linux

History

Qu Wenruo 3670e6451b btrfs: subpage: check if there are compressed extents inside one page [BUG] When testing experimental subpage compressed write support, it hits a NULL pointer dereference inside read path: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018 pc : __pi_memcmp+0x28/0x1ec lr : check_data_csum+0xd0/0x274 [btrfs] Call trace: __pi_memcmp+0x28/0x1ec btrfs_verify_data_csum+0xf4/0x244 [btrfs] end_bio_extent_readpage+0x1d0/0x6b0 [btrfs] bio_endio+0x15c/0x1dc end_workqueue_fn+0x44/0x64 [btrfs] btrfs_work_helper+0x74/0x250 [btrfs] process_one_work+0x1d4/0x47c worker_thread+0x180/0x400 kthread+0x11c/0x120 ret_from_fork+0x10/0x30 Code: 54000261 d100044c d343fd8c f8408403 (f8408424) ---[ end trace 9e2c59f33ea40866 ]--- [CAUSE] When reading two compressed extents inside the same page, like the following layout, we trigger above crash: 0 32K 64K \|-------\|\\\\\\\\| \| \- Compressed extent (A) \--------- Compressed extent (B) For compressed read, we don't need to populate its io_bio->csum, as we rely on compressed_bio->csum to verify the compressed data, and then copy the decompressed to inode pages. Normally btrfs_verify_data_csum() skip such page by checking and clearing its PageChecked flag But since that flag is still for the full page, when endio for inode page range [0, 32K) gets executed, it clears PageChecked flag for the full page. Then when endio for inode page range [32K, 64K) gets executed, since the page no longer has PageChecked flag, it just continues checking, even though io_bio->csum is NULL. [FIX] Thankfully there are only two users of PageChecked bit: - Cow fixup Since subpage has its own way to trace page dirty (dirty_bitmap) and ordered bit (ordered_bitmap), it should never trigger cow fixup. - Compressed read We can distinguish such read by just checking io_bio->csum. So just check io_bio->csum before doing the verification to avoid such NULL pointer dereference. Signed-off-by: Qu Wenruo <wqu@suse.com> Signed-off-by: David Sterba <dsterba@suse.com>		2021-08-23 13:19:03 +02:00
..
tests	btrfs: remove ignore_offset argument from btrfs_find_all_roots()	2021-08-23 13:19:01 +02:00
acl.c	fs: make helpers idmap mount aware	2021-01-24 14:27:20 +01:00
async-thread.c
async-thread.h
backref.c	btrfs: remove ignore_offset argument from btrfs_find_all_roots()	2021-08-23 13:19:01 +02:00
backref.h	btrfs: remove ignore_offset argument from btrfs_find_all_roots()	2021-08-23 13:19:01 +02:00
block-group.c	btrfs: rescue: allow ibadroots to skip bad extent tree when reading block group items	2021-08-23 13:19:00 +02:00
block-group.h	btrfs: rework chunk allocation to avoid exhaustion of the system chunk array	2021-07-07 17:42:41 +02:00
block-rsv.c	btrfs: introduce mount option rescue=ignorebadroots	2020-12-08 15:53:41 +01:00
block-rsv.h
btrfs_inode.h	btrfs: remove stale comment and logic from btrfs_inode_in_log()	2021-04-19 17:25:16 +02:00
check-integrity.c	btrfs: check-integrity: drop kmap/kunmap for block pages	2021-08-23 13:19:00 +02:00
check-integrity.h
compression.c	btrfs: compression: drop kmap/kunmap from generic helpers	2021-08-23 13:19:00 +02:00
compression.h	btrfs: optimize variables size in btrfs_submit_compressed_write	2021-06-21 15:19:07 +02:00
ctree.c	btrfs: make btrfs_next_leaf static inline	2021-08-23 13:19:02 +02:00
ctree.h	btrfs: make btrfs_next_leaf static inline	2021-08-23 13:19:02 +02:00
