linux/fs
Liu Bo 385fe0bede Btrfs: fix crash of compressed writes
The crash[1] is found by xfstests/generic/208 with "-o compress",
it's not reproduced everytime, but it does panic.

The bug is quite interesting, it's actually introduced by a recent commit
(573aecafca,
Btrfs: actually limit the size of delalloc range).

Btrfs implements delay allocation, so during writeback, we
(1) get a page A and lock it
(2) search the state tree for delalloc bytes and lock all pages within the range
(3) process the delalloc range, including find disk space and create
    ordered extent and so on.
(4) submit the page A.

It runs well in normal cases, but if we're in a racy case, eg.
buffered compressed writes and aio-dio writes,
sometimes we may fail to lock all pages in the 'delalloc' range,
in which case, we need to fall back to search the state tree again with
a smaller range limit(max_bytes = PAGE_CACHE_SIZE - offset).

The mentioned commit has a side effect, that is, in the fallback case,
we can find delalloc bytes before the index of the page we already have locked,
so we're in the case of (delalloc_end <= *start) and return with (found > 0).

This ends with not locking delalloc pages but making ->writepage still
process them, and the crash happens.

This fixes it by just thinking that we find nothing and returning to caller
as the caller knows how to deal with it properly.

[1]:
------------[ cut here ]------------
kernel BUG at mm/page-writeback.c:2170!
[...]
CPU: 2 PID: 11755 Comm: btrfs-delalloc- Tainted: G           O 3.11.0+ #8
[...]
RIP: 0010:[<ffffffff810f5093>]  [<ffffffff810f5093>] clear_page_dirty_for_io+0x1e/0x83
[...]
[ 4934.248731] Stack:
[ 4934.248731]  ffff8801477e5dc8 ffffea00049b9f00 ffff8801869f9ce8 ffffffffa02b841a
[ 4934.248731]  0000000000000000 0000000000000000 0000000000000fff 0000000000000620
[ 4934.248731]  ffff88018db59c78 ffffea0005da8d40 ffffffffa02ff860 00000001810016c0
[ 4934.248731] Call Trace:
[ 4934.248731]  [<ffffffffa02b841a>] extent_range_clear_dirty_for_io+0xcf/0xf5 [btrfs]
[ 4934.248731]  [<ffffffffa02a8889>] compress_file_range+0x1dc/0x4cb [btrfs]
[ 4934.248731]  [<ffffffff8104f7af>] ? detach_if_pending+0x22/0x4b
[ 4934.248731]  [<ffffffffa02a8bad>] async_cow_start+0x35/0x53 [btrfs]
[ 4934.248731]  [<ffffffffa02c694b>] worker_loop+0x14b/0x48c [btrfs]
[ 4934.248731]  [<ffffffffa02c6800>] ? btrfs_queue_worker+0x25c/0x25c [btrfs]
[ 4934.248731]  [<ffffffff810608f5>] kthread+0x8d/0x95
[ 4934.248731]  [<ffffffff81060868>] ? kthread_freezable_should_stop+0x43/0x43
[ 4934.248731]  [<ffffffff814fe09c>] ret_from_fork+0x7c/0xb0
[ 4934.248731]  [<ffffffff81060868>] ? kthread_freezable_should_stop+0x43/0x43
[ 4934.248731] Code: ff 85 c0 0f 94 c0 0f b6 c0 59 5b 5d c3 0f 1f 44 00 00 55 48 89 e5 41 54 53 48 89 fb e8 2c de 00 00 49 89 c4 48 8b 03 a8 01 75 02 <0f> 0b 4d 85 e4 74 52 49 8b 84 24 80 00 00 00 f6 40 20 01 75 44
[ 4934.248731] RIP  [<ffffffff810f5093>] clear_page_dirty_for_io+0x1e/0x83
[ 4934.248731]  RSP <ffff8801869f9c48>
[ 4934.280307] ---[ end trace 36f06d3f8750236a ]---

Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: Josef Bacik <jbacik@fusionio.com>
2013-10-04 16:02:11 -04:00
..
9p Second round of 9p patches for the 3.11 merge window. 2013-07-11 10:21:23 -07:00
adfs Don't pass inode to ->d_hash() and ->d_compare() 2013-06-29 12:57:36 +04:00
affs Don't pass inode to ->d_hash() and ->d_compare() 2013-06-29 12:57:36 +04:00
afs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-07-03 09:10:19 -07:00
autofs4 helper for reading ->d_count 2013-07-05 18:59:33 +04:00
befs [readdir] convert befs 2013-06-29 12:56:55 +04:00
bfs bfs: iget_locked() doesn't return an ERR_PTR 2013-08-24 12:10:22 -04:00
btrfs Btrfs: fix crash of compressed writes 2013-10-04 16:02:11 -04:00
cachefiles mm: remove lru parameter from __pagevec_lru_add and remove parts of pagevec API 2013-07-03 16:07:31 -07:00
ceph Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2013-07-09 12:39:10 -07:00
cifs cifs: don't instantiate new dentries in readdir for inodes that need to be revalidated immediately 2013-08-07 10:57:06 -05:00
coda helper for reading ->d_count 2013-07-05 18:59:33 +04:00
configfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-07-14 11:42:26 -07:00
cramfs [readdir] convert f2fs 2013-06-29 12:56:46 +04:00
debugfs debugfs: debugfs_remove_recursive() must not rely on list_empty(d_subdirs) 2013-07-31 12:16:31 -04:00
devpts fs: Limit sys_mount to only request filesystem modules (Part 2). 2013-03-07 01:08:55 -08:00
dlm dlm: kill the unnecessary and wrong device_close()->recalc_sigpending() 2013-08-09 10:48:20 -07:00
ecryptfs Code cleanups and improved buffer handling during page crypto operations 2013-07-11 10:20:18 -07:00
efivarfs efivarfs: we can use simple_lookup() now 2013-07-14 17:48:35 +04:00
efs efs: iget_locked() doesn't return an ERR_PTR() 2013-08-24 12:10:22 -04:00
exofs Lots of bug fixes, cleanups and optimizations. In the bug fixes 2013-07-02 09:39:34 -07:00
exportfs [readdir] constify ->actor 2013-06-29 12:57:05 +04:00
ext2 [O_TMPFILE] it's still short a few helpers, but infrastructure should be OK now... 2013-06-29 12:57:10 +04:00
ext3 ext3: fix a BUG when opening a file with O_TMPFILE flag 2013-07-20 22:03:20 -04:00
ext4 jbd2: Fix oops in jbd2_journal_file_inode() 2013-08-16 21:19:41 -04:00
f2fs f2fs: fix readdir incorrectness 2013-07-08 13:35:48 +04:00
fat fatfs: add FAT_IOCTL_GET_VOLUME_ID 2013-07-09 10:33:25 -07:00
freevxfs [readdir] convert freevxfs 2013-06-29 12:56:53 +04:00
fscache FS-Cache: Don't use spin_is_locked() in assertions 2013-06-19 14:16:47 +01:00
fuse fuse: readdirplus: cleanup 2013-07-17 14:53:54 +02:00
gfs2 GFS2: Check for glock already held in gfs2_getxattr 2013-08-19 09:33:57 +01:00
hfs Don't pass inode to ->d_hash() and ->d_compare() 2013-06-29 12:57:36 +04:00
hfsplus Don't pass inode to ->d_hash() and ->d_compare() 2013-06-29 12:57:36 +04:00
hostfs [readdir] convert hostfs 2013-06-29 12:56:59 +04:00
hpfs Merge branch 'hpfs' from Mikulas Patocka 2013-07-04 11:22:55 -07:00
hppfs clean up scary strncpy(dst, src, strlen(src)) uses 2013-07-03 16:07:41 -07:00
hugetlbfs cope with potentially long ->d_dname() output for shmem/hugetlb 2013-08-24 12:10:17 -04:00
isofs Don't pass inode to ->d_hash() and ->d_compare() 2013-06-29 12:57:36 +04:00
jbd jbd: change journal_invalidatepage() to accept length 2013-05-21 23:26:36 -04:00
