releases/4.10.2/ext4-fix-inline-data-error-paths.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From eb5efbcb762aee4b454b04f7115f73ccbcf8f0ef Mon Sep 17 00:00:00 2001
 From: Theodore Ts'o <tytso@mit.edu>
 Date: Sat, 4 Feb 2017 23:04:00 -0500
 Subject: ext4: fix inline data error paths

 From: Theodore Ts'o <tytso@mit.edu>

 commit eb5efbcb762aee4b454b04f7115f73ccbcf8f0ef upstream.

 The write_end() function must always unlock the page and drop its ref
 count, even on an error.

 Signed-off-by: Theodore Ts'o <tytso@mit.edu>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 ---
  fs/ext4/inline.c |    9 ++++++++-
  fs/ext4/inode.c  |   20 +++++++++++++++-----
  2 files changed, 23 insertions(+), 6 deletions(-)

 --- a/fs/ext4/inline.c
 +++ b/fs/ext4/inline.c
 @@ -943,8 +943,15 @@ int ext4_da_write_inline_data_end(struct
  				  struct page *page)
  {
  	int i_size_changed = 0;
 +	int ret;

 -	copied = ext4_write_inline_data_end(inode, pos, len, copied, page);
 +	ret = ext4_write_inline_data_end(inode, pos, len, copied, page);
 +	if (ret < 0) {
 +		unlock_page(page);
 +		put_page(page);
 +		return ret;
 +	}
 +	copied = ret;

  	/*
  	 * No need to use i_size_read() here, the i_size
 --- a/fs/ext4/inode.c
 +++ b/fs/ext4/inode.c
 @@ -1330,8 +1330,11 @@ static int ext4_write_end(struct file *f
  	if (ext4_has_inline_data(inode)) {
  		ret = ext4_write_inline_data_end(inode, pos, len,
  						 copied, page);
 -		if (ret < 0)
 +		if (ret < 0) {
 +			unlock_page(page);
 +			put_page(page);
  			goto errout;
 +		}
  		copied = ret;
  	} else
  		copied = block_write_end(file, mapping, pos,
 @@ -1433,10 +1436,16 @@ static int ext4_journalled_write_end(str

  	BUG_ON(!ext4_handle_valid(handle));

 -	if (ext4_has_inline_data(inode))
 -		copied = ext4_write_inline_data_end(inode, pos, len,
 -						    copied, page);
 -	else if (unlikely(copied < len) && !PageUptodate(page)) {
 +	if (ext4_has_inline_data(inode)) {
 +		ret = ext4_write_inline_data_end(inode, pos, len,
 +						 copied, page);
 +		if (ret < 0) {
 +			unlock_page(page);
 +			put_page(page);
 +			goto errout;
 +		}
 +		copied = ret;
 +	} else if (unlikely(copied < len) && !PageUptodate(page)) {
  		copied = 0;
  		ext4_journalled_zero_new_buffers(handle, page, from, to);
  	} else {
 @@ -1471,6 +1480,7 @@ static int ext4_journalled_write_end(str
  		 */
  		ext4_orphan_add(handle, inode);

 +errout:
  	ret2 = ext4_journal_stop(handle);
  	if (!ret)
  		ret = ret2;
	From eb5efbcb762aee4b454b04f7115f73ccbcf8f0ef Mon Sep 17 00:00:00 2001
	From: Theodore Ts'o <tytso@mit.edu>
	Date: Sat, 4 Feb 2017 23:04:00 -0500
	Subject: ext4: fix inline data error paths

	From: Theodore Ts'o <tytso@mit.edu>

	commit eb5efbcb762aee4b454b04f7115f73ccbcf8f0ef upstream.

	The write_end() function must always unlock the page and drop its ref
	count, even on an error.

	Signed-off-by: Theodore Ts'o <tytso@mit.edu>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

	---
	fs/ext4/inline.c \| 9 ++++++++-
	fs/ext4/inode.c \| 20 +++++++++++++++-----
	2 files changed, 23 insertions(+), 6 deletions(-)

	--- a/fs/ext4/inline.c
	+++ b/fs/ext4/inline.c
	@@ -943,8 +943,15 @@ int ext4_da_write_inline_data_end(struct
	struct page *page)
	{
	int i_size_changed = 0;
	+ int ret;

	- copied = ext4_write_inline_data_end(inode, pos, len, copied, page);
	+ ret = ext4_write_inline_data_end(inode, pos, len, copied, page);
	+ if (ret < 0) {
	+ unlock_page(page);
	+ put_page(page);
	+ return ret;
	+ }
	+ copied = ret;

	/*
	* No need to use i_size_read() here, the i_size
	--- a/fs/ext4/inode.c
	+++ b/fs/ext4/inode.c
	@@ -1330,8 +1330,11 @@ static int ext4_write_end(struct file *f
	if (ext4_has_inline_data(inode)) {
	ret = ext4_write_inline_data_end(inode, pos, len,
	copied, page);
	- if (ret < 0)
	+ if (ret < 0) {
	+ unlock_page(page);
	+ put_page(page);
	goto errout;
	+ }
	copied = ret;
	} else
	copied = block_write_end(file, mapping, pos,
	@@ -1433,10 +1436,16 @@ static int ext4_journalled_write_end(str

	BUG_ON(!ext4_handle_valid(handle));

	- if (ext4_has_inline_data(inode))
	- copied = ext4_write_inline_data_end(inode, pos, len,
	- copied, page);
	- else if (unlikely(copied < len) && !PageUptodate(page)) {
	+ if (ext4_has_inline_data(inode)) {
	+ ret = ext4_write_inline_data_end(inode, pos, len,
	+ copied, page);
	+ if (ret < 0) {
	+ unlock_page(page);
	+ put_page(page);
	+ goto errout;
	+ }
	+ copied = ret;
	+ } else if (unlikely(copied < len) && !PageUptodate(page)) {
	copied = 0;
	ext4_journalled_zero_new_buffers(handle, page, from, to);
	} else {
	@@ -1471,6 +1480,7 @@ static int ext4_journalled_write_end(str
	*/
	ext4_orphan_add(handle, inode);

	+errout:
	ret2 = ext4_journal_stop(handle);
	if (!ret)
	ret = ret2;