ext4_bdev_mark_dead() passes bdev->bd_holder to ext4_force_shutdown()
instead of bdev->bd_super leading to crashes. Fix it.
Fixes: dd2e31afba9e ("ext4: wire up the ->mark_dead holder operation for log devices")
Signed-off-by: Jan Kara <[email protected]>
---
fs/ext4/super.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 6f43a86ecf16..53d74144ee34 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1098,7 +1098,7 @@ void ext4_update_dynamic_rev(struct super_block *sb)
static void ext4_bdev_mark_dead(struct block_device *bdev)
{
- ext4_force_shutdown(bdev->bd_holder, EXT4_GOING_FLAGS_NOLOGFLUSH);
+ ext4_force_shutdown(bdev->bd_super, EXT4_GOING_FLAGS_NOLOGFLUSH);
}
static const struct blk_holder_ops ext4_holder_ops = {
--
2.35.3
On Wed, Jun 21, 2023 at 04:47:42PM +0200, Jan Kara wrote:
> ext4_bdev_mark_dead() passes bdev->bd_holder to ext4_force_shutdown()
> instead of bdev->bd_super leading to crashes. Fix it.
How does this crash? ext4_blkdev_get passes the sb as holder, and I
actually tested this code.
This is not to be confused with the blkdev_get_by_path in get_tree_bdev,
but that never ends up in ext4_bdev_mark_dead.
On Wed 21-06-23 07:52:27, Christoph Hellwig wrote:
> On Wed, Jun 21, 2023 at 04:47:42PM +0200, Jan Kara wrote:
> > ext4_bdev_mark_dead() passes bdev->bd_holder to ext4_force_shutdown()
> > instead of bdev->bd_super leading to crashes. Fix it.
>
> How does this crash? ext4_blkdev_get passes the sb as holder, and I
> actually tested this code.
>
> This is not to be confused with the blkdev_get_by_path in get_tree_bdev,
> but that never ends up in ext4_bdev_mark_dead.
Indeed, I have confused the method called for journal device with the
method called for the main filesystem device. Both my patches are wrong and
I'm sorry for the confusion!
Honza
--
Jan Kara <[email protected]>
SUSE Labs, CR