• zhangyi (F)'s avatar
    ext4: brelse all indirect buffer in ext4_ind_remove_space() · 69d255f9
    zhangyi (F) authored
    BugLink: https://bugs.launchpad.net/bugs/1826212
    
    commit 674a2b27 upstream.
    
    All indirect buffers get by ext4_find_shared() should be released no
    mater the branch should be freed or not. But now, we forget to release
    the lower depth indirect buffers when removing space from the same
    higher depth indirect block. It will lead to buffer leak and futher
    more, it may lead to quota information corruption when using old quota,
    consider the following case.
    
     - Create and mount an empty ext4 filesystem without extent and quota
       features,
     - quotacheck and enable the user & group quota,
     - Create some files and write some data to them, and then punch hole
       to some files of them, it may trigger the buffer leak problem
       mentioned above.
     - Disable quota and run quotacheck again, it will create two new
       aquota files and write the checked quota information to them, which
       probably may reuse the freed indirect block(the buffer and page
       cache was not freed) as data block.
     - Enable quota again, it will invoke
       vfs_load_quota_inode()->invalidate_bdev() to try to clean unused
       buffers and pagecache. Unfortunately, because of the buffer of quota
       data block is still referenced, quota code cannot read the up to date
       quota info from the device and lead to quota information corruption.
    
    This problem can be reproduced by xfstests generic/231 on ext3 file
    system or ext4 file system without extent and quota features.
    
    This patch fix this problem by releasing the missing indirect buffers,
    in ext4_ind_remove_space().
    Reported-by: default avatarHulk Robot <hulkci@huawei.com>
    Signed-off-by: default avatarzhangyi (F) <yi.zhang@huawei.com>
    Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
    Reviewed-by: default avatarJan Kara <jack@suse.cz>
    Cc: stable@kernel.org
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
    Signed-off-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
    69d255f9
indirect.c 46.1 KB