Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp4695863ybv; Mon, 17 Feb 2020 04:11:42 -0800 (PST) X-Google-Smtp-Source: APXvYqxsq1L5bR2U2V+x9sXRWkLdTOSHCx2Kg5vf8mST4Gq/9MADk77XUA20L1SvovZCRp00CS0G X-Received: by 2002:a05:6808:8d5:: with SMTP id k21mr9913909oij.121.1581941501943; Mon, 17 Feb 2020 04:11:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581941501; cv=none; d=google.com; s=arc-20160816; b=BzFtn1IcN7soL/Ilk9gxJY0CDA0FBOmKUxpniFpgAQaAEGllXjwb8XlInERSZEw34q Rx5M8Ww7V6NmOmi/+QdKlHqG9W5jtvNn0E1VbUwVIXdeH36dorZWc3JvLakdVgbhjTT8 2mWVT4Kxv9bbvC/4EfF1Wh5YJiTwf+R//NcdIcmLSWmIqJ2hOF2fezleEZBfMJtMbSfL 9UfmZCWAPz2SODXVGGA4UniNQBAij8v5OsMXNwMYoYiBfNvPjbPHpoI2bQDGpUiWdmZh 8PAbwy66XMcoVqAe8tARHe7W1yCjT7VaFUlcvSR/stTe8qh3IuFP+qhXu2psPG4YIF1x TMxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=Ytho7uund9mag1l39qKXMODssQ7o2r5MitFmpNTA2SU=; b=p6mp1/J70uiJkpGEY4F+taVwYFck2/9v+0zY0U/1xcWhetsY9nlykYRRVWHMSszUUR Cgpm/t6w7fgFZKHjHfuP2/bSaTtbWARKeCB8gFaD9Do831MWSg7hxdN0J2y7pwMFQFZc 4Uw8HBWvsPZfnPwysBSvlqwcfaNFVBCcZKOC8gLKbk3nGLKpZw5BLRRSqzD5vX41w2O7 RYRXtx6ohZl0yNvDgbRNQeqEL0gacYMbTmU4Id25BR+hwkTIWayg9qC/u3AWuRIbTnis 8+S60L+k7zIC7BCHuR0uJq5+1NaxhK0ZtrEprY6oHAxC07/xmce6GSece1zMOkd9cXTB yP9w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z10si6174126oic.77.2020.02.17.04.11.18; Mon, 17 Feb 2020 04:11:41 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726801AbgBQKig (ORCPT + 99 others); Mon, 17 Feb 2020 05:38:36 -0500 Received: from szxga05-in.huawei.com ([45.249.212.191]:10189 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726403AbgBQKig (ORCPT ); Mon, 17 Feb 2020 05:38:36 -0500 Received: from DGGEMS405-HUB.china.huawei.com (unknown [172.30.72.58]) by Forcepoint Email with ESMTP id 2AC7FB4A5E0F0F75618B; Mon, 17 Feb 2020 18:38:33 +0800 (CST) Received: from [127.0.0.1] (10.173.220.179) by DGGEMS405-HUB.china.huawei.com (10.3.19.205) with Microsoft SMTP Server id 14.3.439.0; Mon, 17 Feb 2020 18:38:23 +0800 Subject: Re: [PATCH v3 2/2] jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer To: Jan Kara CC: , , , References: <20200213063821.30455-1-yi.zhang@huawei.com> <20200213063821.30455-3-yi.zhang@huawei.com> <20200217093645.GC12032@quack2.suse.cz> From: "zhangyi (F)" Message-ID: Date: Mon, 17 Feb 2020 18:38:23 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.3.0 MIME-Version: 1.0 In-Reply-To: <20200217093645.GC12032@quack2.suse.cz> Content-Type: text/plain; charset="utf-8" Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [10.173.220.179] X-CFilter-Loop: Reflected Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org Hi, On 2020/2/17 17:36, Jan Kara wrote: > On Thu 13-02-20 14:38:21, zhangyi (F) wrote: >> Commit 904cdbd41d74 ("jbd2: clear dirty flag when revoking a buffer from >> an older transaction") set the BH_Freed flag when forgetting a metadata >> buffer which belongs to the committing transaction, it indicate the >> committing process clear dirty bits when it is done with the buffer. But >> it also clear the BH_Mapped flag at the same time, which may trigger >> below NULL pointer oops when block_size < PAGE_SIZE. >> >> rmdir 1 kjournald2 mkdir 2 >> jbd2_journal_commit_transaction >> commit transaction N >> jbd2_journal_forget >> set_buffer_freed(bh1) >> jbd2_journal_commit_transaction >> commit transaction N+1 >> ... >> clear_buffer_mapped(bh1) >> ext4_getblk(bh2 ummapped) >> ... >> grow_dev_page >> init_page_buffers >> bh1->b_private=NULL >> bh2->b_private=NULL >> jbd2_journal_put_journal_head(jh1) >> __journal_remove_journal_head(hb1) >> jh1 is NULL and trigger oops >> >> *) Dir entry block bh1 and bh2 belongs to one page, and the bh2 has >> already been unmapped. >> >> For the metadata buffer we forgetting, we should always keep the mapped >> flag and clear the dirty flags is enough, so this patch pick out the >> these buffers and keep their BH_Mapped flag. >> >> Fixes: 904cdbd41d74 ("jbd2: clear dirty flag when revoking a buffer from an older transaction") >> Signed-off-by: zhangyi (F) >> --- >> fs/jbd2/commit.c | 25 +++++++++++++++++++++---- >> 1 file changed, 21 insertions(+), 4 deletions(-) > > Thanks! The patch looks good. I have just some comment reformulation > suggestion below, otherwise feel free to add: > > Reviewed-by: Jan Kara > >> diff --git a/fs/jbd2/commit.c b/fs/jbd2/commit.c >> index 6396fe70085b..27373f5792a4 100644 >> --- a/fs/jbd2/commit.c >> +++ b/fs/jbd2/commit.c >> @@ -985,12 +985,29 @@ void jbd2_journal_commit_transaction(journal_t *journal) >> * pagesize and it is attached to the last partial page. >> */ >> if (buffer_freed(bh) && !jh->b_next_transaction) { >> + struct address_space *mapping; >> + >> clear_buffer_freed(bh); >> clear_buffer_jbddirty(bh); >> - clear_buffer_mapped(bh); >> - clear_buffer_new(bh); >> - clear_buffer_req(bh); >> - bh->b_bdev = NULL; >> + >> + /* >> + * Block device buffers need to stay mapped all the >> + * time, so it is enough to clear buffer_jbddirty and >> + * buffer_freed bits. For the file mapping buffers (i.e. >> + * journalled data) we need to unmap buffer and clear >> + * more bits. We also need to be careful about the check >> + * because the data page mapping can get cleared under >> + * out hands, which alse need not to clear more bits > ^^^ our ^^^^ Maybe I'd rephrase this like: > > ... under our hands. Note that if mapping == NULL, we don't need to make > buffer unmapped because the page is already detached from the mapping and > buffers cannot get reused. > Thanks for your suggestion, Ted has already pushed this patch to upstream, I could write an appending patch to fix this. Thanks, Yi.