| Message ID | 1547435747-20013-1-git-send-email-robbieko@synology.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve | expand |
Hi All, Can someone help review the patch ? Thanks. robbieko 於 2019-01-14 11:15 寫到: > From: Robbie Ko <robbieko@synology.com> > > When doing fallocate, we first add the range to the reserve_list > and then reserve the qutoa. > If quota reservation fails, we'll release all reserved parts of > reserve_list. > However, cur_offset doen't update to indicate that this range is > already been inserted into the list. > Therefore, the same range is freed twice. > One at list_for_each_entry loop, and the other at the end of the > function. > This will result in WARN_ON on bytes_may_use when we free the > remaining space. > > Fixes: ("btrfs: update btrfs_space_info's bytes_may_use timely") > Signed-off-by: Robbie Ko <robbieko@synology.com> > --- > fs/btrfs/file.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c > index d38dc8c..43c6c8a 100644 > --- a/fs/btrfs/file.c > +++ b/fs/btrfs/file.c > @@ -3132,6 +3132,7 @@ static long btrfs_fallocate(struct file *file, > int mode, > ret = btrfs_qgroup_reserve_data(inode, &data_reserved, > cur_offset, last_byte - cur_offset); > if (ret < 0) { > + cur_offset = last_byte; > free_extent_map(em); > break; > }
On Mon, Jan 14, 2019 at 3:26 AM robbieko <robbieko@synology.com> wrote: > > From: Robbie Ko <robbieko@synology.com> > > When doing fallocate, we first add the range to the reserve_list > and then reserve the qutoa. qutoa -> quota > If quota reservation fails, we'll release all reserved parts of > reserve_list. > However, cur_offset doen't update to indicate that this range is "doen't update" -> is not updated to indicate ... > already been inserted into the list. > Therefore, the same range is freed twice. > One at list_for_each_entry loop, and the other at the end of the One -> once and the other at -> and once at > function. > This will result in WARN_ON on bytes_may_use when we free the > remaining space. > > Fixes: ("btrfs: update btrfs_space_info's bytes_may_use timely") Missing commit id. > Signed-off-by: Robbie Ko <robbieko@synology.com> > --- > fs/btrfs/file.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c > index d38dc8c..43c6c8a 100644 > --- a/fs/btrfs/file.c > +++ b/fs/btrfs/file.c > @@ -3132,6 +3132,7 @@ static long btrfs_fallocate(struct file *file, int mode, > ret = btrfs_qgroup_reserve_data(inode, &data_reserved, > cur_offset, last_byte - cur_offset); > if (ret < 0) { > + cur_offset = last_byte; This will fix the problem if there's only one range, or we happen to be very lucky and cur_offset matches exactly the middle of the entire range passed to fallocate() (in case the range covers a sparse region of the file, a region with holes and extents). At the end, under the 'out' label we have a call to: btrfs_free_reserved_data_space(inode, data_reserved, alloc_start, alloc_end - cur_offset); That doesn't fell right - the start offset, third argument, should be cur_offset. Everything from alloc_start to cur_offset was freed by the list_for_each_entry_safe_loop. > free_extent_map(em); > break; > } > -- > 1.9.1 >
Filipe Manana 於 2019-03-25 19:14 寫到: > On Mon, Jan 14, 2019 at 3:26 AM robbieko <robbieko@synology.com> wrote: >> >> From: Robbie Ko <robbieko@synology.com> >> >> When doing fallocate, we first add the range to the reserve_list >> and then reserve the qutoa. > > qutoa -> quota > >> If quota reservation fails, we'll release all reserved parts of >> reserve_list. >> However, cur_offset doen't update to indicate that this range is > > "doen't update" -> is not updated to indicate ... > >> already been inserted into the list. >> Therefore, the same range is freed twice. >> One at list_for_each_entry loop, and the other at the end of the > > One -> once > and the other at -> and once at > >> function. >> This will result in WARN_ON on bytes_may_use when we free the >> remaining space. >> >> Fixes: ("btrfs: update btrfs_space_info's bytes_may_use timely") > > Missing commit id. > >> Signed-off-by: Robbie Ko <robbieko@synology.com> >> --- >> fs/btrfs/file.c | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c >> index d38dc8c..43c6c8a 100644 >> --- a/fs/btrfs/file.c >> +++ b/fs/btrfs/file.c >> @@ -3132,6 +3132,7 @@ static long btrfs_fallocate(struct file *file, >> int mode, >> ret = btrfs_qgroup_reserve_data(inode, >> &data_reserved, >> cur_offset, last_byte - >> cur_offset); >> if (ret < 0) { >> + cur_offset = last_byte; > > This will fix the problem if there's only one range, or we happen to > be very lucky and cur_offset > matches exactly the middle of the entire range passed to fallocate() > (in case the range covers > a sparse region of the file, a region with holes and extents). > > At the end, under the 'out' label we have a call to: > > btrfs_free_reserved_data_space(inode, data_reserved, alloc_start, > alloc_end - cur_offset); > > That doesn't fell right - the start offset, third argument, should be > cur_offset. Everything from > alloc_start to cur_offset was freed by the > list_for_each_entry_safe_loop. Ok, I will send patch v2. Thank you. > > > > > >> free_extent_map(em); >> break; >> } >> -- >> 1.9.1 >>
diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c index d38dc8c..43c6c8a 100644 --- a/fs/btrfs/file.c +++ b/fs/btrfs/file.c @@ -3132,6 +3132,7 @@ static long btrfs_fallocate(struct file *file, int mode, ret = btrfs_qgroup_reserve_data(inode, &data_reserved, cur_offset, last_byte - cur_offset); if (ret < 0) { + cur_offset = last_byte; free_extent_map(em); break; }