• Eric Sandeen's avatar
    ext4: fix reservation overflow in ext4_da_write_begin · 1ec4a6e2
    Eric Sandeen authored
    commit 0ff8947f upstream.
    
    Delalloc write journal reservations only reserve 1 credit,
    to update the inode if necessary.  However, it may happen
    once in a filesystem's lifetime that a file will cross
    the 2G threshold, and require the LARGE_FILE feature to
    be set in the superblock as well, if it was not set already.
    
    This overruns the transaction reservation, and can be
    demonstrated simply on any ext4 filesystem without the LARGE_FILE
    feature already set:
    
    dd if=/dev/zero of=testfile bs=1 seek=2147483646 count=1 \
    	conv=notrunc of=testfile
    sync
    dd if=/dev/zero of=testfile bs=1 seek=2147483647 count=1 \
    	conv=notrunc of=testfile
    
    leads to:
    
    EXT4-fs: ext4_do_update_inode:4296: aborting transaction: error 28 in __ext4_handle_dirty_super
    EXT4-fs error (device loop0) in ext4_do_update_inode:4301: error 28
    EXT4-fs error (device loop0) in ext4_reserve_inode_write:4757: Readonly filesystem
    EXT4-fs error (device loop0) in ext4_dirty_inode:4876: error 28
    EXT4-fs error (device loop0) in ext4_da_write_end:2685: error 28
    
    Adjust the number of credits based on whether the flag is
    already set, and whether the current write may extend past the
    LARGE_FILE limit.
    Signed-off-by: default avatarEric Sandeen <sandeen@redhat.com>
    Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
    Reviewed-by: default avatarAndreas Dilger <adilger@dilger.ca>
    [bwh: Backported to 3.2:
     - ext4_journal_start() doesn't have a type parameter
     - Adjust context]
    Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
    1ec4a6e2
inode.c 140 KB