From: David Sterba <dsterba@suse.cz>
To: Nikolay Borisov <nborisov@suse.com>
Cc: linux-btrfs@vger.kernel.org, wqu@suse.com, fdmanana@suse.com
Subject: Re: [PATCH] btrfs: Handle ENOMEM gracefully in cow_file_range_async
Date: Fri, 25 Jan 2019 16:05:47 +0100 [thread overview]
Message-ID: <20190125150545.GC2900@twin.jikos.cz> (raw)
In-Reply-To: <20190109144303.31847-1-nborisov@suse.com>
On Wed, Jan 09, 2019 at 04:43:03PM +0200, Nikolay Borisov wrote:
> If we run out of memory during delalloc filling in compress case btrfs
> is going to BUG_ON. This is unnecessary since the higher levels code
> (btrfs_run_delalloc_range and its callers) gracefully handle error
> condtions and error out the page being submittede. Let's be a model
> kernel citizen and no panic the machine due to ENOMEM and instead fail
> the IO.
>
> Signed-off-by: Nikolay Borisov <nborisov@suse.com>
> ---
> fs/btrfs/inode.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
> index cde51ace68b5..b4b2d7f8a98b 100644
> --- a/fs/btrfs/inode.c
> +++ b/fs/btrfs/inode.c
> @@ -1197,7 +1197,8 @@ static int cow_file_range_async(struct inode *inode, struct page *locked_page,
> 1, 0, NULL);
> while (start < end) {
> async_cow = kmalloc(sizeof(*async_cow), GFP_NOFS);
> - BUG_ON(!async_cow); /* -ENOMEM */
> + if (!async_cow)
> + return -ENOMEM;
The error handling here is very simple and breaks the usual rule that
all functions must clean up after themselves before returning to the
caller.
This is async submission so it can be expected to do deferred cleanup,
but this cannot be easily seen from the function and should be better
documented.
What happens with the inode reference (igrab), what happens with all
work queued until now, or extent range state bits.
It's true that btrfs_run_delalloc_range does error handling, though it
does that from 4 different types of conditions (nocow, prealloc,
compression and async). I'd really like to see explained that there's
nothing left and cause surprises later. The memory allocation failures
are almost never tested so we have to be sure we understand the error
handling code flow. I can't say I do after reading your changelog and
the correctness proof is left as an exercise.
The error handling was brought by 524272607e882d04 "btrfs: Handle
delalloc error correctly to avoid ordered extent hang", so there's a
remote chance to cause lockups when the state is not cleaned up.
next prev parent reply other threads:[~2019-01-25 15:06 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-09 14:43 [PATCH] btrfs: Handle ENOMEM gracefully in cow_file_range_async Nikolay Borisov
2019-01-09 14:46 ` Johannes Thumshirn
2019-01-23 8:31 ` Nikolay Borisov
2019-01-25 15:05 ` David Sterba [this message]
2019-01-25 16:17 ` Nikolay Borisov
2019-01-25 17:46 ` Filipe Manana
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190125150545.GC2900@twin.jikos.cz \
--to=dsterba@suse.cz \
--cc=fdmanana@suse.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=nborisov@suse.com \
--cc=wqu@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).