[ Sasha's backport helper bot ]
Hi,
✅ All tests passed successfully. No issues detected. No action required from the submitter.
The upstream commit SHA1 provided is correct: af98b0157adf6504fade79b3e6cb260c4ff68e37
Status in newer kernel trees: 6.15.y | Present (different SHA1: ddfb8877c6b5) 6.12.y | Present (different SHA1: 25cc031107f4) 6.6.y | Present (different SHA1: 543c9aed6f73) 6.1.y | Present (different SHA1: e7c29c3b1d88) 5.15.y | Present (different SHA1: b58688929dc8) 5.10.y | Present (different SHA1: b5960460d84e)
Note: The patch differs from the upstream commit: --- 1: af98b0157adf6 ! 1: e2e4e77718de3 jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() @@ Metadata ## Commit message ## jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()
+ commit af98b0157adf6504fade79b3e6cb260c4ff68e37 upstream. + Since handle->h_transaction may be a NULL pointer, so we should change it to call is_handle_aborted(handle) first before dereferencing it.
@@ Commit message Cc: stable@kernel.org
## fs/jbd2/transaction.c ## -@@ fs/jbd2/transaction.c: int jbd2_journal_dirty_metadata(handle_t *handle, struct buffer_head *bh) - jh->b_next_transaction == transaction); - spin_unlock(&jh->b_state_lock); - } -- if (jh->b_modified == 1) { -+ if (data_race(jh->b_modified == 1)) { - /* If it's in our transaction it must be in BJ_Metadata list. */ - if (data_race(jh->b_transaction == transaction && - jh->b_jlist != BJ_Metadata)) { @@ fs/jbd2/transaction.c: int jbd2_journal_dirty_metadata(handle_t *handle, struct buffer_head *bh) goto out; }
- journal = transaction->t_journal; - spin_lock(&jh->b_state_lock); + jbd_lock_bh_state(bh);
if (is_handle_aborted(handle)) { @@ fs/jbd2/transaction.c: int jbd2_journal_dirty_metadata(handle_t *handle, struct buffer_head *bh) ---
Results of testing on various branches:
| Branch | Patch Apply | Build Test | |---------------------------|-------------|------------| | stable/linux-5.4.y | Success | Success |