Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp5252903imu; Tue, 15 Jan 2019 14:08:26 -0800 (PST) X-Google-Smtp-Source: ALg8bN5TxSsp3q+KvxapBiBh833olqI4TP3Eud2g4fHPTlNxl4yH4hwnL/J3kZkVmTEuzH2M1gfN X-Received: by 2002:a62:a209:: with SMTP id m9mr6377684pff.218.1547590106195; Tue, 15 Jan 2019 14:08:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547590106; cv=none; d=google.com; s=arc-20160816; b=Qc3eA35VQlxgmNwe/pVW/x02BzmKRSCZBGZ2YD/tuA+yPrWGTqG2QBRLtpccgZKZ0e GUmNZ9dFGyQtinCClNNHIpxfPeL7JHJAQsDTzEVHKjEI70jbWNFg/Eu2NGvrxmJREuM8 bGED3k6hBCBQbGIAR/6qzNaxLh5puCXt/WD1ioaXYZzKqljWbdHZWDrj7f2D4/Xhwt+U oSv/MgnFT1ohscs+tHmtrytccTb/+q62GQueDfMMakSVshsLhNUFS37f1bzHUW71TBWB 3jY/tmAjO3b2ZeZ3/bT5w+GCTUFl3lqqzUojFeXMU1Yh30dFLfXTMkx/VH0YkoH7p5+p G7tQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=F8UvQfbDAjZ1Z9TCLFnS6oQBXLB46VxXMF37J2T9z/4=; b=I4hRjSoMfAq51tBUbtrD4UkjDRVFRxApUwHx2AeyqDGrfV2EyVEZIR195T3+dCBfos YC7EXM41JtJHgzPeEeJqURktHOw/ScM9Z3lm1TZZdzaTOVbZJFmAo/7T4sj5ecVLc+jX Kpdmty4XTXUKoMI/V1IS5SQGSerIQlLT6leEYnWLJVN1TWIi+FBhSzo50/imeFlYnp2/ IZr5upwGzo7ghuiu4OvQvJH2uXViER2JUltJWJQxbB5l4M7bLZkqhARmh6EsvnFvLTsS 4Fd+fsXkmhYnoCARtpoohpuSkALKTmdCID7fNHEf1NpLTBy1fD7cqF7yBCCTCPpdjy7q 5ogw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=m6PQf8Jw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b14si4737559plk.333.2019.01.15.14.08.10; Tue, 15 Jan 2019 14:08:26 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=m6PQf8Jw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387857AbfAOQps (ORCPT + 99 others); Tue, 15 Jan 2019 11:45:48 -0500 Received: from mail.kernel.org ([198.145.29.99]:35496 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387851AbfAOQpq (ORCPT ); Tue, 15 Jan 2019 11:45:46 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 7399320657; Tue, 15 Jan 2019 16:45:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1547570746; bh=8Fh0Wx+i8Nz4reJe6ajQOvap1EHqTI457fQpUvFnflM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=m6PQf8Jwq6EOAgPsTk9hYx8TQ1aQdYltot37m7NvPwDfawPbIkFMsRHBGK+EIn0EH FZFpchVnBfM6dZNXe9ukjHRjesdzPpyH4talz/dtmeNVDwC8HvUdHObJ/lqs8SV389 +Zuf8IukpZzFQPGSOMvITOL2wAIK/n+Hf0DRAGgs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Nikolay Borisov , Filipe Manana , David Sterba Subject: [PATCH 4.20 55/57] Btrfs: fix access to available allocation bits when starting balance Date: Tue, 15 Jan 2019 17:36:36 +0100 Message-Id: <20190115154914.106100746@linuxfoundation.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190115154910.734892368@linuxfoundation.org> References: <20190115154910.734892368@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.20-stable review patch. If anyone has any objections, please let me know. ------------------ From: Filipe Manana commit 5a8067c0d17feb7579db0476191417b441a8996e upstream. The available allocation bits members from struct btrfs_fs_info are protected by a sequence lock, and when starting balance we access them incorrectly in two different ways: 1) In the read sequence lock loop at btrfs_balance() we use the values we read from fs_info->avail_*_alloc_bits and we can immediately do actions that have side effects and can not be undone (printing a message and jumping to a label). This