delalloc-space.c	btrfs: fix typos in comments	2021-06-22 14:11:57 +02:00
delalloc-space.h
delayed-inode.c	btrfs: stop doing GFP_KERNEL memory allocations in the ref verify tool	2021-08-23 13:19:00 +02:00
delayed-inode.h	btrfs: make btrfs_delayed_update_inode take btrfs_inode	2020-12-08 15:54:10 +01:00
delayed-ref.c	btrfs: fix lock inversion problem when doing qgroup extent tracing	2021-07-22 15:50:07 +02:00
delayed-ref.h	btrfs: only let one thread pre-flush delayed refs in commit	2021-02-08 22:58:56 +01:00
dev-replace.c	btrfs: fix typos in comments	2021-06-22 14:11:57 +02:00
dev-replace.h	btrfs: zoned: mark block groups to copy for device-replace	2021-02-09 02:46:07 +01:00
dir-item.c	btrfs: introduce btrfs_lookup_match_dir	2021-08-23 13:19:02 +02:00
discard.c	btrfs: fix typos in comments	2021-06-22 14:11:57 +02:00
discard.h	btrfs: cleanup btrfs_discard_update_discardable usage	2020-12-08 15:54:02 +01:00
disk-io.c	btrfs: calculate number of eb pages properly in csum_tree_block	2021-07-29 13:01:04 +02:00
disk-io.h	btrfs: split alloc_log_tree()	2021-02-09 02:46:07 +01:00
export.c	btrfs: locking: rip out path->leave_spinning	2020-12-08 15:54:02 +01:00
export.h
extent_io.c	btrfs: reset this_bio_flag to avoid inheriting old flags	2021-08-23 13:19:03 +02:00
extent_io.h	btrfs: rename PagePrivate2 to PageOrdered inside btrfs	2021-06-21 15:19:09 +02:00
extent_map.c	btrfs: fix parameter description of btrfs_add_extent_mapping	2021-02-08 22:58:53 +01:00
extent_map.h
extent-io-tree.h	btrfs: use fixed width int type for extent_state::state	2020-12-08 15:54:13 +01:00
extent-tree.c	btrfs: pass NULL as trans to btrfs_search_slot if we only want to search	2021-08-23 13:19:00 +02:00
file-item.c	btrfs: remove unneeded return variable in btrfs_lookup_file_extent	2021-08-23 13:19:01 +02:00
file.c	Merge branch 'work.iov_iter' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	2021-07-03 11:30:04 -07:00
free-space-cache.c	btrfs: don't set the full sync flag when truncation does not touch extents	2021-06-21 15:19:05 +02:00
free-space-cache.h	btrfs: zoned: track unusable bytes for zones	2021-02-09 02:46:03 +01:00
free-space-tree.c	btrfs: fix possible free space tree corruption with online conversion	2021-01-25 18:44:37 +01:00
free-space-tree.h
inode-item.c	btrfs: locking: rip out path->leave_spinning	2020-12-08 15:54:02 +01:00
inode.c	btrfs: subpage: check if there are compressed extents inside one page	2021-08-23 13:19:03 +02:00
ioctl.c	btrfs: fix typos in comments	2021-06-22 14:11:57 +02:00
Kconfig	btrfs: disable build on platforms having page size 256K	2021-06-22 14:11:57 +02:00
locking.c	btrfs: fix typos in comments	2021-06-22 14:11:57 +02:00
locking.h	btrfs: remove the recurse parameter from __btrfs_tree_read_lock	2020-12-08 15:54:09 +01:00
lzo.c	btrfs: compression: drop kmap/kunmap from lzo	2021-08-23 13:18:59 +02:00
Makefile	btrfs: move the tree mod log code into its own file	2021-04-19 17:25:16 +02:00
misc.h
ordered-data.c	btrfs: remove uptodate parameter from btrfs_dec_test_first_ordered_pending	2021-08-23 13:19:02 +02:00
ordered-data.h	btrfs: remove uptodate parameter from btrfs_dec_test_first_ordered_pending	2021-08-23 13:19:02 +02:00
orphan.c
print-tree.c	btrfs: print the actual offset in btrfs_root_name	2021-01-07 17:25:05 +01:00
print-tree.h	btrfs: print the actual offset in btrfs_root_name	2021-01-07 17:25:05 +01:00
