* [PATCH] Btrfs: bail out gracefully rather than BUG_ON
@ 2017-10-30 17:14 Liu Bo
2017-10-30 18:25 ` Liu Bo
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Liu Bo @ 2017-10-30 17:14 UTC (permalink / raw)
To: linux-btrfs
If a file's DIR_ITEM key is invalid (due to memory errors) and gets
written to disk, a future lookup_path can end up with kernel panic due
to BUG_ON().
This gets rid of the BUG_ON(), meanwhile output the corrupted key and
return ENOENT if it's invalid.
Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
---
The diff doesn't show the logic well, 'goto out_err' will return with
assigning 0 to location->objectid, and the caller already has a check
for (location->objectid == 0) to return -ENOENT.
fs/btrfs/inode.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index d94e3f6..916cdc9 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -5500,6 +5500,14 @@ static int btrfs_inode_by_name(struct inode *dir, struct dentry *dentry,
goto out_err;
btrfs_dir_item_key_to_cpu(path->nodes[0], di, location);
+ if (location->type != BTRFS_INODE_ITEM_KEY &&
+ location->type != BTRFS_ROOT_ITEM_KEY) {
+ btrfs_warn(root->fs_info,
+ "%s gets something invalid in DIR_ITEM (name %s, directory ino %llu, location(%llu %u %llu))",
+ __func__, name, btrfs_ino(BTRFS_I(dir)),
+ location->objectid, location->type, location->offset);
+ goto out_err;
+ }
out:
btrfs_free_path(path);
return ret;
@@ -5816,8 +5824,6 @@ struct inode *btrfs_lookup_dentry(struct inode *dir, struct dentry *dentry)
return inode;
}
- BUG_ON(location.type != BTRFS_ROOT_ITEM_KEY);
-
index = srcu_read_lock(&fs_info->subvol_srcu);
ret = fixup_tree_root_location(fs_info, dir, dentry,
&location, &sub_root);
--
2.9.4
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] Btrfs: bail out gracefully rather than BUG_ON
2017-10-30 17:14 [PATCH] Btrfs: bail out gracefully rather than BUG_ON Liu Bo
@ 2017-10-30 18:25 ` Liu Bo
2017-10-31 20:23 ` Nikolay Borisov
2017-11-13 17:19 ` David Sterba
2 siblings, 0 replies; 6+ messages in thread
From: Liu Bo @ 2017-10-30 18:25 UTC (permalink / raw)
To: linux-btrfs
On Mon, Oct 30, 2017 at 11:14:38AM -0600, Liu Bo wrote:
> If a file's DIR_ITEM key is invalid (due to memory errors) and gets
> written to disk, a future lookup_path can end up with kernel panic due
> to BUG_ON().
>
> This gets rid of the BUG_ON(), meanwhile output the corrupted key and
> return ENOENT if it's invalid.
>
The kernel panic is originally
Reported-by: Guillaume Bouchard <bouchard@mercs-eng.com>
Thanks,
-liubo
> Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
> ---
> The diff doesn't show the logic well, 'goto out_err' will return with
> assigning 0 to location->objectid, and the caller already has a check
> for (location->objectid == 0) to return -ENOENT.
