linux/fs/btrfs
Liu Bo 2571e73967 Btrfs: fix memory leak in reading btree blocks
So we can read a btree block via readahead or intentional read,
and we can end up with a memory leak when something happens as
follows,
1) readahead starts to read block A but does not wait for read
   completion,
2) btree_readpage_end_io_hook finds that block A is corrupted,
   and it needs to clear all block A's pages' uptodate bit.
3) meanwhile an intentional read kicks in and checks block A's
   pages' uptodate to decide which page needs to be read.
4) when some pages have the uptodate bit during 3)'s check so
   3) doesn't count them for eb->io_pages, but they are later
   cleared by 2) so we has to readpage on the page, we get
   the wrong eb->io_pages which results in a memory leak of
   this block.

This fixes the problem by firstly getting all pages's locking and
then checking pages' uptodate bit.

   t1(readahead)                              t2(readahead endio)                                       t3(the following read)
read_extent_buffer_pages                    end_bio_extent_readpage
  for pg in eb:                                for page 0,1,2 in eb:
      if pg is uptodate:                           btree_readpage_end_io_hook(pg)
          num_reads++                              if uptodate:
  eb->io_pages = num_reads                             SetPageUptodate(pg)              _______________
  for pg in eb:                                for page 3 in eb:                                     read_extent_buffer_pages
       if pg is NOT uptodate:                      btree_readpage_end_io_hook(pg)                       for pg in eb:
           __extent_read_full_page(pg)                 sanity check reports something wrong                 if pg is uptodate:
                                                       clear_extent_buffer_uptodate(eb)                         num_reads++
                                                           for pg in eb:                                eb->io_pages = num_reads
                                                               ClearPageUptodate(page)  _______________
                                                                                                        for pg in eb:
                                                                                                            if pg is NOT uptodate:
                                                                                                                __extent_read_full_page(pg)

So t3's eb->io_pages is not consistent with the number of pages it's reading,
and during endio(), atomic_dec_and_test(&eb->io_pages) will get a negative
number so that we're not able to free the eb.

Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2016-09-26 17:59:49 +02:00
..
tests btrfs: tests, require fs_info for root 2016-07-26 13:53:18 +02:00
acl.c btrfs: Replace -ENOENT by -ERANGE in btrfs_get_acl() 2016-07-26 13:52:25 +02:00
async-thread.c btrfs: plumb fs_info into btrfs_work 2016-07-26 13:53:15 +02:00
async-thread.h btrfs: plumb fs_info into btrfs_work 2016-07-26 13:53:15 +02:00
backref.c btrfs: fix check_shared for fiemap ioctl 2016-09-26 17:59:49 +02:00
backref.h
btrfs_inode.h Merge branch 'cleanups-4.7' into for-chris-4.7-20160525 2016-05-25 22:51:03 +02:00
check-integrity.c block: rename bio bi_rw to bi_opf 2016-08-07 14:41:02 -06:00
check-integrity.h fs: have submit_bh users pass in op and flags separately 2016-06-07 13:41:38 -06:00
compression.c Merge branch 'for-linus-4.8' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs 2016-08-04 19:56:16 -04:00
compression.h btrfs: move btrfs_compression_type to compression.h 2016-03-11 17:12:46 +01:00
ctree.c btrfs: btrfs_abort_transaction, drop root parameter 2016-07-26 13:54:26 +02:00
ctree.h Merge branch 'for-linus-4.8' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs 2016-09-09 12:52:31 -07:00
dedupe.h btrfs: expand cow_file_range() to support in-band dedup and subpage-blocksize 2016-07-26 13:52:25 +02:00
delayed-inode.c btrfs: btrfs_abort_transaction, drop root parameter 2016-07-26 13:54:26 +02:00
delayed-inode.h Btrfs: fix ->iterate_shared() by upgrading i_rwsem for delayed nodes 2016-06-25 06:20:10 -07:00
delayed-ref.c btrfs: qgroup: Refactor btrfs_qgroup_insert_dirty_extent() 2016-08-25 03:58:21 -07:00
delayed-ref.h Btrfs: remove unused function btrfs_add_delayed_qgroup_reserve() 2016-08-03 11:02:51 +01:00
dev-replace.c btrfs: btrfs_test_opt and friends should take a btrfs_fs_info 2016-07-26 13:53:16 +02:00
dev-replace.h btrfs: refactor btrfs_dev_replace_start for reuse 2016-04-28 10:59:13 +02:00
dir-item.c
disk-io.c Btrfs: fix memory leak of block group cache 2016-09-26 17:59:49 +02:00
disk-io.h Btrfs: fix memory leak of block group cache 2016-09-26 17:59:49 +02:00
export.c BTRFS: support NFSv2 export 2015-10-06 06:55:23 -07:00
export.h
extent_io.c Btrfs: fix memory leak in reading btree blocks 2016-09-26 17:59:49 +02:00
extent_io.h Merge branch 'for-linus-4.8' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs 2016-08-26 20:22:01 -07:00
extent_map.c btrfs: Fix slab accounting flags 2016-07-26 13:52:25 +02:00
extent_map.h btrfs: cleanup, stop casting for extent_map->lookup everywhere 2016-01-15 19:22:28 +01:00
extent-tree.c Btrfs: fix memory leak of block group cache 2016-09-26 17:59:49 +02:00
file-item.c Btrfs: fix __MAX_CSUM_ITEMS 2016-08-03 14:08:37 -07:00
file.c Btrfs: fix lockdep warning on deadlock against an inode's log mutex 2016-08-25 03:58:32 -07:00
free-space-cache.c btrfs: btrfs_abort_transaction, drop root parameter 2016-07-26 13:54:26 +02:00
free-space-cache.h btrfs: fix string and comment grammatical issues and typos 2016-05-25 22:35:14 +02:00
free-space-tree.c btrfs: btrfs_abort_transaction, drop root parameter 2016-07-26 13:54:26 +02:00
free-space-tree.h Btrfs: implement the free space B-tree 2015-12-17 12:16:47 -08:00
hash.c btrfs: advertise which crc32c implementation is being used at module load 2016-06-06 14:08:28 +02:00
hash.h btrfs: advertise which crc32c implementation is being used at module load 2016-06-06 14:08:28 +02:00
inode-item.c btrfs: rename btrfs_std_error to btrfs_handle_fs_error 2016-04-28 10:36:54 +02:00
inode-map.c btrfs: update btrfs_space_info's bytes_may_use timely 2016-08-25 03:58:26 -07:00
inode-map.h Btrfs: Initialize btrfs_root->highest_objectid when loading tree root and subvolume roots 2016-01-15 19:25:02 +01:00
inode.c Merge branch 'for-linus-4.8' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs 2016-08-26 20:22:01 -07:00
ioctl.c btrfs: ensure that file descriptor used with subvol ioctls is a dir 2016-09-21 17:22:16 -07:00
Kconfig
locking.c btrfs: cleanup, remove stray return statements 2016-01-07 14:30:52 +01:00
locking.h
lzo.c mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros 2016-04-04 10:41:08 -07:00
Makefile Btrfs: add free space tree sanity tests 2015-12-17 12:16:47 -08:00
math.h
ordered-data.c btrfs: Fix slab accounting flags 2016-07-26 13:52:25 +02:00
ordered-data.h Btrfs: fix race setting block group readonly during device replace 2016-05-30 12:58:21 +01:00
orphan.c
print-tree.c btrfs: teach print_leaf about temporary item subtypes 2016-02-11 16:15:43 +01:00
print-tree.h
props.c btrfs: simpilify btrfs_subvol_inherit_props 2016-07-26 13:54:22 +02:00
props.h
qgroup.c btrfs: qgroup: Refactor btrfs_qgroup_insert_dirty_extent() 2016-08-25 03:58:21 -07:00
qgroup.h btrfs: qgroup: Refactor btrfs_qgroup_insert_dirty_extent() 2016-08-25 03:58:21 -07:00
raid56.c Btrfs: remove BUG() in raid56 2016-09-26 17:59:49 +02:00
raid56.h Btrfs: add RAID 5/6 BTRFS_RBIO_REBUILD_MISSING operation 2015-08-09 07:34:26 -07:00
rcu-string.h
reada.c Btrfs: fix race between readahead and device replace/removal 2016-05-30 12:58:18 +01:00
relocation.c Btrfs: fix endless loop in balancing block groups 2016-09-01 17:16:47 +02:00
root-tree.c btrfs: don't create or leak aliased root while cleaning up orphans 2016-08-25 03:58:29 -07:00
scrub.c Merge branch 'for-linus-4.8' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs 2016-08-04 19:56:16 -04:00
send.c Btrfs: kill invalid ASSERT() in process_all_refs() 2016-09-01 17:16:47 +02:00
send.h Btrfs: use linux/sizes.h to represent constants 2016-01-07 14:38:02 +01:00
struct-funcs.c btrfs: fix string and comment grammatical issues and typos 2016-05-25 22:35:14 +02:00
super.c btrfs: fix fsfreeze hang caused by delayed iputs deal 2016-08-25 03:58:26 -07:00
sysfs.c btrfs: create example debugfs file only in debugging build 2016-09-26 17:59:49 +02:00
sysfs.h btrfs: sysfs: introduce helper for syncing bits with sysfs files 2016-01-21 18:50:40 +01:00
transaction.c btrfs: fix fsfreeze hang caused by delayed iputs deal 2016-08-25 03:58:26 -07:00
transaction.h btrfs: add btrfs_trans_handle->fs_info pointer 2016-07-26 13:54:26 +02:00
tree-defrag.c Btrfs: fix locking bugs when defragging leaves 2015-12-18 02:51:32 +00:00
tree-log.c Btrfs: remove root_log_ctx from ctx list before btrfs_sync_log returns 2016-09-06 05:57:25 -07:00
tree-log.h Btrfs: fix lockdep warning on deadlock against an inode's log mutex 2016-08-25 03:58:32 -07:00
ulist.c btrfs: fix string and comment grammatical issues and typos 2016-05-25 22:35:14 +02:00
ulist.h
uuid-tree.c
volumes.c Merge branch 'for-linus-4.8' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs 2016-08-26 20:22:01 -07:00
volumes.h btrfs: use bio fields for op and flags 2016-06-07 13:41:38 -06:00
xattr.c switch xattr_handler->set() to passing dentry and inode separately 2016-05-27 15:39:43 -04:00
xattr.h btrfs: Switch to generic xattr handlers 2016-05-17 19:17:09 -04:00
zlib.c mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros 2016-04-04 10:41:08 -07:00