jbd2: don't leak modified metadata buffers on an aborted journal

commit e112666b4959b25a8552d63bc564e1059be703e8 upstream.

If the journal has been aborted, we shouldn't mark the underlying
buffer head as dirty, since that will cause the metadata block to get
modified.  And if the journal has been aborted, we shouldn't allow
this since it will almost certainly lead to a corrupted file system.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c
index e3c41c5..61537fe 100644 (file)
--- a/fs/jbd2/transaction.c
+++ b/fs/jbd2/transaction.c
@@ -1601,7 +1601,9 @@ void __jbd2_journal_temp_unlink_buffer(struct journal_head *jh)
 
        __blist_del_buffer(list, jh);
        jh->b_jlist = BJ_None;
-       if (test_clear_buffer_jbddirty(bh))
+       if (transaction && is_journal_aborted(transaction->t_journal))
+               clear_buffer_jbddirty(bh);
+       else if (test_clear_buffer_jbddirty(bh))
                mark_buffer_dirty(bh);  /* Expose it to the VM */
 }