A race can occur in the unlikely event ext4 is unable to allocate a
physical cluster for a delayed allocation in a bigalloc file system
during writeback. Failure to allocate a cluster forces error recovery
that includes a call to mpage_release_unused_pages(). That function
removes any corresponding delayed allocated blocks from the extent
status tree. If a new delayed write is in progress on the same cluster
simultaneously, resulting in the addition of an new extent containing
one or more blocks in that cluster to the extent status tree, delayed
block accounting can be thrown off if that delayed write then encounters
a similar cluster allocation failure during future writeback.
Write lock the i_data_sem in mpage_release_unused_pages() to fix this
problem. Ext4's block/cluster accounting code for bigalloc relies on
i_data_sem for mutual exclusion, as is found in the delayed write path,
and the locking in mpage_release_unused_pages() is missing.
Reported-by: Ye Bin <[email protected]>
Signed-off-by: Eric Whitney <[email protected]>
---
fs/ext4/inode.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 3dce7d058985..95a7a90b3942 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -1571,7 +1571,14 @@ static void mpage_release_unused_pages(struct mpage_da_data *mpd,
ext4_lblk_t start, last;
start = index << (PAGE_SHIFT - inode->i_blkbits);
last = end << (PAGE_SHIFT - inode->i_blkbits);
+
+ /*
+ * avoid racing with extent status tree scans made by
+ * ext4_insert_delayed_block()
+ */
+ down_write(&EXT4_I(inode)->i_data_sem);
ext4_es_remove_extent(inode, start, last - start + 1);
+ up_write(&EXT4_I(inode)->i_data_sem);
}
pagevec_init(&pvec);
--
2.30.2
On Wed, 15 Jun 2022 12:05:30 -0400, Eric Whitney wrote:
> A race can occur in the unlikely event ext4 is unable to allocate a
> physical cluster for a delayed allocation in a bigalloc file system
> during writeback. Failure to allocate a cluster forces error recovery
> that includes a call to mpage_release_unused_pages(). That function
> removes any corresponding delayed allocated blocks from the extent
> status tree. If a new delayed write is in progress on the same cluster
> simultaneously, resulting in the addition of an new extent containing
> one or more blocks in that cluster to the extent status tree, delayed
> block accounting can be thrown off if that delayed write then encounters
> a similar cluster allocation failure during future writeback.
>
> [...]
Applied, thanks!
[1/1] ext4: fix extent status tree race in writeback error recovery path
commit: 8e469e57340049d4735b71660d29bd4fd3ae1607
Best regards,
--
Theodore Ts'o <[email protected]>