From: Boris Burkov <boris@bur.io>
To: linux-btrfs@vger.kernel.org, kernel-team@fb.com
Subject: [PATCH v5 4/5] btrfs: fix crash with non-zero pre in btrfs_split_ordered_extent
Date: Wed, 22 Mar 2023 12:11:51 -0700 [thread overview]
Message-ID: <b8c66eeedfcea2c068befcd40de6a95cf5d64d7b.1679512207.git.boris@bur.io> (raw)
In-Reply-To: <cover.1679512207.git.boris@bur.io>
if pre != 0 in btrfs_split_ordered_extent, then we do the following:
1. remove ordered (at file_offset) from the rb tree
2. modify file_offset+=pre
3. re-insert ordered
4. clone an ordered extent at offset 0 length pre from ordered.
5. clone an ordered extent for the post range, if necessary.
step 4 is not correct, as at this point, the start of ordered is already
the end of the desired new pre extent. Further this causes a panic when
btrfs_alloc_ordered_extent sees that the node (from the modified and
re-inserted ordered) is already present at file_offset + 0 = file_offset.
We can fix this by either using a negative offset, or by moving the
clone of the pre extent to after we remove the original one, but before
we modify and re-insert it. The former feels quite kludgy, as we are
"cloning" from outside the range of the ordered extent, so opt for the
latter, which does have some locking annoyances.
Signed-off-by: Boris Burkov <boris@bur.io>
---
fs/btrfs/ordered-data.c | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/fs/btrfs/ordered-data.c b/fs/btrfs/ordered-data.c
index 4bebebb9b434..d14a3fe1a113 100644
--- a/fs/btrfs/ordered-data.c
+++ b/fs/btrfs/ordered-data.c
@@ -1161,6 +1161,17 @@ int btrfs_split_ordered_extent(struct btrfs_ordered_extent *ordered,
if (tree->last == node)
tree->last = NULL;
+ if (pre) {
+ spin_unlock_irq(&tree->lock);
+ oe = clone_ordered_extent(ordered, 0, pre);
+ ret = IS_ERR(oe) ? PTR_ERR(oe) : 0;
+ if (!ret && ret_pre)
+ *ret_pre = oe;
+ if (ret)
+ goto out;
+ spin_lock_irq(&tree->lock);
+ }
+
ordered->file_offset += pre;
ordered->disk_bytenr += pre;
ordered->num_bytes -= (pre + post);
@@ -1176,18 +1187,13 @@ int btrfs_split_ordered_extent(struct btrfs_ordered_extent *ordered,
spin_unlock_irq(&tree->lock);
- if (pre) {
- oe = clone_ordered_extent(ordered, 0, pre);
- ret = IS_ERR(oe) ? PTR_ERR(oe) : 0;
- if (!ret && ret_pre)
- *ret_pre = oe;
- }
- if (!ret && post) {
+ if (post) {
oe = clone_ordered_extent(ordered, pre + ordered->disk_num_bytes, post);
ret = IS_ERR(oe) ? PTR_ERR(oe) : 0;
if (!ret && ret_post)
*ret_post = oe;
}
+out:
return ret;
}
--
2.38.1
next prev parent reply other threads:[~2023-03-22 19:12 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-22 19:11 [PATCH v5 0/5] btrfs: fix corruption caused by partial dio writes Boris Burkov
2023-03-22 19:11 ` [PATCH v5 1/5] btrfs: add function to create and return an ordered extent Boris Burkov
2023-03-22 19:11 ` [PATCH v5 2/5] btrfs: stash ordered extent in dio_data during iomap dio Boris Burkov
2023-03-22 19:11 ` [PATCH v5 3/5] btrfs: return ordered_extent splits from bio extraction Boris Burkov
2023-03-23 8:47 ` Christoph Hellwig
2023-03-23 16:15 ` Boris Burkov
2023-03-23 17:00 ` Boris Burkov
2023-03-23 17:45 ` Boris Burkov
2023-03-23 21:29 ` Christoph Hellwig
2023-03-23 22:43 ` Boris Burkov
2023-03-24 0:24 ` Christoph Hellwig
2023-03-22 19:11 ` Boris Burkov [this message]
2023-03-23 8:36 ` [PATCH v5 4/5] btrfs: fix crash with non-zero pre in btrfs_split_ordered_extent Naohiro Aota
2023-03-23 16:22 ` Boris Burkov
2023-03-22 19:11 ` [PATCH v5 5/5] btrfs: split partial dio bios before submit Boris Burkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b8c66eeedfcea2c068befcd40de6a95cf5d64d7b.1679512207.git.boris@bur.io \
--to=boris@bur.io \
--cc=kernel-team@fb.com \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.