diff options
author | Markus Trippelsdorf <markus@trippelsdorf.de> | 2010-11-17 21:46:06 -0500 |
---|---|---|
committer | Theodore Ts'o <tytso@mit.edu> | 2010-11-17 21:46:06 -0500 |
commit | 08da1193d2c8c7a25d0cef7f85d0b9f1ad7c583a (patch) | |
tree | 5a288945b73bc0ea79ca26e556f8061b51a85c1d /fs | |
parent | e53beacd23d9cb47590da6a7a7f6d417b941a994 (diff) |
ext4: fix setting random pages PageUptodate
ext4_end_bio calls put_page and kmem_cache_free before calling
SetPageUpdate(). This can result in setting the PageUptodate bit on
random pages and causes the following BUG:
BUG: Bad page state in process rm pfn:52e54
page:ffffea0001222260 count:0 mapcount:0 mapping: (null) index:0x0
arch kernel: page flags: 0x4000000000000008(uptodate)
Fix the problem by moving put_io_page() after the SetPageUpdate() call.
Thanks to Hugh Dickins for analyzing this problem.
Reported-by: Markus Trippelsdorf <markus@trippelsdorf.de>
Tested-by: Markus Trippelsdorf <markus@trippelsdorf.de>
Signed-off-by: Markus Trippelsdorf <markus@trippelsdorf.de>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/ext4/page-io.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/fs/ext4/page-io.c b/fs/ext4/page-io.c index 7f5451cd1d38..beacce11ac50 100644 --- a/fs/ext4/page-io.c +++ b/fs/ext4/page-io.c | |||
@@ -237,8 +237,6 @@ static void ext4_end_bio(struct bio *bio, int error) | |||
237 | } while (bh != head); | 237 | } while (bh != head); |
238 | } | 238 | } |
239 | 239 | ||
240 | put_io_page(io_end->pages[i]); | ||
241 | |||
242 | /* | 240 | /* |
243 | * If this is a partial write which happened to make | 241 | * If this is a partial write which happened to make |
244 | * all buffers uptodate then we can optimize away a | 242 | * all buffers uptodate then we can optimize away a |
@@ -248,6 +246,8 @@ static void ext4_end_bio(struct bio *bio, int error) | |||
248 | */ | 246 | */ |
249 | if (!partial_write) | 247 | if (!partial_write) |
250 | SetPageUptodate(page); | 248 | SetPageUptodate(page); |
249 | |||
250 | put_io_page(io_end->pages[i]); | ||
251 | } | 251 | } |
252 | io_end->num_io_pages = 0; | 252 | io_end->num_io_pages = 0; |
253 | inode = io_end->inode; | 253 | inode = io_end->inode; |