[PATCH] Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve
@ 2019-01-14  3:15 robbieko
  2019-03-25 10:21 ` robbieko
  2019-03-25 11:14 ` Filipe Manana
  0 siblings, 2 replies; 4+ messages in thread
From: robbieko @ 2019-01-14  3:15 UTC (permalink / raw)
  To: linux-btrfs; +Cc: Robbie Ko

From: Robbie Ko <robbieko@synology.com>

When doing fallocate, we first add the range to the reserve_list
and then reserve the qutoa.
If quota reservation fails, we'll release all reserved parts of
reserve_list.
However, cur_offset doen't update to indicate that this range is
already been inserted into the list.
Therefore, the same range is freed twice.
One at list_for_each_entry loop, and the other at the end of the
function.
This will result in WARN_ON on bytes_may_use when we free the
remaining space.

Fixes: ("btrfs: update btrfs_space_info's bytes_may_use timely")
Signed-off-by: Robbie Ko <robbieko@synology.com>
---
 fs/btrfs/file.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c
index d38dc8c..43c6c8a 100644
--- a/fs/btrfs/file.c
+++ b/fs/btrfs/file.c
@@ -3132,6 +3132,7 @@ static long btrfs_fallocate(struct file *file, int mode,
 			ret = btrfs_qgroup_reserve_data(inode, &data_reserved,
 					cur_offset, last_byte - cur_offset);
 			if (ret < 0) {
+				cur_offset = last_byte;
 				free_extent_map(em);
 				break;
 			}
-- 
1.9.1

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve
  2019-01-14  3:15 [PATCH] Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve robbieko
@ 2019-03-25 10:21 ` robbieko
  2019-03-25 11:14 ` Filipe Manana
  1 sibling, 0 replies; 4+ messages in thread
From: robbieko @ 2019-03-25 10:21 UTC (permalink / raw)
  To: linux-btrfs

Hi All,
Can someone help review the patch ?
Thanks.

robbieko 於 2019-01-14 11:15 寫到:
> From: Robbie Ko <robbieko@synology.com>
> 
> When doing fallocate, we first add the range to the reserve_list
> and then reserve the qutoa.
> If quota reservation fails, we'll release all reserved parts of
> reserve_list.
> However, cur_offset doen't update to indicate that this range is
> already been inserted into the list.
> Therefore, the same range is freed twice.
> One at list_for_each_entry loop, and the other at the end of the
> function.
> This will result in WARN_ON on bytes_may_use when we free the
> remaining space.
> 
> Fixes: ("btrfs: update btrfs_space_info's bytes_may_use timely")
> Signed-off-by: Robbie Ko <robbieko@synology.com>
> ---
>  fs/btrfs/file.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c
> index d38dc8c..43c6c8a 100644
> --- a/fs/btrfs/file.c
> +++ b/fs/btrfs/file.c
> @@ -3132,6 +3132,7 @@ static long btrfs_fallocate(struct file *file, 
> int mode,
>  			ret = btrfs_qgroup_reserve_data(inode, &data_reserved,
>  					cur_offset, last_byte - cur_offset);
>  			if (ret < 0) {
> +				cur_offset = last_byte;
>  				free_extent_map(em);
>  				break;
>  			}




^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve
  2019-01-14  3:15 [PATCH] Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve robbieko
  2019-03-25 10:21 ` robbieko
@ 2019-03-25 11:14 ` Filipe Manana
  2019-03-26  3:50   ` robbieko
  1 sibling, 1 reply; 4+ messages in thread
From: Filipe Manana @ 2019-03-25 11:14 UTC (permalink / raw)
  To: robbieko; +Cc: linux-btrfs

On Mon, Jan 14, 2019 at 3:26 AM robbieko <robbieko@synology.com> wrote:
>
> From: Robbie Ko <robbieko@synology.com>
>
> When doing fallocate, we first add the range to the reserve_list
> and then reserve the qutoa.

qutoa -> quota

> If quota reservation fails, we'll release all reserved parts of
> reserve_list.
> However, cur_offset doen't update to indicate that this range is

"doen't update" -> is not updated to indicate ...

> already been inserted into the list.
> Therefore, the same range is freed twice.
> One at list_for_each_entry loop, and the other at the end of the

One -> once
and the other at -> and once at

> function.
> This will result in WARN_ON on bytes_may_use when we free the
> remaining space.
>
> Fixes: ("btrfs: update btrfs_space_info's bytes_may_use timely")

Missing commit id.

