Skip to content

Commit 3cbac68

Browse files
Luis Henriques (SUSE)smb49
Luis Henriques (SUSE)
authored and
smb49
committed
ext4: fix possible tid_t sequence overflows
BugLink: https://bugs.launchpad.net/bugs/2081279 [ Upstream commit 6346966 ] In the fast commit code there are a few places where tid_t variables are being compared without taking into account the fact that these sequence numbers may wrap. Fix this issue by using the helper functions tid_gt() and tid_geq(). Signed-off-by: Luis Henriques (SUSE) <luis.henriques@linux.dev> Reviewed-by: Jan Kara <jack@suse.cz> Reviewed-by: Harshad Shirwadkar <harshadshirwadkar@gmail.com> Link: https://patch.msgid.link/20240529092030.9557-3-luis.henriques@linux.dev Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Koichiro Den <koichiro.den@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
1 parent eb0578e commit 3cbac68

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

fs/ext4/fast_commit.c

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -325,7 +325,7 @@ void ext4_fc_mark_ineligible(struct super_block *sb, int reason, handle_t *handl
325325
read_unlock(&sbi->s_journal->j_state_lock);
326326
}
327327
spin_lock(&sbi->s_fc_lock);
328-
if (sbi->s_fc_ineligible_tid < tid)
328+
if (tid_gt(tid, sbi->s_fc_ineligible_tid))
329329
sbi->s_fc_ineligible_tid = tid;
330330
spin_unlock(&sbi->s_fc_lock);
331331
WARN_ON(reason >= EXT4_FC_REASON_MAX);
@@ -1206,7 +1206,7 @@ int ext4_fc_commit(journal_t *journal, tid_t commit_tid)
12061206
if (ret == -EALREADY) {
12071207
/* There was an ongoing commit, check if we need to restart */
12081208
if (atomic_read(&sbi->s_fc_subtid) <= subtid &&
1209-
commit_tid > journal->j_commit_sequence)
1209+
tid_gt(commit_tid, journal->j_commit_sequence))
12101210
goto restart_fc;
12111211
ext4_fc_update_stats(sb, EXT4_FC_STATUS_SKIPPED, 0, 0);
12121212
return 0;
@@ -1278,7 +1278,7 @@ static void ext4_fc_cleanup(journal_t *journal, int full, tid_t tid)
12781278
list_del_init(&iter->i_fc_list);
12791279
ext4_clear_inode_state(&iter->vfs_inode,
12801280
EXT4_STATE_FC_COMMITTING);
1281-
if (iter->i_sync_tid <= tid)
1281+
if (tid_geq(tid, iter->i_sync_tid))
12821282
ext4_fc_reset_inode(&iter->vfs_inode);
12831283
/* Make sure EXT4_STATE_FC_COMMITTING bit is clear */
12841284
smp_mb();
@@ -1308,7 +1308,7 @@ static void ext4_fc_cleanup(journal_t *journal, int full, tid_t tid)
13081308
list_splice_init(&sbi->s_fc_q[FC_Q_STAGING],
13091309
&sbi->s_fc_q[FC_Q_MAIN]);
13101310

1311-
if (tid >= sbi->s_fc_ineligible_tid) {
1311+
if (tid_geq(tid, sbi->s_fc_ineligible_tid)) {
13121312
sbi->s_fc_ineligible_tid = 0;
13131313
ext4_clear_mount_flag(sb, EXT4_MF_FC_INELIGIBLE);
13141314
}

0 commit comments

Comments
 (0)