aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarkus Trippelsdorf <markus@trippelsdorf.de>2010-11-17 21:46:06 -0500
committerTheodore Ts'o <tytso@mit.edu>2010-11-17 21:46:06 -0500
commit08da1193d2c8c7a25d0cef7f85d0b9f1ad7c583a (patch)
tree5a288945b73bc0ea79ca26e556f8061b51a85c1d
parente53beacd23d9cb47590da6a7a7f6d417b941a994 (diff)
ext4: fix setting random pages PageUptodate
ext4_end_bio calls put_page and kmem_cache_free before calling SetPageUpdate(). This can result in setting the PageUptodate bit on random pages and causes the following BUG: BUG: Bad page state in process rm pfn:52e54 page:ffffea0001222260 count:0 mapcount:0 mapping: (null) index:0x0 arch kernel: page flags: 0x4000000000000008(uptodate) Fix the problem by moving put_io_page() after the SetPageUpdate() call. Thanks to Hugh Dickins for analyzing this problem. Reported-by: Markus Trippelsdorf <markus@trippelsdorf.de> Tested-by: Markus Trippelsdorf <markus@trippelsdorf.de> Signed-off-by: Markus Trippelsdorf <markus@trippelsdorf.de> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
-rw-r--r--fs/ext4/page-io.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/fs/ext4/page-io.c b/fs/ext4/page-io.c
index 7f5451cd1d38..beacce11ac50 100644
--- a/fs/ext4/page-io.c
+++ b/fs/ext4/page-io.c
@@ -237,8 +237,6 @@ static void ext4_end_bio(struct bio *bio, int error)
237 } while (bh != head); 237 } while (bh != head);
238 } 238 }
239 239
240 put_io_page(io_end->pages[i]);
241
242 /* 240 /*
243 * If this is a partial write which happened to make 241 * If this is a partial write which happened to make
244 * all buffers uptodate then we can optimize away a 242 * all buffers uptodate then we can optimize away a
@@ -248,6 +246,8 @@ static void ext4_end_bio(struct bio *bio, int error)
248 */ 246 */
249 if (!partial_write) 247 if (!partial_write)
250 SetPageUptodate(page); 248 SetPageUptodate(page);
249
250 put_io_page(io_end->pages[i]);
251 } 251 }
252 io_end->num_io_pages = 0; 252 io_end->num_io_pages = 0;
253 inode = io_end->inode; 253 inode = io_end->inode;