00d4575ac0965c2 Mon Sep 17 00:00:00 2001
	From: Theodore Ts'o <tytso@mit.edu>
	Date: Sat, 4 Feb 2017 23:04:00 -0500
	Subject: [PATCH] ext4: fix inline data error paths

	commit eb5efbcb762aee4b454b04f7115f73ccbcf8f0ef upstream.

	The write_end() function must always unlock the page and drop its ref
	count, even on an error.

	Signed-off-by: Theodore Ts'o <tytso@mit.edu>
	Cc: stable@vger.kernel.org
	Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>

	diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
	index 028329721bbe..37b521ed39df 100644
	--- a/fs/ext4/inline.c
	+++ b/fs/ext4/inline.c
	@@ -933,8 +933,15 @@ int ext4_da_write_inline_data_end(struct inode *inode, loff_t pos,
	struct page *page)
	{
	int i_size_changed = 0;
	+ int ret;

	- copied = ext4_write_inline_data_end(inode, pos, len, copied, page);
	+ ret = ext4_write_inline_data_end(inode, pos, len, copied, page);
	+ if (ret < 0) {
	+ unlock_page(page);
	+ put_page(page);
	+ return ret;
	+ }
	+ copied = ret;

	/*
	* No need to use i_size_read() here, the i_size
	diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
	index cb3b70d77962..00ece902a3ff 100644
	--- a/fs/ext4/inode.c
	+++ b/fs/ext4/inode.c
	@@ -1324,8 +1324,11 @@ static int ext4_write_end(struct file *file,
	if (ext4_has_inline_data(inode)) {
	ret = ext4_write_inline_data_end(inode, pos, len,
	copied, page);
	- if (ret < 0)
	+ if (ret < 0) {
	+ unlock_page(page);
	+ put_page(page);
	goto errout;
	+ }
	copied = ret;
	} else
	copied = block_write_end(file, mapping, pos,
	@@ -1427,10 +1430,16 @@ static int ext4_journalled_write_end(struct file *file,

	BUG_ON(!ext4_handle_valid(handle));

	- if (ext4_has_inline_data(inode))
	- copied = ext4_write_inline_data_end(inode, pos, len,
	- copied, page);
	- else if (unlikely(copied < len) && !PageUptodate(page)) {
	+ if (ext4_has_inline_data(inode)) {
	+ ret = ext4_write_inline_data_end(inode, pos, len,
	+ copied, page);
	+ if (ret < 0) {
	+ unlock_page(page);
	+ put_page(page);
	+ goto errout;
	+ }
	+ copied = ret;
	+ } else if (unlikely(copied < len) && !PageUptodate(page)) {
	copied = 0;
	ext4_journalled_zero_new_buffers(handle, page, from, to);
	} else {
	@@ -1465,6 +1474,7 @@ static int ext4_journalled_write_end(struct file *file,
	*/
	ext4_orphan_add(handle, inode);

	+errout:
	ret2 = ext4_journal_stop(handle);
	if (!ret)
	ret = ret2;
	--
	2.12.0