Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp3087636rwb;
        Mon, 15 Aug 2022 17:49:40 -0700 (PDT)
X-Google-Smtp-Source: AA6agR6oHB5t3VgzthDW/eldHBytOf8koPwzwAAmpw0j307TTJ773PetNI6Lr8NbYuX9f3zhHxFc
X-Received: by 2002:a17:902:ccc7:b0:16c:484f:4c69 with SMTP id z7-20020a170902ccc700b0016c484f4c69mr20025569ple.118.1660610980490;
        Mon, 15 Aug 2022 17:49:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1660610980; cv=none;
        d=google.com; s=arc-20160816;
        b=vI3j7RqoK/ZE7Y7bJfYLvPlXBdMkz4/bOznJH8G5vJhSDpEaEX20m7lUzoJSUBUY7p
         1buHfjq0S9LAxKMGEmx7p0d49crwOYx0/VBqc2g9kK8mmEnyqzagAzZyWI1cHVIgT1E2
         Q8YcNqZhOVjj06MQd+XcIvC64gxI25C8hGXAJ2HRQCAPtrEMqiHOjcqa3oLw44PKC6Z4
         NOHThautSE5w7LdJ37dMpAehWTZrwrGL7uyNDr8whgG/uT4037F4x24cruaulzK+6/le
         rq2C/Wh80T4DIqWpFGrCGSbqhTL+98tAfQo1AHZNvuAC1l6zCpBy7ctyv37jbJveVgox
         p7/Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=sVgpZDkj5CNUOK0X1v8ajaf/97O1dm9Do+o+1IflfjA=;
        b=XTVpuOqbU+uQiGhN4K11xk+UUfAWsCJvAjnoI/iYPI8moVfxGNRoL1Hh6redcSKwfD
         Q69IumHjNOhkQkFJ0sMoM7sjyxYd5ZHprRrGLiXjemmhSjqqbtaUuZI3gSOoGloOfjXc
         bhbctlJ0l00M2+Zxdw3Ci/sgL5L2YKM4v0QQh08wtLADzKiavC4PO7jeQR9DBlQvSXF1
         mo3+VEIPAAdrHQpvWInvYZGHW+WiHgIkM/l2wLA8rgWed0ONP/4toZ4eHWDH2PRpVL7T
         SGwQCRV+N9waZPLsPmAPNP58oKPYHogC4UERQ1WyaM6pQJcpPuEM0KohvUmp0+WtbLF9
         hr/g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=zGJsLcPE;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id c4-20020a170902d48400b0016ee6e782a4si13132955plg.560.2022.08.15.17.49.29;
        Mon, 15 Aug 2022 17:49:40 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=zGJsLcPE;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1353778AbiHOXgY (ORCPT <rfc822;andrey.bzh.r@gmail.com>
        + 99 others); Mon, 15 Aug 2022 19:36:24 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43976 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1353433AbiHOXbk (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 15 Aug 2022 19:31:40 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 919F214F97C;
        Mon, 15 Aug 2022 13:08:14 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id 8CB0160B6E;
        Mon, 15 Aug 2022 20:08:13 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 97F19C433C1;
        Mon, 15 Aug 2022 20:08:12 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1660594093;
        bh=qbzUrqN7cH0JP7uC2Tl4OalEZ7Wbjp6GiUMN+PORSdc=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=zGJsLcPEu4VGkYlSlCo2vlCPEIdfOsRSexEd8ljeM3DkD6YNUa7zqb1Z/iYjynFR+
         98ioYc8UedVte2xhp/a3Bw2SSNhuCXS199yOqPa7S+awO54vKAahVRR9S9n0d/HYsR
         RneL7NgOFoCVJmO6r+RfbzhmYBjR5pmp3LFnrywc=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, stable@kernel.org,
        Ye Bin <yebin10@huawei.com>, Eric Whitney <enwlinux@gmail.com>,
        Theodore Tso <tytso@mit.edu>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.18 1055/1095] ext4: fix extent status tree race in writeback error recovery path
Date:   Mon, 15 Aug 2022 20:07:34 +0200
Message-Id: <20220815180512.700807649@linuxfoundation.org>
X-Mailer: git-send-email 2.37.2
In-Reply-To: <20220815180429.240518113@linuxfoundation.org>
References: <20220815180429.240518113@linuxfoundation.org>
User-Agent: quilt/0.67
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Eric Whitney <enwlinux@gmail.com>

[ Upstream commit 7f0d8e1d607c1a4fa9a27362a108921d82230874 ]

A race can occur in the unlikely event ext4 is unable to allocate a
physical cluster for a delayed allocation in a bigalloc file system
during writeback.  Failure to allocate a cluster forces error recovery
that includes a call to mpage_release_unused_pages().  That function
removes any corresponding delayed allocated blocks from the extent
status tree.  If a new delayed write is in progress on the same cluster
simultaneously, resulting in the addition of an new extent containing
one or more blocks in that cluster to the extent status tree, delayed
block accounting can be thrown off if that delayed write then encounters
a similar cluster allocation failure during future writeback.

Write lock the i_data_sem in mpage_release_unused_pages() to fix this
problem.  Ext4's block/cluster accounting code for bigalloc relies on
i_data_sem for mutual exclusion, as is found in the delayed write path,
and the locking in mpage_release_unused_pages() is missing.

Cc: stable@kernel.org
Reported-by: Ye Bin <yebin10@huawei.com>
Signed-off-by: Eric Whitney <enwlinux@gmail.com>
Link: https://lore.kernel.org/r/20220615160530.1928801-1-enwlinux@gmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/ext4/inode.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index beed9e32571c..826e2deb10f8 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -1559,7 +1559,14 @@ static void mpage_release_unused_pages(struct mpage_da_data *mpd,
 		ext4_lblk_t start, last;
 		start = index << (PAGE_SHIFT - inode->i_blkbits);
 		last = end << (PAGE_SHIFT - inode->i_blkbits);
+
+		/*
+		 * avoid racing with extent status tree scans made by
+		 * ext4_insert_delayed_block()
+		 */
+		down_write(&EXT4_I(inode)->i_data_sem);
 		ext4_es_remove_extent(inode, start, last - start + 1);
+		up_write(&EXT4_I(inode)->i_data_sem);
 	}
 
 	pagevec_init(&pvec);
-- 
2.35.1