From nobody Mon Jun 15 20:33:15 2026 Received: from mail-dl1-f51.google.com (mail-dl1-f51.google.com [74.125.82.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 02DC63B9D8B for ; Mon, 13 Apr 2026 18:08:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776103714; cv=none; b=AYQWYOdpusH5TMNu1HVaqMJYaVEYa4UkbSdFGJE2EA76FZEF+R3AkRNd8P6fgUInV6pyspvBvA9hKoXU/Sd6KLsGW+/BotAdJyTZ0d+XwfjxTGjRNQMGFqXEBQHkNynQ455Ws7OLRXow8S4Yb6Uc1v871azcI6OwIEzbrOdkmDM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776103714; c=relaxed/simple; bh=PDvNSG3AeyzwcNNjTZ3UBK6bWsDy9nTGCF8ZugYhKTQ=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=eWO7URtKJc89tz3JH5tRrUTsRxjh6IcgHhaAiAr9aM2Br7LL7cd6kfZDrWcVJeguuBuuDatwsB/+y9Xoqnm+nykbb0c8p0fQqV5VNAAHv8J26HUhPFwJ+1uOQUGzx9Td1fXWJPeQcPWPp701IWaG74ML9vRYmTAIol3rlc5PMRw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=mQXPoQis; arc=none smtp.client-ip=74.125.82.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="mQXPoQis" Received: by mail-dl1-f51.google.com with SMTP id a92af1059eb24-12c42a23c8eso2390763c88.1 for ; Mon, 13 Apr 2026 11:08:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776103712; x=1776708512; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=b+uS5QHNkQJbtQuGTQaxTCJ42LhmMw1oPV48ehypgMg=; b=mQXPoQisPsisIeY5UxFTxN2Z4LW8JfGkGcTCdbXvhI7rutyBv9o/l8WerebIkM9krY PhBp2aC2gC0lTuhkXRw5zIV2S+2q+WEqihUkxZKpAuYAgavK9ehdfZvGJn6R8S9xyiwu l85313IhjO7RwWWI74ByvbagBSnto7M11zxVwF6d8fKNpo0NK0MYiwpX2A+XbrqAmJeT sfwdH9LdXlBSZvB5K11NQygnm1IOc6s0DaeCk//N+EafO2hTx9y//IDfjrjiR32B92Qt JHX22aje3e9P9Qb9y1/IpVgd5zpkS1fPYMkZt98XjRrkO345RMskHiJrwm07LcVe3gfj RPjw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776103712; x=1776708512; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=b+uS5QHNkQJbtQuGTQaxTCJ42LhmMw1oPV48ehypgMg=; b=GJvdo3kcjBHr1j+sDR695LTCbwVwSc+Rbeg0smUhwkWuXjddQEZPKXL1qburc/d+p+ Vt/e5cHfkkT53vElegj6184nFYdHOfHURQiga8tTVS4WjjXPo0RHxPLV8oXK3tiIo06U j52I9WWpib0srTHCDeNLRD3Lk03FDSY8QmuQJtEd/uEQETtkMubqYV2pDQKCmBzMNL+O RxAcXDpIyX/YjKLF0N3/xx44spGoDiHtirImC1rj9b1200G1mGBlUwJClHF7fDk90KWn N4YhUuY7QB8c7jVFvPt7GfZV7qxV8IiYYRcs7gviG5IgX7Qd0REkqMkQgKn4+VCe++Qh dExg== X-Gm-Message-State: AOJu0YyfAvnffRHR5RUkezxWxlwa9vLfMAog5dUpPVDPpOPBSrCmA0Cz EukOWt4Lpwraedjsmz7j4TJMoNKaZpOn1QzQgOmUVT4mkudpZ4tgLpF1 X-Gm-Gg: AeBDietsxpUqiPVOyYgr0/Ly1ZbomyyW1QRfGoVc17xjtPy4RrXSJY8Ebg/kPyra7TZ Ml4VJc8orldMHHTbR7Fd2ckJd2/Ajyj8eL1PA+aACvctSmpIGScrabJ94vAAb7X6hnE3JdQmpGp ovNBDZ530HrG61MvUT/O20wWUhHkkadx4AGMED3yoz0AK4fB6cBEDvYbA9Ox3fCCBoQR3Q0pJbp lTYd5H7cQZIUuYy9ajjJj6DqqvKDlf1wAva47y49Y6vV64L2KgpVvOGgNjSRKsGMmvwRH5z6pnA Ana2J2j5QAz4muHWK/KuGtdaFc06xeJ7CBUyY+nFJ/AGJJG6SzDNzNuB358FjIjrD8T+YXoN52H hQ/JjncC8zzo5spO81T5ywQ15BFpDfOKx+sFv6/qXACb51wdbeJvc68O7SsIFA9md6I65Nt68nj R/6M/g1wQ7/X0ccFhfcKbiGa0Io2WFNngNvBdz9TKGLxi+NHM3Ui0oyvf0RjLt5YyEKw4hBlkqd zFuHEsUUQT+nkU+Lc9FplK0X99z33UQNCYwJYUmyLsAyYonuU78yGr4TTU+p+s9s5DoJ6P4iQCe UgPMFubN55DQuwJ4klHrauA1zDMGvUtpd05Af10= X-Received: by 2002:a05:7022:f92:b0:128:bae0:e043 with SMTP id a92af1059eb24-12c34f14057mr8333267c88.31.1776103711937; Mon, 13 Apr 2026 11:08:31 -0700 (PDT) Received: from arch.lan (c-98-51-119-100.hsd1.ca.comcast.net. [98.51.119.100]) by smtp.gmail.com with ESMTPSA id a92af1059eb24-12c346fb141sm14860956c88.12.2026.04.13.11.08.