From: Al Viro viro@zeniv.linux.org.uk
commit 27e714c007e4ad01837bf0fac5c11913a38d7695 upstream.
In 27cfa258951a "ext2: fix fs corruption when trying to remove a non-empty directory with IO error" a funny thing has happened:
- page = ext2_get_page(inode, i, dir_has_error, &page_addr); + page = ext2_get_page(inode, i, 0, &page_addr);
- if (IS_ERR(page)) { - dir_has_error = 1; - continue; - } + if (IS_ERR(page)) + goto not_empty;
And at not_empty: we hit ext2_put_page(page, page_addr), which does put_page(page). Which, unless I'm very mistaken, should oops immediately when given ERR_PTR(-E...) as page.
OK, shit happens, insufficiently tested patches included. But when commit in question describes the fault-injection test that exercised that particular failure exit...
Ow.
CC: stable@vger.kernel.org Fixes: 27cfa258951a ("ext2: fix fs corruption when trying to remove a non-empty directory with IO error") Signed-off-by: Al Viro viro@zeniv.linux.org.uk Signed-off-by: Jan Kara jack@suse.cz Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- fs/ext2/dir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/ext2/dir.c +++ b/fs/ext2/dir.c @@ -679,7 +679,7 @@ int ext2_empty_dir (struct inode * inode page = ext2_get_page(inode, i, 0, &page_addr);
if (IS_ERR(page)) - goto not_empty; + return 0;
kaddr = page_addr; de = (ext2_dirent *)kaddr;