summaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorLachlan McIlroy <lmcilroy@redhat.com>2013-05-05 23:10:00 -0400
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2013-05-19 10:04:40 -0700
commit7fb7465071b6f553c5c5cd8aca704cfc6896917c (patch)
tree22607bad9cad498c75df942ef3cc0f92cd95847a /fs
parentb9cbfd27308999d2ae56d1d341a3a77f91d04a19 (diff)
downloadlinux-stable-7fb7465071b6f553c5c5cd8aca704cfc6896917c.tar.gz
linux-stable-7fb7465071b6f553c5c5cd8aca704cfc6896917c.tar.bz2
linux-stable-7fb7465071b6f553c5c5cd8aca704cfc6896917c.zip
ext4: limit group search loop for non-extent files
commit e6155736ad76b2070652745f9e54cdea3f0d8567 upstream. In the case where we are allocating for a non-extent file, we must limit the groups we allocate from to those below 2^32 blocks, and ext4_mb_regular_allocator() attempts to do this initially by putting a cap on ngroups for the subsequent search loop. However, the initial target group comes in from the allocation context (ac), and it may already be beyond the artificially limited ngroups. In this case, the limit if (group == ngroups) group = 0; at the top of the loop is never true, and the loop will run away. Catch this case inside the loop and reset the search to start at group 0. [sandeen@redhat.com: add commit msg & comments] Signed-off-by: Lachlan McIlroy <lmcilroy@redhat.com> Signed-off-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'fs')
-rw-r--r--fs/ext4/mballoc.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
index 35959f641986..cdb84142d944 100644
--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
@@ -2026,7 +2026,11 @@ repeat:
group = ac->ac_g_ex.fe_group;
for (i = 0; i < ngroups; group++, i++) {
- if (group == ngroups)
+ /*
+ * Artificially restricted ngroups for non-extent
+ * files makes group > ngroups possible on first loop.
+ */
+ if (group >= ngroups)
group = 0;
/* This now checks without needing the buddy page */