From: Alex Tomas journal_release_buffer() can cause journal overflow in some (very rare) conditions. Th journal_head structure holds number of users of the buffer for current transaction. The routines do_get_write_access() and journal_get_create_access() tracks this number: 1) resets it to zero if the block's becoming part of the current transaction 2) increments it journal_release_buffer() decrements it and if it's 0, then the blocks isn't member of the transaction. The patch has been tested on UP with dbench and tool that uses xattr very much. Signed-off-by: Alex Tomas Signed-off-by: Andrew Morton --- 25-akpm/fs/jbd/transaction.c | 55 ++++++++++++++++++++++++++++++++++- 25-akpm/include/linux/journal-head.h | 5 +++ 2 files changed, 59 insertions(+), 1 deletion(-) diff -puN fs/jbd/transaction.c~jbd-journal-overflow-fix fs/jbd/transaction.c --- 25/fs/jbd/transaction.c~jbd-journal-overflow-fix 2005-01-22 18:14:17.098267328 -0800 +++ 25-akpm/fs/jbd/transaction.c 2005-01-22 18:14:17.106266112 -0800 @@ -609,6 +609,10 @@ repeat: handle->h_buffer_credits--; if (credits) (*credits)++; + + /* the block's becoming member of the trasaction -bzzz */ + jh->b_tcount = 0; + goto done; } @@ -693,6 +697,9 @@ repeat: if (credits) (*credits)++; + /* the block's becoming member of the trasaction -bzzz */ + jh->b_tcount = 0; + /* * Finally, if the buffer is not journaled right now, we need to make * sure it doesn't get written to disk before the caller actually @@ -722,6 +729,11 @@ done: memcpy(jh->b_frozen_data, source+offset, jh2bh(jh)->b_size); kunmap_atomic(source, KM_USER0); } + + /* track all references to the block to be able to recognize the + * situation when the buffer is not part of transaction -bzzz */ + jh->b_tcount++; + jbd_unlock_bh_state(bh); /* @@ -821,11 +833,20 @@ int journal_get_create_access(handle_t * jh->b_transaction = transaction; JBUFFER_TRACE(jh, "file as BJ_Reserved"); __journal_file_buffer(jh, transaction, BJ_Reserved); + jh->b_tcount = 0; } else if (jh->b_transaction == journal->j_committing_transaction) { JBUFFER_TRACE(jh, "set next transaction"); jh->b_next_transaction = transaction; + jh->b_tcount = 0; } spin_unlock(&journal->j_list_lock); + + /* + * track all reference to the block to be able to recognize + * the situation when the buffer is not part of transaction -bzzz + */ + jh->b_tcount++; + jbd_unlock_bh_state(bh); /* @@ -1177,8 +1198,40 @@ out: void journal_release_buffer(handle_t *handle, struct buffer_head *bh, int credits) { + journal_t *journal = handle->h_transaction->t_journal; + struct journal_head *jh = bh2jh(bh); + BUFFER_TRACE(bh, "entry"); - handle->h_buffer_credits += credits; + + /* return credit back to the handle if it was really spent */ + if (credits) + handle->h_buffer_credits++; + + jbd_lock_bh_state(bh); + J_ASSERT(jh->b_tcount > 0); + + jh->b_tcount--; + if (jh->b_tcount == 0) { + /* we can drop it from the transaction -bzzz */ + J_ASSERT(jh->b_transaction == handle->h_transaction || + jh->b_next_transaction == handle->h_transaction); + if (jh->b_transaction == handle->h_transaction) { + spin_lock(&journal->j_list_lock); + __journal_unfile_buffer(jh); + spin_unlock(&journal->j_list_lock); + } else if(jh->b_next_transaction) { + jh->b_next_transaction = NULL; + } + + /* + * this was last reference to the block from the current + * transaction and we'd like to return credit to the + * whole transaction -bzzz + */ + if (!credits) + handle->h_buffer_credits++; + } + jbd_unlock_bh_state(bh); } /** diff -puN include/linux/journal-head.h~jbd-journal-overflow-fix include/linux/journal-head.h --- 25/include/linux/journal-head.h~jbd-journal-overflow-fix 2005-01-22 18:14:17.099267176 -0800 +++ 25-akpm/include/linux/journal-head.h 2005-01-22 18:14:17.103266568 -0800 @@ -80,6 +80,11 @@ struct journal_head { * [j_list_lock] */ struct journal_head *b_cpnext, *b_cpprev; + + /* + * counter to track users of the buffer in current transaction + */ + int b_tcount; }; #endif /* JOURNAL_HEAD_H_INCLUDED */ _