summaryrefslogtreecommitdiff
path: root/fs/exec.c
diff options
context:
space:
mode:
authorEric Sandeen <sandeen@redhat.com>2014-10-11 19:51:17 -0400
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2014-11-14 08:59:58 -0800
commit5564e1365b438780d57958db1f972d1e4b0a5556 (patch)
tree7d8685121acaa4aa3c8a81a4f81e8907996e5269 /fs/exec.c
parent1ae35c4429db5faebb217b4255077b196f14227e (diff)
downloadkernel-common-5564e1365b438780d57958db1f972d1e4b0a5556.tar.gz
kernel-common-5564e1365b438780d57958db1f972d1e4b0a5556.tar.bz2
kernel-common-5564e1365b438780d57958db1f972d1e4b0a5556.zip
ext4: fix reservation overflow in ext4_da_write_begin
commit 0ff8947fc5f700172b37cbca811a38eb9cb81e08 upstream. Delalloc write journal reservations only reserve 1 credit, to update the inode if necessary. However, it may happen once in a filesystem's lifetime that a file will cross the 2G threshold, and require the LARGE_FILE feature to be set in the superblock as well, if it was not set already. This overruns the transaction reservation, and can be demonstrated simply on any ext4 filesystem without the LARGE_FILE feature already set: dd if=/dev/zero of=testfile bs=1 seek=2147483646 count=1 \ conv=notrunc of=testfile sync dd if=/dev/zero of=testfile bs=1 seek=2147483647 count=1 \ conv=notrunc of=testfile leads to: EXT4-fs: ext4_do_update_inode:4296: aborting transaction: error 28 in __ext4_handle_dirty_super EXT4-fs error (device loop0) in ext4_do_update_inode:4301: error 28 EXT4-fs error (device loop0) in ext4_reserve_inode_write:4757: Readonly filesystem EXT4-fs error (device loop0) in ext4_dirty_inode:4876: error 28 EXT4-fs error (device loop0) in ext4_da_write_end:2685: error 28 Adjust the number of credits based on whether the flag is already set, and whether the current write may extend past the LARGE_FILE limit. Signed-off-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Reviewed-by: Andreas Dilger <adilger@dilger.ca> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'fs/exec.c')
0 files changed, 0 insertions, 0 deletions