tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

ext4: Fix fsync error handling after filesystem abort

If filesystem was aborted after inode's write back is complete
but before its metadata was updated we may return success
results in data loss.
In order to handle fs abort correctly we have to check
fs state once we discover that it is in MS_RDONLY state

Test case: http://patchwork.ozlabs.org/patch/244297

Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>

authored by

Dmitry Monakhov and committed by
Theodore Ts'o 4418e141 06a407f1

+17 -2
+6 -1
fs/ext4/fsync.c
··· 98 98 99 99 trace_ext4_sync_file_enter(file, datasync); 100 100 101 - if (inode->i_sb->s_flags & MS_RDONLY) 101 + if (inode->i_sb->s_flags & MS_RDONLY) { 102 + /* Make sure that we read updated s_mount_flags value */ 103 + smp_rmb(); 104 + if (EXT4_SB(inode->i_sb)->s_mount_flags & EXT4_MF_FS_ABORTED) 105 + ret = -EROFS; 102 106 goto out; 107 + } 103 108 104 109 if (!journal) { 105 110 ret = generic_file_fsync(file, start, end, datasync);
+11 -1
fs/ext4/super.c
··· 399 399 } 400 400 if (test_opt(sb, ERRORS_RO)) { 401 401 ext4_msg(sb, KERN_CRIT, "Remounting filesystem read-only"); 402 + /* 403 + * Make sure updated value of ->s_mount_flags will be visible 404 + * before ->s_flags update 405 + */ 406 + smp_wmb(); 402 407 sb->s_flags |= MS_RDONLY; 403 408 } 404 409 if (test_opt(sb, ERRORS_PANIC)) ··· 576 571 577 572 if ((sb->s_flags & MS_RDONLY) == 0) { 578 573 ext4_msg(sb, KERN_CRIT, "Remounting filesystem read-only"); 579 - sb->s_flags |= MS_RDONLY; 580 574 EXT4_SB(sb)->s_mount_flags |= EXT4_MF_FS_ABORTED; 575 + /* 576 + * Make sure updated value of ->s_mount_flags will be visible 577 + * before ->s_flags update 578 + */ 579 + smp_wmb(); 580 + sb->s_flags |= MS_RDONLY; 581 581 if (EXT4_SB(sb)->s_journal) 582 582 jbd2_journal_abort(EXT4_SB(sb)->s_journal, -EIO); 583 583 save_error_info(sb, function, line);