Received: by 2002:ac0:98c7:0:0:0:0:0 with SMTP id g7-v6csp2455922imd;
        Fri, 2 Nov 2018 11:42:31 -0700 (PDT)
X-Google-Smtp-Source: AJdET5dSlp/5RlYHQL3M9eQKWM3PpKJf8tGuXpd4YykYoKzXGypuarzuAsS//gnE/PuHutH5Kei8
X-Received: by 2002:a65:5c81:: with SMTP id a1-v6mr11768807pgt.390.1541184151078;
        Fri, 02 Nov 2018 11:42:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1541184151; cv=none;
        d=google.com; s=arc-20160816;
        b=NzNzSEthCZRX0/+ixjiZO7aXd2daXLhuydMHqDvVLxPFfIDdH1Fn2XzqNVXKlEokU+
         lQwF3cucko05eXd7qN64jhRnOLNi9/3W/AQ0V7+qXH2ZDBO11MevGnF+MvrsgApFr9hF
         JjPMc5RBeks4aSYStivLmpDJwj6pi06QQa6L1zJSLpG7SP9MnFyacmo8EFgb9T/eEGcf
         5efGXelP2/uQEiyEIppGh9rcKMeBd1rm0mI3Zh/OtMkCaj9Yre5WftfRYVYCNQAr41Hc
         5Qnzq0TYB1d5W3CexLdsuU2AthzLU1OSKvIyCnSItYSpUzU6PqUK4Il5deOpuyfvvZIV
         5J+g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=+MZnFrSX5kPGNJkCJp5wLn6LT/vNkm1eMVwwUEvP3bY=;
        b=C2vyJVzodXpvg9ljlEWINQHuBD8TUN+Tk6sV82z5KazV0UaGyZwULAtNL4Dn9g1T4J
         T6eVoUQwXhyBInLL/FGWNkueRZeSzTMqLRBC+8d7SVcY5pYZGmrSNx/ukvlBKIkmlQu7
         Lu7BLudt6d3ssVg9l5iNOXoH5zgxoLEOj4Mg7FxGM6sEcUgWSd7fnBp0Wb0fOiVxrdsO
         AvLep3z+GyeYrtNtU5Vs7v3gbxyopptJdJV+bgKKNIav4+c1xKPZMricDaLFim1mxE22
         LuEdm59kCYgpOhr91OUtDkKIpU7uwGYUO2TsLXVqzTJE98LEQgcgcvpQ3AnIz7YUJ4BD
         lSrg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=qMzlwkis;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 134-v6si35017272pfu.273.2018.11.02.11.42.16;
        Fri, 02 Nov 2018 11:42:31 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=qMzlwkis;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729527AbeKCDtW (ORCPT <rfc822;stevepeted@gmail.com>
        + 99 others); Fri, 2 Nov 2018 23:49:22 -0400
Received: from mail.kernel.org ([198.145.29.99]:43958 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1729037AbeKCDtW (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 2 Nov 2018 23:49:22 -0400
Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id ADAEA2082E;
        Fri,  2 Nov 2018 18:41:09 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1541184070;
        bh=zHfOlg8rXJs+8i5EMjg0TxOMhCBwxzRwxK1/vnbVRg4=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=qMzlwkisNA0uC+z1dyfA4qbKGuFeGl4i+Pkx0fYKoRtzu7HrTmvueitudvz/+hrgz
         n/760KdDGt6cyHIu0kmti0DajpMItd7SbQBmVc07BniXCirUnjBVAdnYNJmSmwOUl8
         v2N+HlAzqH2llj0DjVLZS9rh7H7IqZPC1l7YiZpQ=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Larry Chen <lchen@suse.com>,
        Changwei Ge <ge.changwei@h3c.com>,
        Mark Fasheh <mark@fasheh.com>,
        Joel Becker <jlbec@evilplan.org>,
        Junxiao Bi <junxiao.bi@oracle.com>,
        Joseph Qi <jiangqi903@gmail.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.18 070/150] ocfs2: fix crash in ocfs2_duplicate_clusters_by_page()
Date:   Fri,  2 Nov 2018 19:33:52 +0100
Message-Id: <20181102182908.476713167@linuxfoundation.org>
X-Mailer: git-send-email 2.19.1
In-Reply-To: <20181102182902.250560510@linuxfoundation.org>
References: <20181102182902.250560510@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 69eb7765b9c6902444c89c54e7043242faf981e5 ]

