]> www.infradead.org Git - users/jedix/linux-maple.git/commit
projects / users / jedix / linux-maple.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 2e5f9d7) | patch
Btrfs: fix list_add corruption and soft lockups in fsync
authorLiu Bo <bo.li.liu@oracle.com>
Thu, 7 Jun 2018 18:41:52 +0000 (11:41 -0700)
committerBrian Maly <brian.maly@oracle.com>
Tue, 28 Aug 2018 19:20:52 +0000 (15:20 -0400)
commit66bd48df33e9696ba236320796ed80796b449013
treeb51eb4eca00a8f61af3aa3d8007662866371ab07tree
parent2e5f9d7038acae46ce52aceb12b3b03f66417effcommit | diff
Btrfs: fix list_add corruption and soft lockups in fsync

Orabug: 28119834

Xfstests btrfs/146 revealed this corruption,

[   58.138831] Buffer I/O error on dev dm-0, logical block 2621424, async page read
[   58.151233] BTRFS error (device sdf): bdev /dev/mapper/error-test errs: wr 1, rd 0, flush 0, corrupt 0, gen
[   58.152403] list_add corruption. prev->next should be next (ffff88005e6775d8), but was ffffc9000189be88. (pr
[   58.153518] ------------[ cut here ]------------
[   58.153892] WARNING: CPU: 1 PID: 1287 at lib/list_debug.c:31 __list_add_valid+0x169/0x1f0
...
[   58.157379] RIP: 0010:__list_add_valid+0x169/0x1f0
...
[   58.161956] Call Trace:
[   58.162264]  btrfs_log_inode_parent+0x5bd/0xfb0 [btrfs]
[   58.163583]  btrfs_log_dentry_safe+0x60/0x80 [btrfs]
[   58.164003]  btrfs_sync_file+0x4c2/0x6f0 [btrfs]
[   58.164393]  vfs_fsync_range+0x5f/0xd0
[   58.164898]  do_fsync+0x5a/0x90
[   58.165170]  SyS_fsync+0x10/0x20
[   58.165395]  entry_SYSCALL_64_fastpath+0x1f/0xbe
...

It turns out that we could record btrfs_log_ctx:io_err in
log_one_extents when IO fails, but make log_one_extents() return '0'
instead of -EIO, so the IO error is not acknowledged by the callers,
i.e.  btrfs_log_inode_parent(), which would remove btrfs_log_ctx:list
from list head 'root->log_ctxs'.  Since btrfs_log_ctx is allocated
from stack memory, it'd get freed with a object alive on the
list. then a future list_add will throw the above warning.

This returns the correct error in the above case.

Jeff also reported this while testing against his fsync error
patch set[1].

[1]: https://www.spinics.net/lists/linux-btrfs/msg65308.html
"btrfs list corruption and soft lockups while testing writeback error handling"

Fixes: 8407f553268a4611f254 ("Btrfs: fix data corruption after fast fsync and writeback error")
Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
(cherrypicked from commit ebb70442cdd4872260c2415929c456be3562da82)
Conflicts: fs/btrfs/file.c
Signed-off-by: Ashish Samant <ashish.samant@oracle.com>
Reviewed-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: Brian Maly <brian.maly@oracle.com>
fs/btrfs/file.c diff | blob | history
fs/btrfs/tree-log.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.