props.c	btrfs: props: change how empty value is interpreted	2021-06-22 14:11:58 +02:00
props.h
qgroup.c	btrfs: remove ignore_offset argument from btrfs_find_all_roots()	2021-08-23 13:19:01 +02:00
qgroup.h	btrfs: fix lock inversion problem when doing qgroup extent tracing	2021-07-22 15:50:07 +02:00
raid56.c	btrfs: constify and cleanup variables in comparators	2021-08-23 13:19:03 +02:00
raid56.h
rcu-string.h
reada.c	btrfs: subpage: make readahead work properly	2021-03-16 11:06:21 +01:00
ref-verify.c	btrfs: stop doing GFP_KERNEL memory allocations in the ref verify tool	2021-08-23 13:19:00 +02:00
ref-verify.h
reflink.c	btrfs: reflink: make copy_inline_to_page() to be subpage compatible	2021-06-21 15:19:10 +02:00
reflink.h
relocation.c	btrfs: ensure relocation never runs while we have send operations running	2021-06-22 14:11:58 +02:00
root-tree.c	btrfs: qgroup: fix qgroup meta rsv leak for subvolume operations	2020-10-07 12:12:13 +02:00
scrub.c	btrfs: fix typos in comments	2021-06-22 14:11:57 +02:00
send.c	btrfs: constify and cleanup variables in comparators	2021-08-23 13:19:03 +02:00
send.h	btrfs: send: avoid copying file data	2020-10-07 12:13:17 +02:00
space-info.c	btrfs: rip out btrfs_space_info::total_bytes_pinned	2021-06-22 14:55:25 +02:00
space-info.h	btrfs: rip out btrfs_space_info::total_bytes_pinned	2021-06-22 14:55:25 +02:00
struct-funcs.c	btrfs: add special case to setget helpers for 64k pages	2021-08-23 13:18:58 +02:00
subpage.c	btrfs: subpage: fix a rare race between metadata endio and eb freeing	2021-06-21 15:19:10 +02:00
subpage.h	btrfs: subpage: fix a rare race between metadata endio and eb freeing	2021-06-21 15:19:10 +02:00
super.c	btrfs: constify and cleanup variables in comparators	2021-08-23 13:19:03 +02:00
sysfs.c	btrfs: rip out btrfs_space_info::total_bytes_pinned	2021-06-22 14:55:25 +02:00
sysfs.h	btrfs: split and refactor btrfs_sysfs_remove_devices_dir	2020-10-07 12:12:21 +02:00
transaction.c	btrfs: rework chunk allocation to avoid exhaustion of the system chunk array	2021-07-07 17:42:41 +02:00
transaction.h	btrfs: rework chunk allocation to avoid exhaustion of the system chunk array	2021-07-07 17:42:41 +02:00
tree-checker.c	btrfs: tree-checker: add missing stripe checks for raid1c3/4 profiles	2021-08-23 13:19:03 +02:00
tree-checker.h
tree-defrag.c	btrfs: locking: remove all the blocking helpers	2020-12-08 15:54:01 +01:00
tree-log.c	btrfs: constify and cleanup variables in comparators	2021-08-23 13:19:03 +02:00
tree-log.h
tree-mod-log.c	btrfs: fix race when picking most recent mod log operation for an old root	2021-04-20 19:27:17 +02:00
tree-mod-log.h	btrfs: add and use helper to get lowest sequence number for the tree mod log	2021-04-19 17:25:17 +02:00
ulist.c
ulist.h
uuid-tree.c	btrfs: remove unnecessary casts in printk	2020-12-08 15:53:52 +01:00
volumes.c	btrfs: constify and cleanup variables in comparators	2021-08-23 13:19:03 +02:00
volumes.h	btrfs: uninline btrfs_bg_flags_to_raid_index	2021-08-23 13:19:03 +02:00
xattr.c	for-5.12-rc1-tag	2021-03-05 12:21:14 -08:00
xattr.h
zlib.c	btrfs: compression: drop kmap/kunmap from zlib	2021-08-23 13:18:59 +02:00
zoned.c	btrfs: use btrfs_next_leaf instead of btrfs_next_item when slots > nritems	2021-08-23 13:19:01 +02:00
zoned.h	btrfs: zoned: remove max_zone_append_size logic	2021-08-23 13:18:58 +02:00
zstd.c	btrfs: compression: drop kmap/kunmap from zstd	2021-08-23 13:18:59 +02:00