jbd: ordered data integrity fix
Hidehiro Kawai [Sun, 19 Oct 2008 03:27:58 +0000 (20:27 -0700)]
In ordered mode, if a file data buffer being dirtied exists in the
committing transaction, we write the buffer to the disk, move it from the
committing transaction to the running transaction, then dirty it.  But we
don't have to remove the buffer from the committing transaction when the
buffer couldn't be written out, otherwise it would miss the error and the
committing transaction would not abort.

This patch adds an error check before removing the buffer from the
committing transaction.

Signed-off-by: Hidehiro Kawai <hidehiro.kawai.ez@hitachi.com>
Acked-by: Jan Kara <jack@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

fs/jbd/transaction.c

index 0540ca2..d15cd6e 100644 (file)
@@ -954,9 +954,10 @@ int journal_dirty_data(handle_t *handle, struct buffer_head *bh)
        journal_t *journal = handle->h_transaction->t_journal;
        int need_brelse = 0;
        struct journal_head *jh;
+       int ret = 0;
 
        if (is_handle_aborted(handle))
-               return 0;
+               return ret;
 
        jh = journal_add_journal_head(bh);
        JBUFFER_TRACE(jh, "entry");
@@ -1067,7 +1068,16 @@ int journal_dirty_data(handle_t *handle, struct buffer_head *bh)
                                   time if it is redirtied */
                        }
 
-                       /* journal_clean_data_list() may have got there first */
+                       /*
+                        * We cannot remove the buffer with io error from the
+                        * committing transaction, because otherwise it would
+                        * miss the error and the commit would not abort.
+                        */
+                       if (unlikely(!buffer_uptodate(bh))) {
+                               ret = -EIO;
+                               goto no_journal;
+                       }
+
                        if (jh->b_transaction != NULL) {
                                JBUFFER_TRACE(jh, "unfile from commit");
                                __journal_temp_unlink_buffer(jh);
@@ -1108,7 +1118,7 @@ no_journal:
        }
        JBUFFER_TRACE(jh, "exit");
        journal_put_journal_head(jh);
-       return 0;
+       return ret;
 }
 
 /**