Received: by 2002:ac0:98c7:0:0:0:0:0 with SMTP id g7-v6csp2464021imd; Fri, 2 Nov 2018 11:51:56 -0700 (PDT) X-Google-Smtp-Source: AJdET5filFsH8/3g5vAbuFSWYeEw2NYHgnC1Kc49Sb7VK/AoAV+SbdtM+oxn0wEM0Y4hJnyTP8TX X-Received: by 2002:a17:902:1ea:: with SMTP id b97-v6mr13076569plb.152.1541184716540; Fri, 02 Nov 2018 11:51:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1541184716; cv=none; d=google.com; s=arc-20160816; b=STiD86pxmbViBUSUnh/ya3J1SXjreeoc31Lu7BR69Y5f6qV/Zjh59eD9RpzuaCgcrT NZPnFo1bvV28z4nfpj4hkOa0nri40A8Vbs+Y+LEbyygPjEniij6OBmCgja2yB5Zsc/qO BcQrzJ6zH/564nn2oS20JtJF3LN73QD4Z3WPBXjYP5B2uffjYoy0NfFk4aR8WcHRFEuW c8GfAqmE8suuQHF3ZwhlM99XH1JSNzbsvgVx1gIF8iplMoLfKK2zESrj+IA8AnIIil3t yUdDHg6Ya38f543MOShBLN8Idi+GUitCXZop3YBMBs28ZvreVO+gB/uREisPe32gJoYy U5Aw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=3XX2L0yxhOFzYn5mm4Jl1QKh50zN+b1nq05CTYkkYHQ=; b=wDTxEytQpYoC3gkcHPhSrA3788SdJ+7zGScAfo7euJPu+BW/hixrkH2UW3jkooo9l6 mSUJpwprlKlgaNefO5Ar1ArQwI9gbm2+S8Ul1fiuzt4xmfPU2QCJsHUIX8f5AIDis6W4 ZasEOU/uXjnnxUnuHTxud+ewZxOx5Qek0d53fWUGF/O4Lz0jvmjiEf445ySvAB8jh2T2 UNHAlQMFuLT+bf/OpUlu+gZGFpm193rGAx6S3SA8o6V9zJiu8sLl0BwcfpGe67xld85M 3XwIPBvctXoIIG1EqLBhlJ7q4s8ECZKF3BfIslp4wWUey4F4HahfTe+u4W9qAR6xliKg UoNQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=pxNgWyCs; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h9si6982259pgb.319.2018.11.02.11.51.42; Fri, 02 Nov 2018 11:51:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=pxNgWyCs; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730777AbeKCD6W (ORCPT + 99 others); Fri, 2 Nov 2018 23:58:22 -0400 Received: from mail.kernel.org ([198.145.29.99]:54130 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728280AbeKCD6V (ORCPT ); Fri, 2 Nov 2018 23:58:21 -0400 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 8717C2082D; Fri, 2 Nov 2018 18:50:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1541184607; bh=mUc+BeSklLnLtGeEbhmnwSPwcRmjv+Icytv3W+uyScU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=pxNgWyCsl6T0TR3IAdGY8Z0Ohpt5QZCv4V58S0Slz827H4AbhonFWx6rU0Ybwel8y nXTkk1RNKeMm1n3ucwUyy3HBLGHC9cM9ermPbrL9x1bGGFQyyRazZl/kZS9tgF9Xix PW2IpBBGZ4093FPIGKrqZse6yb2hwnADqX7ozUrs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Larry Chen , Changwei Ge , Mark Fasheh , Joel Becker , Junxiao Bi , Joseph Qi , Andrew Morton , Sasha Levin Subject: [PATCH 4.14 049/143] ocfs2: fix crash in ocfs2_duplicate_clusters_by_page() Date: Fri, 2 Nov 2018 19:33:54 +0100 Message-Id: <20181102182900.989726249@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181102182857.064326086@linuxfoundation.org> References: <20181102182857.064326086@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ [ Upstream commit 69eb7765b9c6902444c89c54e7043242faf981e5 ] ocfs2_duplicate_clusters_by_page() may crash if one of the extent's pages is dirty. When a page has not been written back, it is still in dirty state. If ocfs2_duplicate_clusters_by_page() is called against the dirty page, the crash happens. To fix this bug, we can just unlock the page and wait until the page until its not dirty. The following is the backtrace: kernel BUG at /root/code/ocfs2/refcounttree.c:2961! [exception RIP: ocfs2_duplicate_clusters_by_page+822] __ocfs2_move_extent+0x80/0x450 [ocfs2] ? __ocfs2_claim_clusters+0x130/0x250 [ocfs2] ocfs2_defrag_extent+0x5b8/0x5e0 [ocfs2] __ocfs2_move_extents_range+0x2a4/0x470 [ocfs2] ocfs2_move_extents+0x180/0x3b0 [ocfs2] ? ocfs2_wait_for_recovery+0x13/0x70 [ocfs2] ocfs2_ioctl_move_extents+0x133/0x2d0 [ocfs2] ocfs2_ioctl+0x253/0x640 [ocfs2] do_vfs_ioctl+0x90/0x5f0 SyS_ioctl+0x74/0x80 do_syscall_64+0x74/0x140 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 Once we find the page is dirty, we do not wait until it's clean, rather we use write_one_page() to write it back Link: http://lkml.kernel.org/r/20180829074740.9438-1-lchen@suse.com [lchen@suse.com: update comments] Link: http://lkml.kernel.org/r/20180830075041.14879-1-lchen@suse.com [akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Larry Chen Acked-by: Changwei Ge Cc: Mark Fasheh Cc: Joel Becker Cc: Junxiao Bi Cc: Joseph Qi Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman Signed-off-by: Sasha Levin --- fs/ocfs2/refcounttree.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/fs/ocfs2/refcounttree.c b/fs/ocfs2/refcounttree.c index 1b1283f07941..824f407df1db 100644 --- a/fs/ocfs2/refcounttree.c +++ b/fs/ocfs2/refcounttree.c @@ -2946,6 +2946,7 @@ int ocfs2_duplicate_clusters_by_page(handle_t *handle, if (map_end & (PAGE_SIZE - 1)) to = map_end & (PAGE_SIZE - 1); +retry: page = find_or_create_page(mapping, page_index, GFP_NOFS); if (!page) { ret = -ENOMEM; @@ -2954,11 +2955,18 @@ int ocfs2_duplicate_clusters_by_page(handle_t *handle, } /* - * In case PAGE_SIZE <= CLUSTER_SIZE, This page - * can't be dirtied before we CoW it out. + * In case PAGE_SIZE <= CLUSTER_SIZE, we do not expect a dirty + * page, so write it back. */ - if (PAGE_SIZE <= OCFS2_SB(sb)->s_clustersize) - BUG_ON(PageDirty(page)); + if (PAGE_SIZE <= OCFS2_SB(sb)->s_clustersize) { + if (PageDirty(page)) { + /* + * write_on_page will unlock the page on return + */ + ret = write_one_page(page); + goto retry; + } + } if (!PageUptodate(page)) { ret = block_read_full_page(page, ocfs2_get_block); -- 2.17.1