diff options
| author | Brian Foster <[email protected]> | 2025-05-16 17:38:00 +0000 |
|---|---|---|
| committer | Theodore Ts'o <[email protected]> | 2025-05-20 14:31:13 +0000 |
| commit | e26268ff1dcae5662c1b96c35f18cfa6ab73d9de (patch) | |
| tree | 0f29f14f8818e01de277bd94bd917537ae40f53c /net/dsa/user.c | |
| parent | ext4: Add atomic block write documentation (diff) | |
| download | kernel-e26268ff1dcae5662c1b96c35f18cfa6ab73d9de.tar.gz kernel-e26268ff1dcae5662c1b96c35f18cfa6ab73d9de.zip | |
ext4: only dirty folios when data journaling regular files
fstest generic/388 occasionally reproduces a crash that looks as
follows:
BUG: kernel NULL pointer dereference, address: 0000000000000000
...
Call Trace:
<TASK>
ext4_block_zero_page_range+0x30c/0x380 [ext4]
ext4_truncate+0x436/0x440 [ext4]
ext4_process_orphan+0x5d/0x110 [ext4]
ext4_orphan_cleanup+0x124/0x4f0 [ext4]
ext4_fill_super+0x262d/0x3110 [ext4]
get_tree_bdev_flags+0x132/0x1d0
vfs_get_tree+0x26/0xd0
vfs_cmd_create+0x59/0xe0
__do_sys_fsconfig+0x4ed/0x6b0
do_syscall_64+0x82/0x170
...
This occurs when processing a symlink inode from the orphan list. The
partial block zeroing code in the truncate path calls
ext4_dirty_journalled_data() -> folio_mark_dirty(). The latter calls
mapping->a_ops->dirty_folio(), but symlink inodes are not assigned an
a_ops vector in ext4, hence the crash.
To avoid this problem, update the ext4_dirty_journalled_data() helper to
only mark the folio dirty on regular files (for which a_ops is
assigned). This also matches the journaling logic in the ext4_symlink()
creation path, where ext4_handle_dirty_metadata() is called directly.
Fixes: d84c9ebdac1e ("ext4: Mark pages with journalled data dirty")
Signed-off-by: Brian Foster <[email protected]>
Link: https://patch.msgid.link/[email protected]
Signed-off-by: Theodore Ts'o <[email protected]>
Reviewed-by: Jan Kara <[email protected]>
Cc: [email protected]
Diffstat (limited to 'net/dsa/user.c')
0 files changed, 0 insertions, 0 deletions