From patchwork Wed Apr  7 13:51:46 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: ext4: BUG_ON could be triggered in ext4_mb_normalize_request()
Date: Wed, 07 Apr 2010 03:51:46 -0000
From: jing zhang <zj.barak@gmail.com>
X-Patchwork-Id: 49607
Message-Id: <j2oac8f92701004070651xf35cfb9bsedcdd25169427515@mail.gmail.com>
To: linux-ext4 <linux-ext4@vger.kernel.org>
Cc: "Theodore Ts'o" <tytso@mit.edu>, Andreas Dilger <adilger@sun.com>,
 Dave Kleikamp <shaggy@linux.vnet.ibm.com>,
 "Aneesh Kumar K. V" <aneesh.kumar@linux.vnet.ibm.com>

From: Jing Zhang <zj.barak@gmail.com>

Date: Wed Apr 7 21:34:48     2010

BUG_ON at [line: 2912] could be triggered,
     if (pa->pa_deleted == 0 && pa->pa_free == 0)
as checked at [line: 3111] and [line: 3122].

It is bypassed by adding check for pa_free.

Cc: Theodore Ts'o <tytso@mit.edu>
Cc: Andreas Dilger <adilger@sun.com>
Cc: Dave Kleikamp <shaggy@linux.vnet.ibm.com>
Cc: Aneesh Kumar K. V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Jing Zhang <zj.barak@gmail.com>

---
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

--- linux-2.6.32/fs/ext4/mballoc.c	2009-12-03 11:51:22.000000000 +0800
+++ ext4_mm_leak/mballoc-16.c	2010-04-07 20:20:26.000000000 +0800
@@ -2901,7 +2901,7 @@ ext4_mb_normalize_request(struct ext4_al
 		if (pa->pa_deleted)
 			continue;
 		spin_lock(&pa->pa_lock);
-		if (pa->pa_deleted) {
+		if (pa->pa_deleted || 0 == pa->pa_free) {
 			spin_unlock(&pa->pa_lock);
 			continue;
 		}