Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp3799441pxf; Mon, 29 Mar 2021 11:44:55 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw/wkAE/d6jS9GwxIrNchxXbVYjm6pKEF3wWUvEecwtEUVFzSECPaoVH0k5cmEDVuXjN4/u X-Received: by 2002:a17:907:2d89:: with SMTP id gt9mr29967640ejc.226.1617043495780; Mon, 29 Mar 2021 11:44:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617043495; cv=none; d=google.com; s=arc-20160816; b=JiQoFdFdg6Cy3ijV3mprWt2+NoalxvIDSZYVo7DvJ+RcYhsblBC9L2JYg5hDRO1bDg /KVmvxOvgLyn1SXkksFfj2gSwA6HhJrxi8q6CYKNqyCXk2rTY0wpGhdFEoNBAQabRWIA GYFknU2hdDavRdd0QSWOxadm0sEpLnjRW1SAz6Bb/6ebJ7VyDP/5oKO4qpOzXZ5sEN9K q9JaTQT+EL9EDjFraSLAM9YaGVOCCtoOsr2RQ2nKmjpDoObPphjETkpfQxW5cDwse2M8 1pqracMrkjpWSKULBlTlIkLvXPilvfMDsqm1CM9MYZNZBKGsvLFEfHFvcGkuL/9PlGwi ofbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:mail-followup-to:reply-to:message-id :subject:cc:to:from:date; bh=KyZJ/OJA3eP6Qsv0tb4+TGNMGYzZeWOYB+zit5H/RR8=; b=oBWetPy7cmQsP02TntRhHKhl98o5PrmFMscvbbGZx9pUpcRRRWjlvatn2MFZ7SE2Ki +bOocC6ObEe4+lJPHdU2VCNzWyrLIMeoV9Wa0kxtrweCfue6kw9NwTf8M8QK84MSnK+m Tg1+mJytjdMtlsPxS+JjP0xaGTdKxI1Yq57it7DqniMu/40/WY6l3FjaFvrmYLPS+MZC ZE4nEf1QxucCaZOya/gImsNy/fR36rlI4E+xUeVBuLzZWoppPphzuc/A6/1mBEHTsUE/ zGPm7IlmWd35ONfZl1qKTJCcdIr6rbXgr1xPlMom5DtkaZHxi0+nzl3WD8VVM8IxRTjM LeEw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a14si12482823edr.155.2021.03.29.11.44.32; Mon, 29 Mar 2021 11:44:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230122AbhC2Snh (ORCPT + 99 others); Mon, 29 Mar 2021 14:43:37 -0400 Received: from mx2.suse.de ([195.135.220.15]:44166 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231420AbhC2SnU (ORCPT ); Mon, 29 Mar 2021 14:43:20 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 7133DAFF4; Mon, 29 Mar 2021 18:43:19 +0000 (UTC) Received: by ds.suse.cz (Postfix, from userid 10065) id 63E28DA842; Mon, 29 Mar 2021 20:41:11 +0200 (CEST) Date: Mon, 29 Mar 2021 20:41:11 +0200 From: David Sterba To: bingjingc Cc: josef@toxicpanda.com, dsterba@suse.com, quwenruo@cn.fujitsu.com, clm@fb.com, linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org, cccheng@synology.com, robbieko@synology.com Subject: Re: [PATCH v2] btrfs: fix a potential hole-punching failure Message-ID: <20210329184111.GS7604@twin.jikos.cz> Reply-To: dsterba@suse.cz Mail-Followup-To: dsterba@suse.cz, bingjingc , josef@toxicpanda.com, dsterba@suse.com, quwenruo@cn.fujitsu.com, clm@fb.com, linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org, cccheng@synology.com, robbieko@synology.com References: <1616637382-27311-1-git-send-email-bingjingc@synology.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1616637382-27311-1-git-send-email-bingjingc@synology.com> User-Agent: Mutt/1.5.23.1-rc1 (2014-03-12) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 25, 2021 at 09:56:22AM +0800, bingjingc wrote: > From: BingJing Chang > > In commit d77815461f04 ("btrfs: Avoid trucating page or punching hole > in a already existed hole."), existed holes can be skipped by calling > find_first_non_hole() to adjust *start and *len. However, if the given > len is invalid and large, when an EXTENT_MAP_HOLE extent is found, the > *len will not be set to zero because (em->start + em->len) is less than > (*start + *len). Then the ret will be 1 but the *len will not be set to > 0. The propagated non-zero ret will result in fallocate failure. > > In the while-loop of btrfs_replace_file_extents(), len is not updated > every time before it calls find_first_non_hole(). That is, after > btrfs_drop_extents() successfully drops the last non-hole file extent, > it may fail with -ENOSPC when attempting to drop a file extent item > representing a hole. The problem can happen. After it calls > find_first_non_hole(), the cur_offset will be adjusted to be larger > than or equal to end. However, since the len is not set to zero. The > break-loop condition (ret && !len) will not meet. After it leaves the > while-loop, fallocate will return 1, which is an unexpected return > value. > > We're not able to construct a reproducible way to let > btrfs_drop_extents() fail with -ENOSPC after it drops the last non-hole > file extent but with remaining holes left. However, it's quite easy to > fix. We just need to update and check the len every time before we call > find_first_non_hole(). To make the while loop more readable, we also > pull the variable updates to the bottom of loop like this: > while (cur_offset < end) { > ... > // update cur_offset & len > // advance cur_offset & len in hole-punching case if needed > } > > Reported-by: Robbie Ko > Fixes: d77815461f04 ("btrfs: Avoid trucating page or punching hole in a > already existed hole.") > Reviewed-by: Robbie Ko > Reviewed-by: Chung-Chiang Cheng > Signed-off-by: BingJing Chang Thanks, added to misc-next.