>
> fs/btrfs/inode.c | 10 ++++++++--
> 1 file changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
> index d94e3f6..916cdc9 100644
> --- a/fs/btrfs/inode.c
> +++ b/fs/btrfs/inode.c
> @@ -5500,6 +5500,14 @@ static int btrfs_inode_by_name(struct inode *dir, struct dentry *dentry,
> goto out_err;
>
> btrfs_dir_item_key_to_cpu(path->nodes[0], di, location);
> + if (location->type != BTRFS_INODE_ITEM_KEY &&
> + location->type != BTRFS_ROOT_ITEM_KEY) {
> + btrfs_warn(root->fs_info,
> + "%s gets something invalid in DIR_ITEM (name %s, directory ino %llu, location(%llu %u %llu))",
> + __func__, name, btrfs_ino(BTRFS_I(dir)),
> + location->objectid, location->type, location->offset);
> + goto out_err;
> + }
> out:
> btrfs_free_path(path);
> return ret;
> @@ -5816,8 +5824,6 @@ struct inode *btrfs_lookup_dentry(struct inode *dir, struct dentry *dentry)
> return inode;
> }
>
> - BUG_ON(location.type != BTRFS_ROOT_ITEM_KEY);
> -
> index = srcu_read_lock(&fs_info->subvol_srcu);
> ret = fixup_tree_root_location(fs_info, dir, dentry,
> &location, &sub_root);
> --
> 2.9.4
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] Btrfs: bail out gracefully rather than BUG_ON
2017-10-30 17:14 [PATCH] Btrfs: bail out gracefully rather than BUG_ON Liu Bo
2017-10-30 18:25 ` Liu Bo
@ 2017-10-31 20:23 ` Nikolay Borisov
2017-10-31 21:51 ` Liu Bo
2017-11-13 17:19 ` David Sterba
2 siblings, 1 reply; 6+ messages in thread
From: Nikolay Borisov @ 2017-10-31 20:23 UTC (permalink / raw)
To: Liu Bo, linux-btrfs
On 30.10.2017 19:14, Liu Bo wrote:
> If a file's DIR_ITEM key is invalid (due to memory errors) and gets
> written to disk, a future lookup_path can end up with kernel panic due
> to BUG_ON().
>
> This gets rid of the BUG_ON(), meanwhile output the corrupted key and
> return ENOENT if it's invalid.
>
> Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
> ---
> The diff doesn't show the logic well, 'goto out_err' will return with
> assigning 0 to location->objectid, and the caller already has a check
> for (location->objectid == 0) to return -ENOENT.
>
> fs/btrfs/inode.c | 10 ++++++++--
> 1 file changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
> index d94e3f6..916cdc9 100644
> --- a/fs/btrfs/inode.c
> +++ b/fs/btrfs/inode.c
> @@ -5500,6 +5500,14 @@ static int btrfs_inode_by_name(struct inode *dir, struct dentry *dentry,
> goto out_err;
>
> btrfs_dir_item_key_to_cpu(path->nodes[0], di, location);
> + if (location->type != BTRFS_INODE_ITEM_KEY &&
> + location->type != BTRFS_ROOT_ITEM_KEY) {
> + btrfs_warn(root->fs_info,
> + "%s gets something invalid in DIR_ITEM (name %s, directory ino %llu, location(%llu %u %llu))",
> + __func__, name, btrfs_ino(BTRFS_I(dir)),
> + location->objectid, location->type, location->offset);
> + goto out_err;
If this situation happens it's possible that ret is still 0 so the error
handling in btrfs_lookup_dentry might not trigger. How about just
setting -EUCLEAN if we execute the if branch?
> + }
> out:
> btrfs_free_path(path);
> return ret;
> @@ -5816,8 +5824,6 @@ struct inode *btrfs_lookup_dentry(struct inode *dir, struct dentry *dentry)
> return inode;
> }
>
> - BUG_ON(location.type != BTRFS_ROOT_ITEM_KEY);
> -
> index = srcu_read_lock(&fs_info->subvol_srcu);
> ret = fixup_tree_root_location(fs_info, dir, dentry,
> &location, &sub_root);
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] Btrfs: bail out gracefully rather than BUG_ON
2017-10-31 20:23 ` Nikolay Borisov
@ 2017-10-31 21:51 ` Liu Bo
2017-11-01 6:20 ` Nikolay Borisov
0 siblings, 1 reply; 6+ messages in thread
From: Liu Bo @ 2017-10-31 21:51 UTC (permalink / raw)
To: Nikolay Borisov; +Cc: linux-btrfs
On Tue, Oct 31, 2017 at 10:23:30PM +0200, Nikolay Borisov wrote:
>
>
> On 30.10.2017 19:14, Liu Bo wrote:
> > If a file's DIR_ITEM key is invalid (due to memory errors) and gets
> > written to disk, a future lookup_path can end up with kernel panic due
> > to BUG_ON().