ocfs2_duplicate_clusters_by_page() may crash if one of the extent's pages
is dirty.  When a page has not been written back, it is still in dirty
state.  If ocfs2_duplicate_clusters_by_page() is called against the dirty
page, the crash happens.

To fix this bug, we can just unlock the page and wait until the page until
its not dirty.

The following is the backtrace:

kernel BUG at /root/code/ocfs2/refcounttree.c:2961!
[exception RIP: ocfs2_duplicate_clusters_by_page+822]
__ocfs2_move_extent+0x80/0x450 [ocfs2]
? __ocfs2_claim_clusters+0x130/0x250 [ocfs2]
ocfs2_defrag_extent+0x5b8/0x5e0 [ocfs2]
__ocfs2_move_extents_range+0x2a4/0x470 [ocfs2]
ocfs2_move_extents+0x180/0x3b0 [ocfs2]
? ocfs2_wait_for_recovery+0x13/0x70 [ocfs2]
ocfs2_ioctl_move_extents+0x133/0x2d0 [ocfs2]
ocfs2_ioctl+0x253/0x640 [ocfs2]
do_vfs_ioctl+0x90/0x5f0
SyS_ioctl+0x74/0x80
do_syscall_64+0x74/0x140
entry_SYSCALL_64_after_hwframe+0x3d/0xa2

Once we find the page is dirty, we do not wait until it's clean, rather we
use write_one_page() to write it back

Link: http://lkml.kernel.org/r/20180829074740.9438-1-lchen@suse.com
[lchen@suse.com: update comments]
  Link: http://lkml.kernel.org/r/20180830075041.14879-1-lchen@suse.com
[akpm@linux-foundation.org: coding-style fixes]
Signed-off-by: Larry Chen <lchen@suse.com>
Acked-by: Changwei Ge <ge.changwei@h3c.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Joseph Qi <jiangqi903@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/ocfs2/refcounttree.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/fs/ocfs2/refcounttree.c b/fs/ocfs2/refcounttree.c
index 7869622af22a..7a5ee145c733 100644
--- a/fs/ocfs2/refcounttree.c
+++ b/fs/ocfs2/refcounttree.c
@@ -2946,6 +2946,7 @@ int ocfs2_duplicate_clusters_by_page(handle_t *handle,
 		if (map_end & (PAGE_SIZE - 1))
 			to = map_end & (PAGE_SIZE - 1);
 
+retry:
 		page = find_or_create_page(mapping, page_index, GFP_NOFS);
 		if (!page) {
 			ret = -ENOMEM;
@@ -2954,11 +2955,18 @@ int ocfs2_duplicate_clusters_by_page(handle_t *handle,
 		}
 
 		/*
-		 * In case PAGE_SIZE <= CLUSTER_SIZE, This page
-		 * can't be dirtied before we CoW it out.
+		 * In case PAGE_SIZE <= CLUSTER_SIZE, we do not expect a dirty
+		 * page, so write it back.
 		 */
-		if (PAGE_SIZE <= OCFS2_SB(sb)->s_clustersize)
-			BUG_ON(PageDirty(page));
+		if (PAGE_SIZE <= OCFS2_SB(sb)->s_clustersize) {
+			if (PageDirty(page)) {
+				/*
+				 * write_on_page will unlock the page on return
+				 */
+				ret = write_one_page(page);
+				goto retry;
+			}
+		}
 
 		if (!PageUptodate(page)) {
 			ret = block_read_full_page(page, ocfs2_get_block);
-- 
2.17.1