Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp4603604ybv; Mon, 10 Feb 2020 23:29:36 -0800 (PST) X-Google-Smtp-Source: APXvYqzXq+bEcFk/8C9Deu0EHPtND2kfeh29EcvX7lYjS6Ve1deIEweAjGIsMqQpoqtzwsHDc8dJ X-Received: by 2002:a9d:7ada:: with SMTP id m26mr4261206otn.111.1581406176188; Mon, 10 Feb 2020 23:29:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581406176; cv=none; d=google.com; s=arc-20160816; b=AqNalmrodn781oBgKEOMVmuoQFhsXEcyyqaiJdzYVAqgTBj+bDSjxyTJgI4h+2N95Y HlH6wWfO1Uq59Gvqx3R9be4chm3lrcj6/w5O7Ilk8lsfOe+TDmA3E4wxBdjhJ38p8m1R OKqRw/9BTS9QW/eTq9+ziZ9f77Ohl3mC60d6JYZjXlxVf7I1pjEjyfoaZ7FXwWNNr8f3 +8AYxpRLIQHpCEgnNb7Ks2B5oXdZ/Wy6PYkNqq7h+LB/Kvk2/sYDkEWTVDCFABKwPf+O qm/7RhzW+wdlFHkvSK+0AoP6urMx/SrABjncaEgNMQj1pUSJOgMQi1LqF1JlyYFt1XbO NSbg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=J3R8PVvA57QHUEAAPf1ZBAC1lM37YYSpa3ZAzCUsXMo=; b=SC3Cs0s3Dm+sNmC+fnlQxlJpaawwmS7h2VFWNkE92am1U4tkDJaG2/GJIOPmCZL1xi 5WFf9PQeC9+X+hYa6e6dH8Lteo8dOiyYDMCvrP9HaxZoyBCOWuegriYl0+CWyykwIVjs N9FxtNxoTd6AxR/OdJzYglqLLixSWgab8tb80LxEysEeCA2Fz53Ldcc3dQwRfIWMSZa8 p0OcBhL6G7JkF+vvO/rf+On7a7fdHxbM8Y1cBL6gq34REXtcrltG3OcUaLcz7rMfHM8z t4roVLKLxSOeI+xTl3duQpMI71ik9iIYp9XeZf2g+Ap9N16jLeJpPe+s/nAymlJ2XPWA TYKw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z8si1061201otp.79.2020.02.10.23.29.15; Mon, 10 Feb 2020 23:29:36 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727857AbgBKGvY (ORCPT + 99 others); Tue, 11 Feb 2020 01:51:24 -0500 Received: from szxga06-in.huawei.com ([45.249.212.32]:47660 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727697AbgBKGvY (ORCPT ); Tue, 11 Feb 2020 01:51:24 -0500 Received: from DGGEMS406-HUB.china.huawei.com (unknown [172.30.72.60]) by Forcepoint Email with ESMTP id 58F6949E3826EAFD3628; Tue, 11 Feb 2020 14:51:21 +0800 (CST) Received: from [127.0.0.1] (10.173.220.179) by DGGEMS406-HUB.china.huawei.com (10.3.19.206) with Microsoft SMTP Server id 14.3.439.0; Tue, 11 Feb 2020 14:51:11 +0800 Subject: Re: [PATCH 2/2] jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer To: Jan Kara CC: , , , References: <20200203140458.37397-1-yi.zhang@huawei.com> <20200203140458.37397-3-yi.zhang@huawei.com> <20200206114647.GB3994@quack2.suse.cz> From: "zhangyi (F)" Message-ID: Date: Tue, 11 Feb 2020 14:51:10 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.3.0 MIME-Version: 1.0 In-Reply-To: <20200206114647.GB3994@quack2.suse.cz> Content-Type: text/plain; charset="utf-8" Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [10.173.220.179] X-CFilter-Loop: Reflected Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org On 2020/2/6 19:46, Jan Kara wrote: > On Mon 03-02-20 22:04:58, zhangyi (F) wrote: >> Commit 904cdbd41d74 ("jbd2: clear dirty flag when revoking a buffer from >> an older transaction") set the BH_Freed flag when forgetting a metadata >> buffer which belongs to the committing transaction, it indicate the >> committing process clear dirty bits when it is done with the buffer. But >> it also clear the BH_Mapped flag at the same time, which may trigger >> below NULL pointer oops when block_size < PAGE_SIZE. >> >> rmdir 1 kjournald2 mkdir 2 >> jbd2_journal_commit_transaction >> commit transaction N >> jbd2_journal_forget >> set_buffer_freed(bh1) >> jbd2_journal_commit_transaction >> commit transaction N+1 >> ... >> clear_buffer_mapped(bh1) >> ext4_getblk(bh2 ummapped) >> ... >> grow_dev_page >> init_page_buffers >> bh1->b_private=NULL >> bh2->b_private=NULL >> jbd2_journal_put_journal_head(jh1) >> __journal_remove_journal_head(hb1) >> jh1 is NULL and trigger oops >> >> *) Dir entry block bh1 and bh2 belongs to one page, and the bh2 has >> already been unmapped. >> >> For the metadata buffer we forgetting, clear the dirty flags is enough, >> so this patch add BH_Unmap flag for the journal_unmap_buffer() case and >> keep the mapped flag for the metadata buffer. >> >> Fixes: 904cdbd41d74 ("jbd2: clear dirty flag when revoking a buffer from an older transaction") >> Signed-off-by: zhangyi (F) [..] > > Also rather than introducing this new buffer_unmap bit, I'd use the fact > this special treatment is needed only for buffers coming from the block device > mapping. And we can check for that like: > > /* > * We can (and need to) unmap buffer only for normal mappings. > * Block device buffers need to stay mapped all the time. > * We need to be careful about the check because the page > * mapping can get cleared under our hands. > */ > mapping = READ_ONCE(bh->b_page->mapping); > if (mapping && !sb_is_blkdev_sb(mapping->host->i_sb)) { > ... > } Think about it again, it may missing clearing of mapped flag if 'mapping' of journalled data page was cleared, and finally trigger exception if we reuse the buffer again. So I think it should be: if (!(mapping && sb_is_blkdev_sb(mapping->host->i_sb))) { ... } Thanks, Yi.