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 Apr 2026 11:08:31 -0700 (PDT) From: Milos Nikic To: jack@suse.cz, tytso@mit.edu, linux-ext4@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Milos Nikic Subject: [PATCH] jbd2: validate transaction state before dropping from journal Date: Mon, 13 Apr 2026 11:08:24 -0700 Message-ID: <20260413180824.126739-1-nikic.milos@gmail.com> X-Mailer: git-send-email 2.53.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Currently, __jbd2_journal_drop_transaction() unlinks the transaction from the journal's checkpoint lists and only then proceeds to validate the transaction's internal state using a series of J_ASSERTs. There is no need to 'mutate before validate'. If we are going to halt the system that makes manipulating corrupted pointers in memory irrelevant. Move the state validation block above the pointer manipulation. This ensures the transaction is entirely valid before modifying the journal's internal lists, modernizing the function's logic and paving the way for future graceful degradation of these assertions. Signed-off-by: Milos Nikic --- fs/jbd2/checkpoint.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/fs/jbd2/checkpoint.c b/fs/jbd2/checkpoint.c index 1508e2f54462..c82b6bedd27b 100644 --- a/fs/jbd2/checkpoint.c +++ b/fs/jbd2/checkpoint.c @@ -703,6 +703,15 @@ void __jbd2_journal_drop_transaction(journal_t *journa= l, transaction_t *transact { assert_spin_locked(&journal->j_list_lock); =20 + J_ASSERT(transaction->t_state =3D=3D T_FINISHED); + J_ASSERT(transaction->t_buffers =3D=3D NULL); + J_ASSERT(transaction->t_forget =3D=3D NULL); + J_ASSERT(transaction->t_shadow_list =3D=3D NULL); + J_ASSERT(transaction->t_checkpoint_list =3D=3D NULL); + J_ASSERT(atomic_read(&transaction->t_updates) =3D=3D 0); + J_ASSERT(journal->j_committing_transaction !=3D transaction); + J_ASSERT(journal->j_running_transaction !=3D transaction); + journal->j_shrink_transaction =3D NULL; if (transaction->t_cpnext) { transaction->t_cpnext->t_cpprev =3D transaction->t_cpprev; @@ -714,15 +723,6 @@ void __jbd2_journal_drop_transaction(journal_t *journa= l, transaction_t *transact journal->j_checkpoint_transactions =3D NULL; } =20 - J_ASSERT(transaction->t_state =3D=3D T_FINISHED); - J_ASSERT(transaction->t_buffers =3D=3D NULL); - J_ASSERT(transaction->t_forget =3D=3D NULL); - J_ASSERT(transaction->t_shadow_list =3D=3D NULL); - J_ASSERT(transaction->t_checkpoint_list =3D=3D NULL); - J_ASSERT(atomic_read(&transaction->t_updates) =3D=3D 0); - J_ASSERT(journal->j_committing_transaction !=3D transaction); - J_ASSERT(journal->j_running_transaction !=3D transaction); - trace_jbd2_drop_transaction(journal, transaction); =20 jbd2_debug(1, "Dropping transaction %d, all done\n", transaction->t_tid); --=20 2.53.0