> >
> > This gets rid of the BUG_ON(), meanwhile output the corrupted key and
> > return ENOENT if it's invalid.
> >
> > Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
> > ---
> > The diff doesn't show the logic well, 'goto out_err' will return with
> > assigning 0 to location->objectid, and the caller already has a check
> > for (location->objectid == 0) to return -ENOENT.
> >
> > fs/btrfs/inode.c | 10 ++++++++--
> > 1 file changed, 8 insertions(+), 2 deletions(-)
> >
> > diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
> > index d94e3f6..916cdc9 100644
> > --- a/fs/btrfs/inode.c
> > +++ b/fs/btrfs/inode.c
> > @@ -5500,6 +5500,14 @@ static int btrfs_inode_by_name(struct inode *dir, struct dentry *dentry,
> > goto out_err;
> >
> > btrfs_dir_item_key_to_cpu(path->nodes[0], di, location);
> > + if (location->type != BTRFS_INODE_ITEM_KEY &&
> > + location->type != BTRFS_ROOT_ITEM_KEY) {
> > + btrfs_warn(root->fs_info,
> > + "%s gets something invalid in DIR_ITEM (name %s, directory ino %llu, location(%llu %u %llu))",
> > + __func__, name, btrfs_ino(BTRFS_I(dir)),
> > + location->objectid, location->type, location->offset);
> > + goto out_err;
>
> If this situation happens it's possible that ret is still 0 so the error
> handling in btrfs_lookup_dentry might not trigger. How about just
> setting -EUCLEAN if we execute the if branch?
>
Thanks for the comment. So it's not going to trigger the (ret < 0)
check, instead it tries to trigger the one following (ret < 0):
if (location.objectid == 0)
return ERR_PTR(-ENOENT);
which is consistent to the case when we didn't find the btrfs_dir_item
(di is NULL, returned by btrfs_lookup_dir_item()).
thanks,
-liubo
> > + }
> > out:
> > btrfs_free_path(path);
> > return ret;
> > @@ -5816,8 +5824,6 @@ struct inode *btrfs_lookup_dentry(struct inode *dir, struct dentry *dentry)
> > return inode;
> > }
> >
> > - BUG_ON(location.type != BTRFS_ROOT_ITEM_KEY);
> > -
> > index = srcu_read_lock(&fs_info->subvol_srcu);
> > ret = fixup_tree_root_location(fs_info, dir, dentry,
> > &location, &sub_root);
> >
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] Btrfs: bail out gracefully rather than BUG_ON
2017-10-31 21:51 ` Liu Bo
@ 2017-11-01 6:20 ` Nikolay Borisov
0 siblings, 0 replies; 6+ messages in thread
From: Nikolay Borisov @ 2017-11-01 6:20 UTC (permalink / raw)
To: bo.li.liu; +Cc: linux-btrfs
On 31.10.2017 23:51, Liu Bo wrote:
> On Tue, Oct 31, 2017 at 10:23:30PM +0200, Nikolay Borisov wrote:
>>
>>
>> On 30.10.2017 19:14, Liu Bo wrote:
>>> If a file's DIR_ITEM key is invalid (due to memory errors) and gets
>>> written to disk, a future lookup_path can end up with kernel panic due
>>> to BUG_ON().
>>>
>>> This gets rid of the BUG_ON(), meanwhile output the corrupted key and
>>> return ENOENT if it's invalid.
>>>
>>> Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
>>> ---
>>> The diff doesn't show the logic well, 'goto out_err' will return with
>>> assigning 0 to location->objectid, and the caller already has a check
>>> for (location->objectid == 0) to return -ENOENT.
