From patchwork Sat Mar 27 19:16:15 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: [Bug,13549] Kernel oops while online resizing of an ext4 filesystem
Date: Sat, 27 Mar 2010 09:16:15 -0000
From: bugzilla-daemon@bugzilla.kernel.org
X-Patchwork-Id: 48751
Message-Id: <201003271916.o2RJGFvn019746@demeter.kernel.org>
To: linux-ext4@vger.kernel.org

https://bugzilla.kernel.org/show_bug.cgi?id=13549





--- Comment #18 from Eric Sandeen <sandeen@redhat.com>  2010-03-27 19:16:09 ---
Reproducer works perfectly, thanks.

So here's the issue; sbi->flex_groups[] doesn't get filled out in
ext4_fill_flex_info() because:

        if (groups_per_flex < 2) {
                sbi->s_log_groups_per_flex = 0;
                return 1;
        }

but resize is unconditionally doing this in ext4_group_add as long as the
FLEX_BG feature is set:

                atomic_add(input->free_blocks_count,
                           &sbi->s_flex_groups[flex_group].free_blocks);

so for a NULL s_flex groups it went boom.

Every other access to ->s_flex_groups checks s_log_groups_per_flex first, so
this should be the proper fix:


This fixes the reproducer, need to double check it on Alessandro's image.

-Eric


Index: linux-2.6/fs/ext4/resize.c
===================================================================
--- linux-2.6.orig/fs/ext4/resize.c
+++ linux-2.6/fs/ext4/resize.c
@@ -930,7 +930,8 @@ int ext4_group_add(struct super_block *s
     percpu_counter_add(&sbi->s_freeinodes_counter,
                EXT4_INODES_PER_GROUP(sb));

-    if (EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_FLEX_BG)) {
+    if (EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_FLEX_BG) &&
+        sbi->s_log_groups_per_flex) {
         ext4_group_t flex_group;
         flex_group = ext4_flex_group(sbi, input->group);
         atomic_add(input->free_blocks_count,