diff mbox series

ocfs2: fix infinite loop for orphan entry list

Message ID	20221125034118.427-1-lihongweizz@inspur.com
State	New
Headers	Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; From: lihongweizz <lihongweizz@inspur.com> To: <mark@fasheh.com>, <jlbec@evilplan.org>, <joseph.qi@linux.alibaba.com> CC: <ocfs2-devel@oss.oracle.com>, <linux-kernel@vger.kernel.org>, lihongweizz <lihongweizz@inspur.com> Subject: [PATCH] ocfs2: fix infinite loop for orphan entry list Date: Fri, 25 Nov 2022 11:41:18 +0800 Message-ID: <20221125034118.427-1-lihongweizz@inspur.com> MIME-Version: 1.0 Content-Type: text/plain tUid: 20221125114123bca5f4d50778c114cbf93989e7e66be2 Abuse-Reports-To: service@corp-email.com Precedence: bulk
Series	ocfs2: fix infinite loop for orphan entry list \| ocfs2: fix infinite loop for orphan entry list

Commit Message

lihongweizz Nov. 25, 2022, 3:41 a.m. UTC

  Orphan file may be in the recover list already when the ip_next_orphan
is NULL (for example, orphan file is second tail elementof recover
list). In this scenario, the file could be added to the list twice
and infinite loop happened. So we need another pointer value here(EFAULT)
 instead of NULL for the list tail element.

Signed-off-by: lihongweizz <lihongweizz@inspur.com>
---
 fs/ocfs2/journal.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Joseph Qi Nov. 25, 2022, 9:41 a.m. UTC | #1

On 11/25/22 11:41 AM, lihongweizz wrote:
> Orphan file may be in the recover list already when the ip_next_orphan
> is NULL (for example, orphan file is second tail elementof recover
> list). In this scenario, the file could be added to the list twice
> and infinite loop happened. So we need another pointer value here(EFAULT)
>  instead of NULL for the list tail element.
> 

Don't understand how it happens. Is this a real issue you encountered?
When queue orphans, it will bypass those already in recover list.

Thanks,
Joseph

> Signed-off-by: lihongweizz <lihongweizz@inspur.com>
> ---
>  fs/ocfs2/journal.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/ocfs2/journal.c b/fs/ocfs2/journal.c
> index 126671e..4620013 100644
> --- a/fs/ocfs2/journal.c
> +++ b/fs/ocfs2/journal.c
> @@ -2207,7 +2207,7 @@ static int ocfs2_recover_orphans(struct ocfs2_super *osb,
>  				 enum ocfs2_orphan_reco_type orphan_reco_type)
>  {
>  	int ret = 0;
> -	struct inode *inode = NULL;
> +	struct inode *inode = ERR_PTR(-EFAULT);
>  	struct inode *iter;
>  	struct ocfs2_inode_info *oi;
>  	struct buffer_head *di_bh = NULL;
> @@ -2224,7 +2224,7 @@ static int ocfs2_recover_orphans(struct ocfs2_super *osb,
>  	if (ret)
>  		mlog_errno(ret);
>  
> -	while (inode) {
> +	while (!IS_ERR(inode)) {
>  		oi = OCFS2_I(inode);
>  		trace_ocfs2_recover_orphans_iput(
>  					(unsigned long long)oi->ip_blkno);

diff mbox series

Patch

diff --git a/fs/ocfs2/journal.c b/fs/ocfs2/journal.c
index 126671e..4620013 100644
--- a/fs/ocfs2/journal.c
+++ b/fs/ocfs2/journal.c
@@ -2207,7 +2207,7 @@  static int ocfs2_recover_orphans(struct ocfs2_super *osb,
 				 enum ocfs2_orphan_reco_type orphan_reco_type)
 {
 	int ret = 0;
-	struct inode *inode = NULL;
+	struct inode *inode = ERR_PTR(-EFAULT);
 	struct inode *iter;
 	struct ocfs2_inode_info *oi;
 	struct buffer_head *di_bh = NULL;
@@ -2224,7 +2224,7 @@  static int ocfs2_recover_orphans(struct ocfs2_super *osb,
 	if (ret)
 		mlog_errno(ret);
 
-	while (inode) {
+	while (!IS_ERR(inode)) {
 		oi = OCFS2_I(inode);
 		trace_ocfs2_recover_orphans_iput(
 					(unsigned long long)oi->ip_blkno);