is wrong because a retry might be needed, so our actions must not have side effects and must be repeatable as long as read_seqretry() returns a non-zero value. In other words, we were essentially ignoring the sequence lock; 2) Right below the read sequence lock loop, we were reading the values from avail_metadata_alloc_bits and avail_data_alloc_bits without any protection from concurrent writers, that is, reading them outside of the read sequence lock critical section. So fix this by making sure we only read the available allocation bits while in a read sequence lock critical section and that what we do in the critical section is repeatable (has nothing that can not be undone) so that any eventual retry that is needed is handled properly. Fixes: de98ced9e743 ("Btrfs: use seqlock to protect fs_info->avail_{data, metadata, system}_alloc_bits") Fixes: 14506127979a ("btrfs: fix a bogus warning when converting only data or metadata") Reviewed-by: Nikolay Borisov Signed-off-by: Filipe Manana Reviewed-by: David Sterba Signed-off-by: David Sterba Signed-off-by: Greg Kroah-Hartman --- fs/btrfs/volumes.c | 39 +++++++++++++++++++++++---------------- 1 file changed, 23 insertions(+), 16 deletions(-) --- a/fs/btrfs/volumes.c +++ b/fs/btrfs/volumes.c @@ -3724,6 +3724,7 @@ int btrfs_balance(struct btrfs_fs_info * int ret; u64 num_devices; unsigned seq; + bool reducing_integrity; if (btrfs_fs_closing(fs_info) || atomic_read(&fs_info->balance_pause_req) || @@ -3803,24 +3804,30 @@ int btrfs_balance(struct btrfs_fs_info * !(bctl->sys.target & allowed)) || ((bctl->meta.flags & BTRFS_BALANCE_ARGS_CONVERT) && (fs_info->avail_metadata_alloc_bits & allowed) && - !(bctl->meta.target & allowed))) { - if (bctl->flags & BTRFS_BALANCE_FORCE) { - btrfs_info(fs_info, - "balance: force reducing metadata integrity"); - } else { - btrfs_err(fs_info, - "balance: reduces metadata integrity, use --force if you want this"); - ret = -EINVAL; - goto out; - } - } + !(bctl->meta.target & allowed))) + reducing_integrity = true; + else + reducing_integrity = false; + + /* if we're not converting, the target field is uninitialized */ + meta_target = (bctl->meta.flags & BTRFS_BALANCE_ARGS_CONVERT) ? + bctl->meta.target : fs_info->avail_metadata_alloc_bits; + data_target = (bctl->data.flags & BTRFS_BALANCE_ARGS_CONVERT) ? + bctl->data.target : fs_info->avail_data_alloc_bits; } while (read_seqretry(&fs_info->profiles_lock, seq)); - /* if we're not converting, the target field is uninitialized */ - meta_target = (bctl->meta.flags & BTRFS_BALANCE_ARGS_CONVERT) ? - bctl->meta.target : fs_info->avail_metadata_alloc_bits; - data_target = (bctl->data.flags & BTRFS_BALANCE_ARGS_CONVERT) ? - bctl->data.target : fs_info->avail_data_alloc_bits; + if (reducing_integrity) { + if (bctl->flags & BTRFS_BALANCE_FORCE) { + btrfs_info(fs_info, + "balance: force reducing metadata integrity"); + } else { + btrfs_err(fs_info, + "balance: reduces metadata integrity, use --force if you want this"); + ret = -EINVAL; + goto out; + } + } + if (btrfs_get_num_tolerated_disk_barrier_failures(meta_target) < btrfs_get_num_tolerated_disk_barrier_failures(data_target)) { int meta_index = btrfs_bg_flags_to_raid_index(meta_target);