• Duane Griffin's avatar
    ext3: handle deleting corrupted indirect blocks · 3ccc3167
    Duane Griffin authored
    While freeing indirect blocks we attach a journal head to the parent
    buffer head, free the blocks, then journal the parent.  If the indirect
    block list is corrupted and points to the parent the journal head will be
    detached when the block is cleared, causing an OOPS.
    
    Check for that explicitly and handle it gracefully.
    
    This patch fixes the third case (image hdb.20000057.nullderef.gz)
    reported in http://bugzilla.kernel.org/show_bug.cgi?id=10882.
    
    Immediately above the change, in the ext3_free_data function, we call
    ext3_clear_blocks to clear the indirect blocks in this parent block.  If
    one of those blocks happens to actually be the parent block it will clear
    b_private / BH_JBD.
    
    I did the check at the end rather than earlier as it seemed more elegant.
    I don't think there should be much practical difference, although it is
    possible the FS may not be quite so badly corrupted if we did it the other
    way (and didn't clear the block at all).  To be honest, I'm not convinced
    there aren't other similar failure modes lurking in this code, although I
    couldn't find any with a quick review.
    
    [akpm@linux-foundation.org: fix printk warning]
    Signed-off-by: default avatarDuane Griffin <duaneg@dghda.com>
    Cc: <linux-ext4@vger.kernel.org>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    3ccc3167
inode.c 96.1 KB