> Signed-off-by: Robbie Ko <robbieko@synology.com>
> ---
>  fs/btrfs/file.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c
> index d38dc8c..43c6c8a 100644
> --- a/fs/btrfs/file.c
> +++ b/fs/btrfs/file.c
> @@ -3132,6 +3132,7 @@ static long btrfs_fallocate(struct file *file, int mode,
>                         ret = btrfs_qgroup_reserve_data(inode, &data_reserved,
>                                         cur_offset, last_byte - cur_offset);
>                         if (ret < 0) {
> +                               cur_offset = last_byte;

This will fix the problem if there's only one range, or we happen to
be very lucky and cur_offset
matches exactly the middle of the entire range passed to fallocate()
(in case the range covers
a sparse region of the file, a region with holes and extents).

At the end, under the 'out' label we have a call to:

   btrfs_free_reserved_data_space(inode, data_reserved, alloc_start,
alloc_end - cur_offset);

That doesn't fell right - the start offset, third argument, should be
cur_offset. Everything from
alloc_start to cur_offset was freed by the list_for_each_entry_safe_loop.





>                                 free_extent_map(em);
>                                 break;
>                         }
> --
> 1.9.1
>


-- 
Filipe David Manana,

“Whether you think you can, or you think you can't — you're right.”

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve
  2019-03-25 11:14 ` Filipe Manana
@ 2019-03-26  3:50   ` robbieko
  0 siblings, 0 replies; 4+ messages in thread
From: robbieko @ 2019-03-26  3:50 UTC (permalink / raw)
  To: fdmanana; +Cc: linux-btrfs

Filipe Manana 於 2019-03-25 19:14 寫到:
> On Mon, Jan 14, 2019 at 3:26 AM robbieko <robbieko@synology.com> wrote:
>> 
>> From: Robbie Ko <robbieko@synology.com>
>> 
>> When doing fallocate, we first add the range to the reserve_list
>> and then reserve the qutoa.
> 
> qutoa -> quota
> 
>> If quota reservation fails, we'll release all reserved parts of
>> reserve_list.
>> However, cur_offset doen't update to indicate that this range is
> 
> "doen't update" -> is not updated to indicate ...
> 
>> already been inserted into the list.
>> Therefore, the same range is freed twice.
>> One at list_for_each_entry loop, and the other at the end of the
> 
> One -> once
> and the other at -> and once at
> 
>> function.
>> This will result in WARN_ON on bytes_may_use when we free the
>> remaining space.
>> 
>> Fixes: ("btrfs: update btrfs_space_info's bytes_may_use timely")
> 
> Missing commit id.
> 
>> Signed-off-by: Robbie Ko <robbieko@synology.com>
>> ---
>>  fs/btrfs/file.c | 1 +
>>  1 file changed, 1 insertion(+)
>> 
>> diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c
>> index d38dc8c..43c6c8a 100644
>> --- a/fs/btrfs/file.c
>> +++ b/fs/btrfs/file.c
>> @@ -3132,6 +3132,7 @@ static long btrfs_fallocate(struct file *file, 
>> int mode,
>>                         ret = btrfs_qgroup_reserve_data(inode, 
>> &data_reserved,
>>                                         cur_offset, last_byte - 
>> cur_offset);
>>                         if (ret < 0) {
>> +                               cur_offset = last_byte;
> 
> This will fix the problem if there's only one range, or we happen to
> be very lucky and cur_offset
> matches exactly the middle of the entire range passed to fallocate()
> (in case the range covers
> a sparse region of the file, a region with holes and extents).
> 
> At the end, under the 'out' label we have a call to:
> 
>    btrfs_free_reserved_data_space(inode, data_reserved, alloc_start,
> alloc_end - cur_offset);
> 
> That doesn't fell right - the start offset, third argument, should be
> cur_offset. Everything from
> alloc_start to cur_offset was freed by the 
> list_for_each_entry_safe_loop.

Ok, I will send patch v2.
Thank you.
> 
> 
> 
> 
> 
>>                                 free_extent_map(em);
>>                                 break;
>>                         }
>> --
>> 1.9.1
>> 


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2019-03-26  3:50 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-14  3:15 [PATCH] Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve robbieko
2019-03-25 10:21 ` robbieko
2019-03-25 11:14 ` Filipe Manana
2019-03-26  3:50   ` robbieko

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.