diff options
author | Theodore Ts'o <tytso@mit.edu> | 2013-12-02 14:31:36 (GMT) |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2014-01-09 20:25:09 (GMT) |
commit | a3e59ae4f767e91bd3f2bdb1d62b1a336db70a72 (patch) | |
tree | 7738ae3b66e9cdf8ec7a31c19749e277c12ec395 /security/tomoyo/memory.c | |
parent | 7f4f86209be7221ddb145d7059dbbfc3667c1ef0 (diff) | |
download | linux-fsl-qoriq-a3e59ae4f767e91bd3f2bdb1d62b1a336db70a72.tar.xz |
ext4: call ext4_error_inode() if jbd2_journal_dirty_metadata() fails
commit ae1495b12df1897d4f42842a7aa7276d920f6290 upstream.
While it's true that errors can only happen if there is a bug in
jbd2_journal_dirty_metadata(), if a bug does happen, we need to halt
the kernel or remount the file system read-only in order to avoid
further data loss. The ext4_journal_abort_handle() function doesn't
do any of this, and while it's likely that this call (since it doesn't
adjust refcounts) will likely result in the file system eventually
deadlocking since the current transaction will never be able to close,
it's much cleaner to call let ext4's error handling system deal with
this situation.
There's a separate bug here which is that if certain jbd2 errors
errors occur and file system is mounted errors=continue, the file
system will probably eventually end grind to a halt as described
above. But things have been this way in a long time, and usually when
we have these sorts of errors it's pretty much a disaster --- and
that's why the jbd2 layer aggressively retries memory allocations,
which is the most likely cause of these jbd2 errors.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'security/tomoyo/memory.c')
0 files changed, 0 insertions, 0 deletions