From: Zhang, Yanmin <[email protected]>
Function journal_write_metadata_buffer doesn't estimate the return
value of jbd_slab_alloc. If the allocation fails, later jbd_slab_free
or memcpy will cause kernel oops.
Add flag __GFP_NOFAIL when allocating block. The patch is against
2.6.18-mm1.
Signed-off-by: Zhang Yanmin <[email protected]>
---
--- linux-2.6.18_mm1/fs/jbd/journal.c 2006-09-29 07:19:49.000000000 -0600
+++ linux-2.6.18_mm1_fix/fs/jbd/journal.c 2006-09-30 03:01:38.000000000 -0600
@@ -329,7 +329,7 @@ repeat:
char *tmp;
jbd_unlock_bh_state(bh_in);
- tmp = jbd_slab_alloc(bh_in->b_size, GFP_NOFS);
+ tmp = jbd_slab_alloc(bh_in->b_size, GFP_NOFS|__GFP_NOFAIL);
jbd_lock_bh_state(bh_in);
if (jh_in->b_frozen_data) {
jbd_slab_free(tmp, bh_in->b_size);
On Fri, 29 Sep 2006 09:53:33 +0800
"Zhang, Yanmin" <[email protected]> wrote:
> Function journal_write_metadata_buffer doesn't estimate the return
> value of jbd_slab_alloc. If the allocation fails, later jbd_slab_free
> or memcpy will cause kernel oops.
>
> Add flag __GFP_NOFAIL when allocating block. The patch is against
> 2.6.18-mm1.
>
> Signed-off-by: Zhang Yanmin <[email protected]>
>
> ---
>
> --- linux-2.6.18_mm1/fs/jbd/journal.c 2006-09-29 07:19:49.000000000 -0600
> +++ linux-2.6.18_mm1_fix/fs/jbd/journal.c 2006-09-30 03:01:38.000000000 -0600
> @@ -329,7 +329,7 @@ repeat:
> char *tmp;
>
> jbd_unlock_bh_state(bh_in);
> - tmp = jbd_slab_alloc(bh_in->b_size, GFP_NOFS);
> + tmp = jbd_slab_alloc(bh_in->b_size, GFP_NOFS|__GFP_NOFAIL);
jbd_slab_alloc() does that internally.