• Theodore Ts'o's avatar
    ext4: set h_journal if there is a failure starting a reserved handle · b2569260
    Theodore Ts'o authored
    If ext4 tries to start a reserved handle via
    jbd2_journal_start_reserved(), and the journal has been aborted, this
    can result in a NULL pointer dereference.  This is because the fields
    h_journal and h_transaction in the handle structure share the same
    memory, via a union, so jbd2_journal_start_reserved() will clear
    h_journal before calling start_this_handle().  If this function fails
    due to an aborted handle, h_journal will still be NULL, and the call
    to jbd2_journal_free_reserved() will pass a NULL journal to
    sub_reserve_credits().
    
    This can be reproduced by running "kvm-xfstests -c dioread_nolock
    generic/475".
    
    Cc: stable@kernel.org # 3.11
    Fixes: 8f7d89f3 ("jbd2: transaction reservation support")
    Signed-off-by: Theodore Ts'o's avatarTheodore Ts'o <tytso@mit.edu>
    Reviewed-by: default avatarAndreas Dilger <adilger@dilger.ca>
    Reviewed-by: default avatarJan Kara <jack@suse.cz>
    b2569260
Name
Last commit
Last update
..
Kconfig Loading commit data...
Makefile Loading commit data...
checkpoint.c Loading commit data...
commit.c Loading commit data...
journal.c Loading commit data...
recovery.c Loading commit data...
revoke.c Loading commit data...
transaction.c Loading commit data...