[PATCH] fs: Remove redundant errseq_set call in mark_buffer_write_io_error.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

mark_buffer_write_io_error sets sb->s_wb_err to -EIO twice.
Once in mapping_set_error and once in errseq_set.
Only mapping_set_error checks if bh->b_assoc_map->host is NULL.

Discovered during null pointer dereference while removing
a failing iblock device:

0xffffffff8be13778      mark_buffer_write_io_error + 0x98
0xffffffff8c755310      end_buffer_async_write + 0x90
0xffffffff8c75791b      end_bio_bh_io_sync + 0x2b
0xffffffff8c7c54d2      blk_update_request + 0x1b2
0xffffffff8c7c58c8      blk_mq_end_request + 0x18
0xffffffff8c7c6f96      blk_mq_dispatch_rq_list + 0x8d6
0xffffffff8c7caf98      __blk_mq_sched_dispatch_requests + 0x218
0xffffffff8c7cad2a      blk_mq_sched_dispatch_requests + 0x3a
0xffffffff8c7c6088      blk_mq_run_hw_queue + 0x108
0xffffffff8c7c74b8      blk_mq_flush_plug_list + 0x178
0xffffffff8c7c0c61      __blk_flush_plug + 0x41
0xffffffff8c7c0d72      blk_finish_plug + 0x22
0xffffffff8c6d8a98      do_writepages + 0x98
0xffffffff8c6d16f0      filemap_fdatawrite_wbc + 0x70
0xffffffff8c6d195c      filemap_flush + 0x9c
0xffffffff8be0d730      sync_filesystem + 0x40
0xffffffff8bdecfd7      fs_bdev_mark_dead + 0x27
0xffffffff8bf35fdb      bdev_mark_dead + 0x6b
0xffffffff8bf4a993      blk_report_disk_dead + 0x73
0xffffffff8c7cc2ce      del_gendisk + 0xde
0xffffffff8c153f14      iblock_destroy_blkdev + 0x24
0xffffffff8c1523ce      iblock_destroy_work_fn + 0x1e
0xffffffff8c658b75      process_scheduled_works + 0x1d5
0xffffffff8c6590ca      worker_thread + 0x1da

Fixes: 4b2201dad2674 ("fs: stop using bdev->bd_super in mark_buffer_write_io_error")
Signed-off-by: Jeremy Bongio <jbongio@xxxxxxxxxx>
---
 fs/buffer.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/fs/buffer.c b/fs/buffer.c
index 7be23ff20b27..d7456e4643f6 100644
--- a/fs/buffer.c
+++ b/fs/buffer.c
@@ -1222,7 +1222,6 @@ void mark_buffer_write_io_error(struct buffer_head *bh)
 		mapping_set_error(bh->b_folio->mapping, -EIO);
 	if (bh->b_assoc_map) {
 		mapping_set_error(bh->b_assoc_map, -EIO);
-		errseq_set(&bh->b_assoc_map->host->i_sb->s_wb_err, -EIO);
 	}
 }
 EXPORT_SYMBOL(mark_buffer_write_io_error);
-- 
2.49.0.967.g6a0df3ecc3-goog
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux