jbd2: protect all log tail updates with j_checkpoint_mutex

commit a78bb11d7acd525623c6a0c2ff4e213d527573fa upstream.

There are some log tail updates that are not protected by j_checkpoint_mutex.
Some of these are harmless because they happen during startup or shutdown but
updates in jbd2_journal_commit_transaction() and jbd2_journal_flush() can
really race with other log tail updates (e.g. someone doing
jbd2_journal_flush() with someone running jbd2_cleanup_journal_tail()). So
protect all log tail updates with j_checkpoint_mutex.

Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
[bwh: Backported to 3.2:
 - Adjust context
 - Add unlock on the error path in jbd2_journal_flush()]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Cc: Bartosz Kwitniewski <zerg2000@astral.org.pl>

diff --git a/fs/jbd2/commit.c b/fs/jbd2/commit.c
index bccb605..b6c3c14 100644 (file)
--- a/fs/jbd2/commit.c
+++ b/fs/jbd2/commit.c
@@ -340,6 +340,7 @@ void jbd2_journal_commit_transaction(journal_t *journal)
        /* Do we need to erase the effects of a prior jbd2_journal_flush? */
        if (journal->j_flags & JBD2_FLUSHED) {
                jbd_debug(3, "super block updated\n");
+               mutex_lock(&journal->j_checkpoint_mutex);
                /*
                 * We hold j_checkpoint_mutex so tail cannot change under us.
                 * We don't need any special data guarantees for writing sb
@@ -350,6 +351,7 @@ void jbd2_journal_commit_transaction(journal_t *journal)
                                                journal->j_tail_sequence,
                                                journal->j_tail,
                                                WRITE_SYNC);
+               mutex_unlock(&journal->j_checkpoint_mutex);
        } else {
                jbd_debug(3, "superblock not updated\n");
        }

diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c
index 9532dac..6290815 100644 (file)
--- a/fs/jbd2/journal.c
+++ b/fs/jbd2/journal.c
@@ -1242,6 +1242,8 @@ static int journal_reset(journal_t *journal)
                        journal->j_errno);
                journal->j_flags |= JBD2_FLUSHED;
        } else {
+               /* Lock here to make assertions happy... */
+               mutex_lock(&journal->j_checkpoint_mutex);
                /*
                 * Update log tail information. We use WRITE_FUA since new
                 * transaction will start reusing journal space and so we
@@ -1252,6 +1254,7 @@ static int journal_reset(journal_t *journal)
                                                journal->j_tail_sequence,
                                                journal->j_tail,
                                                WRITE_FUA);
+               mutex_unlock(&journal->j_checkpoint_mutex);
        }
        return jbd2_journal_start_thread(journal);
 }
@@ -1314,6 +1317,7 @@ int jbd2_journal_update_sb_log_tail(journal_t *journal, tid_t tail_tid,
        journal_superblock_t *sb = journal->j_superblock;
        int ret;
 
+       BUG_ON(!mutex_is_locked(&journal->j_checkpoint_mutex));
        jbd_debug(1, "JBD2: updating superblock (start %lu, seq %u)\n",
                  tail_block, tail_tid);
 
@@ -1344,6 +1348,7 @@ static void jbd2_mark_journal_empty(journal_t *journal)
 {
        journal_superblock_t *sb = journal->j_superblock;
 
+       BUG_ON(!mutex_is_locked(&journal->j_checkpoint_mutex));
        read_lock(&journal->j_state_lock);
        jbd_debug(1, "JBD2: Marking journal as empty (seq %d)\n",
                  journal->j_tail_sequence);
@@ -1577,9 +1582,11 @@ int jbd2_journal_destroy(journal_t *journal)
        spin_unlock(&journal->j_list_lock);
 
        if (journal->j_sb_buffer) {
-               if (!is_journal_aborted(journal))
+               if (!is_journal_aborted(journal)) {
+                       mutex_lock(&journal->j_checkpoint_mutex);
                        jbd2_mark_journal_empty(journal);
-               else
+                       mutex_unlock(&journal->j_checkpoint_mutex);
+               } else
                        err = -EIO;
                brelse(journal->j_sb_buffer);
        }
@@ -1828,10 +1835,13 @@ int jbd2_journal_flush(journal_t *journal)
        if (is_journal_aborted(journal))
                return -EIO;
 
+       mutex_lock(&journal->j_checkpoint_mutex);
        if (!err) {
                err = jbd2_cleanup_journal_tail(journal);
-               if (err < 0)
+               if (err < 0) {
+                       mutex_unlock(&journal->j_checkpoint_mutex);
                        goto out;
+               }
                err = 0;
        }
 
@@ -1841,6 +1851,7 @@ int jbd2_journal_flush(journal_t *journal)
         * commits of data to the journal will restore the current
         * s_start value. */
        jbd2_mark_journal_empty(journal);
+       mutex_unlock(&journal->j_checkpoint_mutex);
        write_lock(&journal->j_state_lock);
        J_ASSERT(!journal->j_running_transaction);
        J_ASSERT(!journal->j_committing_transaction);
@@ -1882,8 +1893,12 @@ int jbd2_journal_wipe(journal_t *journal, int write)
                write ? "Clearing" : "Ignoring");
 
        err = jbd2_journal_skip_recovery(journal);
-       if (write)
+       if (write) {
+               /* Lock to make assertions happy... */
+               mutex_lock(&journal->j_checkpoint_mutex);
                jbd2_mark_journal_empty(journal);
+               mutex_unlock(&journal->j_checkpoint_mutex);
+       }
 
  no_recovery:
        return err;