>From Andreas Dilger:
Nowhere in journal_start() (or more specifically in start_this_handle()
is any sanity checking on the number of blocks requested for a single
handle done. If you request more than journal_size/4 blocks for a handle
it will loop endlessly on repeat_locked: trying to "free" enough blocks
to satisfy the request. The below patch validates the number of blocks
requested is small enough to actually be allocated, otherwise returns
-ENOSPC.
--- linux-2.4-ext3merge/fs/jbd/transaction.c.=K0003=.orig Thu Sep 26 12:25:37 2002
+++ linux-2.4-ext3merge/fs/jbd/transaction.c Thu Sep 26 12:25:37 2002
@@ -90,7 +90,14 @@
transaction_t *transaction;
int needed;
int nblocks = handle->h_buffer_credits;
-
+
+ if (nblocks > journal->j_max_transaction_buffers) {
+ jbd_debug(1, "JBD: %s wants too many credits (%d > %d)\n",
+ current->comm, nblocks,
+ journal->j_max_transaction_buffers);
+ return -ENOSPC;
+ }
+
jbd_debug(3, "New handle %p going live.\n", handle);
repeat: