Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp5478144ybv; Mon, 17 Feb 2020 21:18:35 -0800 (PST) X-Google-Smtp-Source: APXvYqwJiPhRnFC+mgMXOukA4F24dfW4do7f63WatPxV/EblaMJpwlfVo9m0ZX/h0XNeE/ADvAXE X-Received: by 2002:a05:6830:18f1:: with SMTP id d17mr14499289otf.303.1582003115299; Mon, 17 Feb 2020 21:18:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582003115; cv=none; d=google.com; s=arc-20160816; b=n/KxF8HUqq7ADB4L4i5h4ixw1ktadEVA14eunCQ+QFma0cnoyMTMWJMwKyu7nZ/Uyq rvSVtaarNtfqONH/ogEHXApXhHhGx5BAKb8QUVLU5psedUo2iVBxAjPUvuIjgyehn9xJ EpWJFzAXNKUDk9OE2TvcSA1PwRdDF9k012gFj7LDb6ApIOECNJkPrzDlmbdycaO2I2Fc rrdhKrgXJZ9DaWUu+Y/stAFqohTk934ruNO6+N9LW/0et7yxK4VMmxHpsMRYm+NNAeCd jlYLE64SGw8SAhuYJIuNmD/Smmjiqw9ozVltnKeuaiESaLBp06OBlFnf4qFKX5BuQNNP InvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date:from :references:cc:to:subject; bh=BPEXtZ9sVZrQSCyziDef/EDNf1yh3hDzYzeLViHQzqc=; b=saALU9TISOll+BCUVZ2wgkH0IrrgwavGINqYEFs+98wpRfQa80pWadvJgHOFqMNCww Khbc/cr87yCyr8MJuWdoYbuBLUQyzZWAuVVi1TO8s/U+dWyLVqOOf+LULoIRdIUfxrhK t6iwrOpGW934YUbiBjJwB/CPOABTy9etxbdVRQxZVzznj/yF6NUpR4PsJOa3LqaCpuuO SfN3I4PajFiKm/r6A5xEjQB//AYu7I6Cizb/8chW63O2U9Jglxf5uIHI6DK+rCz5LbNj NPRhN28tfD6eDaH8xv38ADn4Ir3v7fsj+kR24lI16zQf25YucP3JtAhNaAGACJCqVj8a NXcA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g17si1263939otr.261.2020.02.17.21.18.23; Mon, 17 Feb 2020 21:18:35 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725909AbgBRFSX (ORCPT + 99 others); Tue, 18 Feb 2020 00:18:23 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:59764 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725878AbgBRFSW (ORCPT ); Tue, 18 Feb 2020 00:18:22 -0500 Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 01I5Duqh111398 for ; Tue, 18 Feb 2020 00:18:22 -0500 Received: from e06smtp07.uk.ibm.com (e06smtp07.uk.ibm.com [195.75.94.103]) by mx0a-001b2d01.pphosted.com with ESMTP id 2y6cu2hx15-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 18 Feb 2020 00:18:21 -0500 Received: from localhost by e06smtp07.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 18 Feb 2020 05:18:19 -0000 Received: from b06cxnps4074.portsmouth.uk.ibm.com (9.149.109.196) by e06smtp07.uk.ibm.com (192.168.101.137) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Tue, 18 Feb 2020 05:18:16 -0000 Received: from d06av21.portsmouth.uk.ibm.com (d06av21.portsmouth.uk.ibm.com [9.149.105.232]) by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 01I5IF6N14745616 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 18 Feb 2020 05:18:16 GMT Received: from d06av21.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D861352050; Tue, 18 Feb 2020 05:18:15 +0000 (GMT) Received: from [9.199.158.131] (unknown [9.199.158.131]) by d06av21.portsmouth.uk.ibm.com (Postfix) with ESMTP id 854505204E; Tue, 18 Feb 2020 05:18:14 +0000 (GMT) Subject: Re: [PATCH v3 2/2] jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer To: "zhangyi (F)" , jack@suse.cz, tytso@mit.edu Cc: linux-ext4@vger.kernel.org, luoshijie1@huawei.com, zhangxiaoxu5@huawei.com References: <20200213063821.30455-1-yi.zhang@huawei.com> <20200213063821.30455-3-yi.zhang@huawei.com> From: Ritesh Harjani Date: Tue, 18 Feb 2020 10:48:13 +0530 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2 MIME-Version: 1.0 In-Reply-To: <20200213063821.30455-3-yi.zhang@huawei.