From: David Sterba <dsterba@suse.cz>
To: Qu Wenruo <wqu@suse.com>
Cc: linux-btrfs@vger.kernel.org
Subject: Re: [PATCH v2 0/2] btrfs: remove the inode_need_compress() call in
Date: Mon, 19 Apr 2021 21:34:18 +0200 [thread overview]
Message-ID: <20210419193418.GU7604@twin.jikos.cz> (raw)
In-Reply-To: <20200804072548.34001-1-wqu@suse.com>
On Tue, Aug 04, 2020 at 03:25:46PM +0800, Qu Wenruo wrote:
> This is an attempt to remove the inode_need_compress() call in
> compress_file_extent().
>
> As that compress_file_extent() can race with inode ioctl or bad
> compression ratio, to cause NULL pointer dereferecen for @pages, it's
> nature to try to remove that inode_need_compress() to remove the race
> completely.
>
> However that's not that easy, we have the following problems:
>
> - We still need to check @pages anyway
> That @pages check is for kcalloc() failure, so what we really get is
> just removing one indent from the if (inode_need_compress()).
> Everything else is still the same (in fact, even worse, see below
> problems)
>
> - Behavior change
> Before that change, every async_chunk does their check on
> INODE_NO_COMPRESS flags.
> If we hit any bad compression ratio, all incoming async_chunk will
> fall back to plain text write.
>
> But if we remove that inode_need_compress() check, then we still try
> to compress, and lead to potentially wasted CPU times.
>
> - Still race between compression disable and NULL pointer dereferecen
> There is a hidden race, mostly exposed by btrfs/071 test case, that we
> have "compress_type = fs_info->compress_type", so we can still hit case
> where that compress_type is NONE (caused by remount -o nocompress), and
> then btrfs_compress_pages() will return -E2BIG, without modifying
> @nr_pages
>
> Then later when we cleanup @pages, we try to access pages[i]->mapping,
> triggering NULL pointer dereference.
>
> This will be address in the first patch though.
>
> Changelog:
> v2:
> - Fix a bad commit merge
> Which merges the commit message for the first patch, though the content is
> still correct.
>
> Qu Wenruo (2):
> btrfs: prevent NULL pointer dereference in compress_file_range() when
> btrfs_compress_pages() hits default case
Patch 1 added to misc-next, due to this bug report
https://bugzilla.kernel.org/show_bug.cgi?id=212331
prev parent reply other threads:[~2021-04-19 19:36 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-04 7:25 [PATCH v2 0/2] btrfs: remove the inode_need_compress() call in Qu Wenruo
2020-08-04 7:25 ` [PATCH v2 1/2] btrfs: prevent NULL pointer dereference in compress_file_range() when btrfs_compress_pages() hits default case Qu Wenruo
2020-08-11 18:57 ` Josef Bacik
2021-03-09 1:02 ` Su Yue
2020-08-04 7:25 ` [PATCH v2 2/2] btrfs: inode: don't re-evaluate inode_need_compress() in compress_file_extent() Qu Wenruo
2020-08-11 18:59 ` Josef Bacik
2020-08-31 21:25 ` [PATCH v2 0/2] btrfs: remove the inode_need_compress() call in David Sterba
2021-04-19 19:34 ` David Sterba [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210419193418.GU7604@twin.jikos.cz \
--to=dsterba@suse.cz \
--cc=linux-btrfs@vger.kernel.org \
--cc=wqu@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.