>>>
>>> fs/btrfs/inode.c | 10 ++++++++--
>>> 1 file changed, 8 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
>>> index d94e3f6..916cdc9 100644
>>> --- a/fs/btrfs/inode.c
>>> +++ b/fs/btrfs/inode.c
>>> @@ -5500,6 +5500,14 @@ static int btrfs_inode_by_name(struct inode *dir, struct dentry *dentry,
>>> goto out_err;
>>>
>>> btrfs_dir_item_key_to_cpu(path->nodes[0], di, location);
>>> + if (location->type != BTRFS_INODE_ITEM_KEY &&
>>> + location->type != BTRFS_ROOT_ITEM_KEY) {
>>> + btrfs_warn(root->fs_info,
>>> + "%s gets something invalid in DIR_ITEM (name %s, directory ino %llu, location(%llu %u %llu))",
>>> + __func__, name, btrfs_ino(BTRFS_I(dir)),
>>> + location->objectid, location->type, location->offset);
>>> + goto out_err;
>>
>> If this situation happens it's possible that ret is still 0 so the error
>> handling in btrfs_lookup_dentry might not trigger. How about just
>> setting -EUCLEAN if we execute the if branch?
>>
>
> Thanks for the comment. So it's not going to trigger the (ret < 0)
> check, instead it tries to trigger the one following (ret < 0):
>
> if (location.objectid == 0)
> return ERR_PTR(-ENOENT);
>
> which is consistent to the case when we didn't find the btrfs_dir_item
> (di is NULL, returned by btrfs_lookup_dir_item()).
You are correct, i should have read 2 lines down ;)
>
> thanks,
> -liubo
>
>
>>> + }
>>> out:
>>> btrfs_free_path(path);
>>> return ret;
>>> @@ -5816,8 +5824,6 @@ struct inode *btrfs_lookup_dentry(struct inode *dir, struct dentry *dentry)
>>> return inode;
>>> }
>>>
>>> - BUG_ON(location.type != BTRFS_ROOT_ITEM_KEY);
>>> -
>>> index = srcu_read_lock(&fs_info->subvol_srcu);
>>> ret = fixup_tree_root_location(fs_info, dir, dentry,
>>> &location, &sub_root);
>>>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] Btrfs: bail out gracefully rather than BUG_ON
2017-10-30 17:14 [PATCH] Btrfs: bail out gracefully rather than BUG_ON Liu Bo
2017-10-30 18:25 ` Liu Bo
2017-10-31 20:23 ` Nikolay Borisov
@ 2017-11-13 17:19 ` David Sterba
2 siblings, 0 replies; 6+ messages in thread
From: David Sterba @ 2017-11-13 17:19 UTC (permalink / raw)
To: Liu Bo; +Cc: linux-btrfs
On Mon, Oct 30, 2017 at 11:14:38AM -0600, Liu Bo wrote:
> If a file's DIR_ITEM key is invalid (due to memory errors) and gets
> written to disk, a future lookup_path can end up with kernel panic due
> to BUG_ON().
>
> This gets rid of the BUG_ON(), meanwhile output the corrupted key and
> return ENOENT if it's invalid.
>
> Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
> ---
> The diff doesn't show the logic well, 'goto out_err' will return with
> assigning 0 to location->objectid, and the caller already has a check
> for (location->objectid == 0) to return -ENOENT.
Feel free to send a cleanup patch.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2017-11-13 17:21 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-10-30 17:14 [PATCH] Btrfs: bail out gracefully rather than BUG_ON Liu Bo
2017-10-30 18:25 ` Liu Bo
2017-10-31 20:23 ` Nikolay Borisov
2017-10-31 21:51 ` Liu Bo
2017-11-01 6:20 ` Nikolay Borisov
2017-11-13 17:19 ` David Sterba
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.