Skip to content

Commit e708698

Browse files
torvaldstorvalds
committed
Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4
Pull ext4 fixes from Ted Ts'o: "Two more bug fixes (including a regression) for 5.6" * tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4: ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() jbd2: fix data races at struct journal_head
2 parents f853ed9 + 37b0b6b commit e708698

File tree

2 files changed

+7
-7
lines changed

2 files changed

+7
-7
lines changed

fs/ext4/super.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2391,7 +2391,7 @@ int ext4_alloc_flex_bg_array(struct super_block *sb, ext4_group_t ngroup)
23912391
{
23922392
struct ext4_sb_info *sbi = EXT4_SB(sb);
23932393
struct flex_groups **old_groups, **new_groups;
2394-
int size, i;
2394+
int size, i, j;
23952395

23962396
if (!sbi->s_log_groups_per_flex)
23972397
return 0;
@@ -2412,8 +2412,8 @@ int ext4_alloc_flex_bg_array(struct super_block *sb, ext4_group_t ngroup)
24122412
sizeof(struct flex_groups)),
24132413
GFP_KERNEL);
24142414
if (!new_groups[i]) {
2415-
for (i--; i >= sbi->s_flex_groups_allocated; i--)
2416-
kvfree(new_groups[i]);
2415+
for (j = sbi->s_flex_groups_allocated; j < i; j++)
2416+
kvfree(new_groups[j]);
24172417
kvfree(new_groups);
24182418
ext4_msg(sb, KERN_ERR,
24192419
"not enough memory for %d flex groups", size);

fs/jbd2/transaction.c

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1150,8 +1150,8 @@ static bool jbd2_write_access_granted(handle_t *handle, struct buffer_head *bh,
11501150
/* For undo access buffer must have data copied */
11511151
if (undo && !jh->b_committed_data)
11521152
goto out;
1153-
if (jh->b_transaction != handle->h_transaction &&
1154-
jh->b_next_transaction != handle->h_transaction)
1153+
if (READ_ONCE(jh->b_transaction) != handle->h_transaction &&
1154+
READ_ONCE(jh->b_next_transaction) != handle->h_transaction)
11551155
goto out;
11561156
/*
11571157
* There are two reasons for the barrier here:
@@ -2569,8 +2569,8 @@ bool __jbd2_journal_refile_buffer(struct journal_head *jh)
25692569
* our jh reference and thus __jbd2_journal_file_buffer() must not
25702570
* take a new one.
25712571
*/
2572-
jh->b_transaction = jh->b_next_transaction;
2573-
jh->b_next_transaction = NULL;
2572+
WRITE_ONCE(jh->b_transaction, jh->b_next_transaction);
2573+
WRITE_ONCE(jh->b_next_transaction, NULL);
25742574
if (buffer_freed(bh))
25752575
jlist = BJ_Forget;
25762576
else if (jh->b_modified)

0 commit comments

Comments
 (0)