ext4: fix a BUG_ON crash by checking that page has buffers attached to it

(cherry picked from commit 1f94533d9cd75f6d2826018d54a971b9cc085992)

In ext4_num_dirty_pages() we were calling page_buffers() before
checking to see if the page actually had pages attached to it; this
would cause a BUG check crash in the inline function page_buffers().

Thanks to Markus Trippelsdorf for reporting this bug.

Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 30b1f3bf818ec685bba49bf3a4db50dc66f4525c..aac46d0000af022d70ab5c095aa6a3a618c2d910 100644 (file)
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -1147,8 +1147,8 @@ static int check_block_validity(struct inode *inode, const char *msg,
 }
 
 /*
- * Return the number of dirty pages in the given inode starting at
- * page frame idx.
+ * Return the number of contiguous dirty pages in a given inode
+ * starting at page frame idx.
  */
 static pgoff_t ext4_num_dirty_pages(struct inode *inode, pgoff_t idx,
                                    unsigned int max_pages)
@@ -1182,15 +1182,15 @@ static pgoff_t ext4_num_dirty_pages(struct inode *inode, pgoff_t idx,
                                unlock_page(page);
                                break;
                        }
-                       head = page_buffers(page);
-                       bh = head;
-                       do {
-                               if (!buffer_delay(bh) &&
-                                   !buffer_unwritten(bh)) {
-                                       done = 1;
-                                       break;
-                               }
-                       } while ((bh = bh->b_this_page) != head);
+                       if (page_has_buffers(page)) {
+                               bh = head = page_buffers(page);
+                               do {
+                                       if (!buffer_delay(bh) &&
+                                           !buffer_unwritten(bh))
+                                               done = 1;
+                                       bh = bh->b_this_page;
+                               } while (!done && (bh != head));
+                       }
                        unlock_page(page);
                        if (done)
                                break;