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 x-cbid: 20021805-0028-0000-0000-000003DBF9A6 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 20021805-0029-0000-0000-000024A1015B Message-Id: <20200218051814.854505204E@d06av21.portsmouth.uk.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138,18.0.572 definitions=2020-02-17_14:2020-02-17,2020-02-17 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 mlxscore=0 suspectscore=0 bulkscore=0 spamscore=0 lowpriorityscore=0 impostorscore=0 adultscore=0 clxscore=1015 mlxlogscore=999 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2001150001 definitions=main-2002180042 Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org On 2/13/20 12:08 PM, zhangyi (F) wrote: > Commit 904cdbd41d74 ("jbd2: clear dirty flag when revoking a buffer from > an older transaction") set the BH_Freed flag when forgetting a metadata > buffer which belongs to the committing transaction, it indicate the > committing process clear dirty bits when it is done with the buffer. But > it also clear the BH_Mapped flag at the same time, which may trigger > below NULL pointer oops when block_size < PAGE_SIZE. > > rmdir 1 kjournald2 mkdir 2 > jbd2_journal_commit_transaction > commit transaction N > jbd2_journal_forget > set_buffer_freed(bh1) > jbd2_journal_commit_transaction > commit transaction N+1 > ... > clear_buffer_mapped(bh1) > ext4_getblk(bh2 ummapped) > ... > grow_dev_page > init_page_buffers > bh1->b_private=NULL > bh2->b_private=NULL > jbd2_journal_put_journal_head(jh1) > __journal_remove_journal_head(hb1) > jh1 is NULL and trigger oops > > *) Dir entry block bh1 and bh2 belongs to one page, and the bh2 has > already been unmapped. > > For the metadata buffer we forgetting, we should always keep the mapped > flag and clear the dirty flags is enough, so this patch pick out the > these buffers and keep their BH_Mapped flag. > > Fixes: 904cdbd41d74 ("jbd2: clear dirty flag when revoking a buffer from an older transaction") > Signed-off-by: zhangyi (F) This should be a stable candidate I guess. -ritesh > --- > fs/jbd2/commit.c | 25 +++++++++++++++++++++---- > 1 file changed, 21 insertions(+), 4 deletions(-) > > diff --git a/fs/jbd2/commit.c b/fs/jbd2/commit.c > index 6396fe70085b..27373f5792a4 100644 > --- a/fs/jbd2/commit.c > +++ b/fs/jbd2/commit.c > @@ -985,12 +985,29 @@ void jbd2_journal_commit_transaction(journal_t *journal) > * pagesize and it is attached to the last partial page. > */ > if (buffer_freed(bh) && !jh->b_next_transaction) { > + struct address_space *mapping; > + > clear_buffer_freed(bh); > clear_buffer_jbddirty(bh); > - clear_buffer_mapped(bh); > - clear_buffer_new(bh); > - clear_buffer_req(bh); > - bh->b_bdev = NULL; > + > + /* > + * Block device buffers need to stay mapped all the > + * time, so it is enough to clear buffer_jbddirty and > + * buffer_freed bits. For the file mapping buffers (i.e. > + * journalled data) we need to unmap buffer and clear > + * more bits. We also need to be careful about the check > + * because the data page mapping can get cleared under > + * out hands, which alse need not to clear more bits > + * because the page and buffers will be freed and can > + * never be reused once we are done with them. > + */ > + mapping = READ_ONCE(bh->b_page->mapping); > + if (mapping && !sb_is_blkdev_sb(mapping->host->i_sb)) { > + clear_buffer_mapped(bh); > + clear_buffer_new(bh); > + clear_buffer_req(bh); > + bh->b_bdev = NULL; > + } > } > > if (buffer_jbddirty(bh)) { >