Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp1185923ybf; Thu, 27 Feb 2020 06:30:13 -0800 (PST) X-Google-Smtp-Source: APXvYqznFIB2PJZkA6Xu/dLtD/qRk2ePXR62EHaZTioWq08vlndsTqhRttZmM4erwo/RLzRJzDS/ X-Received: by 2002:a9d:4541:: with SMTP id p1mr3603968oti.199.1582813813108; Thu, 27 Feb 2020 06:30:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582813813; cv=none; d=google.com; s=arc-20160816; b=tcRXMESP9/mM8id/6aT9KJzdLilFUbjLub7bCDg9RWJdD6WHlQ0GJo4xkyGdXF/v8h kbcixmtZMP/Xn+hbPaY6ejHQ1t8iPNeaJuFMTJqRPbYXkYbGlpptmxxncnlXotDj5du9 C44HOdCfjqf5xixKa3Chk3NEcgzxLuzqOlLWuMYcWRSnt5n5u5QLzMj2k/TbWYPLVVGc dM5RWtgBXY0JIq6g+78pv76WmMYY3+3UDnKXSwRqJiTzZZTZZpJ0IPtN8caB8aHdwg+j ZHp6XryDbw5kbh67SoP5RaeeFnkD+NcVjKFAvqLB+3DRd3KSTt4HYOLnMxT9WxBR2izc iDGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=fgYwZ/K9Jo6lLGBzuihP0u8UB6YuAlKhnKrVNds4NJg=; b=XnFScYKhdx38iSvKnQ+JieOULcTWY4LQDJJkTgdYZrDyy4RIYtou5DmSomzs2XZ+rg olvAtlblFrFncUrZgPgv9Y6LnnLv7nx37TbAvN7JIu2sl8rkwZG3lx2AaKXYepSqnASC GMdXHAu95FfH2Xv3+h0Qo+y0IUOnea9TlamCdJ3JgkE5y16CKxAqUUeMhcO5Ye9k1dWs EliTwPYE9cYXoMoDccgdmao01qyushG+ANGx99kZEb5Wc7uk3hUzWfveqAL7GkChMJV8 X3UkjCofd0vDKtfoiGWtoWCodp7cg8Smf//LtHuarvL8/6ZtUwNqpe7dzY+r40p/PSH+ HwFQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=B6Q9OrXy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t7si1250024oij.175.2020.02.27.06.30.00; Thu, 27 Feb 2020 06:30:13 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=B6Q9OrXy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387658AbgB0O34 (ORCPT + 99 others); Thu, 27 Feb 2020 09:29:56 -0500 Received: from mail.kernel.org ([198.145.29.99]:42266 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1733312AbgB0OFd (ORCPT ); Thu, 27 Feb 2020 09:05:33 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 19C3224656; Thu, 27 Feb 2020 14:05:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1582812332; bh=fzxrk04W2BG55ZA/0KndRMEX+JU1C5HtIUxvWYFVFRk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=B6Q9OrXyWOVcRBzDrO8ROrAWvj2E4DattxhCviyr9PSf2THkQE9sEQWxBDDQurKxc SlG5MpbVv2JLEu6DmyHra2+ad4T0cKqZBpXuy8uvw5XEx5SY+jAyFJeqJ4uqfXC2Eo 1wml4hyiNfU6JJ8F2zKhEmY9ZQtzvSvLcU8qDSeI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Qu Wenruo , Josef Bacik , David Sterba Subject: [PATCH 4.19 75/97] btrfs: fix bytes_may_use underflow in prealloc error condtition Date: Thu, 27 Feb 2020 14:37:23 +0100 Message-Id: <20200227132226.718346230@linuxfoundation.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200227132214.553656188@linuxfoundation.org> References: <20200227132214.553656188@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Josef Bacik commit b778cf962d71a0e737923d55d0432f3bd287258e upstream. I hit the following warning while running my error injection stress testing: WARNING: CPU: 3 PID: 1453 at fs/btrfs/space-info.h:108 btrfs_free_reserved_data_space_noquota+0xfd/0x160 [btrfs] RIP: 0010:btrfs_free_reserved_data_space_noquota+0xfd/0x160 [btrfs] Call Trace: btrfs_free_reserved_data_space+0x4f/0x70 [btrfs] __btrfs_prealloc_file_range+0x378/0x470 [btrfs] elfcorehdr_read+0x40/0x40 ? elfcorehdr_read+0x40/0x40 ? btrfs_commit_transaction+0xca/0xa50 [btrfs] ? dput+0xb4/0x2a0 ? btrfs_log_dentry_safe+0x55/0x70 [btrfs] ? btrfs_sync_file+0x30e/0x420 [btrfs] ? do_fsync+0x38/0x70 ? __x64_sys_fdatasync+0x13/0x20 ? do_syscall_64+0x5b/0x1b0 ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 This happens if we fail to insert our reserved file extent. At this point we've already converted our reservation from ->bytes_may_use to ->bytes_reserved. However once we break we will attempt to free everything from [cur_offset, end] from ->bytes_may_use, but our extent reservation will overlap part of this. Fix this problem by adding ins.offset (our extent allocation size) to cur_offset so we remove the actual remaining part from ->bytes_may_use. I validated this fix using my inject-error.py script python inject-error.py -o should_fail_bio -t cache_save_setup -t \ __btrfs_prealloc_file_range \ -t insert_reserved_file_extent.constprop.0 \ -r "-5" ./run-fsstress.sh where run-fsstress.sh simply mounts and runs fsstress on a disk. CC: stable@vger.kernel.org # 4.4+ Reviewed-by: Qu Wenruo Signed-off-by: Josef Bacik Reviewed-by: David Sterba Signed-off-by: David Sterba Signed-off-by: Greg Kroah-Hartman --- fs/btrfs/inode.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -10348,6 +10348,7 @@ static int __btrfs_prealloc_file_range(s struct btrfs_root *root = BTRFS_I(inode)->root; struct btrfs_key ins; u64 cur_offset = start; + u64 clear_offset = start; u64 i_size; u64 cur_bytes; u64 last_alloc = (u64)-1; @@ -10382,6 +10383,15 @@ static int __btrfs_prealloc_file_range(s btrfs_end_transaction(trans); break; } + + /* + * We've reserved this space, and thus converted it from + * ->bytes_may_use to ->bytes_reserved. Any error that happens + * from here on out we will only need to clear our reservation + * for the remaining unreserved area, so advance our + * clear_offset by our extent size. + */ + clear_offset += ins.offset; btrfs_dec_block_group_reservations(fs_info, ins.objectid); last_alloc = ins.offset; @@ -10462,9 +10472,9 @@ next: if (own_trans) btrfs_end_transaction(trans); } - if (cur_offset < end) - btrfs_free_reserved_data_space(inode, NULL, cur_offset, - end - cur_offset + 1); + if (clear_offset < end) + btrfs_free_reserved_data_space(inode, NULL, clear_offset, + end - clear_offset + 1); return ret; }