jbd2 jbd2: invalidate handle if jbd2_journal_restart() fails 2013-07-01 08:12:41 -04:00
jffs2 [readdir] convert jffs2 2013-06-29 12:56:47 +04:00
jfs jfs: fix readdir cookie incompatibility with NFSv4 2013-08-15 17:22:29 -05:00
lockd LOCKD: Don't call utsname()->nodename from nlmclnt_setlockargs 2013-08-05 15:03:46 -04:00
logfs Lots of bug fixes, cleanups and optimizations. In the bug fixes 2013-07-02 09:39:34 -07:00
minix minix: bug widening a binary "not" operation 2013-06-29 12:57:35 +04:00
ncpfs ncpfs: fix error return code in ncp_parse_options() 2013-07-09 10:33:25 -07:00
nfs NFSv4: Fix up nfs4_proc_lookup_mountpoint 2013-08-07 20:47:26 -04:00
nfs_common
nfsd nfsd: Fix SP4_MACH_CRED negotiation in EXCHANGE_ID 2013-08-07 12:06:07 -04:00
nilfs2 nilfs2: fix issue with counting number of bio requests for BIO_EOPNOTSUPP error detection 2013-08-23 09:51:22 -07:00
nls
notify fsnotify: update comments concerning locking scheme 2013-07-09 10:33:20 -07:00
ntfs Lots of bug fixes, cleanups and optimizations. In the bug fixes 2013-07-02 09:39:34 -07:00
ocfs2 fs/ocfs2/super.c: Use bigger nodestr to accomodate 32-bit node numbers 2013-08-28 19:26:38 -07:00
omfs [readdir] convert omfs 2013-06-29 12:56:37 +04:00
openpromfs [readdir] convert openpromfs 2013-06-29 12:56:32 +04:00
proc Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-08-25 12:25:38 -07:00
pstore Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2013-07-04 10:29:23 -07:00
qnx4 [readdir] convert qnx4 2013-06-29 12:56:38 +04:00
qnx6 [readdir] convert qnx6 2013-06-29 12:56:39 +04:00
quota quota: Convert use of typedef ctl_table to struct ctl_table 2013-07-04 19:22:55 +02:00
ramfs
reiserfs reiserfs: fix deadlock in umount 2013-08-05 17:37:37 +04:00
romfs [readdir] convert romfs 2013-06-29 12:56:29 +04:00
squashfs [readdir] convert squashfs 2013-06-29 12:56:28 +04:00
sysfs sysfs: prevent warning when only using binary attributes 2013-07-16 10:57:36 -07:00
sysv Don't pass inode to ->d_hash() and ->d_compare() 2013-06-29 12:57:36 +04:00
ubifs Only a single patch which fixes a message. 2013-07-05 12:08:47 -07:00
udf udf: provide ->tmpfile() 2013-06-29 12:57:12 +04:00
ufs [readdir] simple local unixlike: switch to ->iterate() 2013-06-29 12:46:47 +04:00
xfs xfs: di_flushiter considered harmful 2013-07-25 10:41:42 -05:00
aio.c aio: fix wrong comment in aio_complete() 2013-07-03 16:08:06 -07:00
anon_inodes.c
attr.c
bad_inode.c [readdir] ->readdir() is gone 2013-06-29 12:57:04 +04:00
binfmt_aout.c mm: remove free_area_cache 2013-07-10 18:11:34 -07:00
binfmt_elf_fdpic.c Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2013-05-02 10:16:16 -07:00
binfmt_elf.c mm: remove free_area_cache 2013-07-10 18:11:34 -07:00
binfmt_em86.c
binfmt_flat.c new helper: read_code() 2013-04-29 15:40:23 -04:00
binfmt_misc.c binfmt_misc: reuse string_unescape_inplace() 2013-04-30 17:04:03 -07:00
binfmt_script.c
binfmt_som.c
bio-integrity.c bio-integrity: Add explicit field for owner of bip_buf 2013-03-23 14:26:34 -07:00
bio.c [SCSI] sg: Fix user memory corruption when SG_IO is interrupted by a signal 2013-08-21 10:58:35 -07:00
block_dev.c Merge branch 'for-3.11/core' of git://git.kernel.dk/linux-block 2013-07-11 13:03:24 -07:00
buffer.c mm: vmscan: take page buffers dirty and locked state into account 2013-07-03 16:07:29 -07:00
char_dev.c
compat_binfmt_elf.c
compat_ioctl.c compat.c: LOOP_CLR_FD is taken care of in loop.c itself... 2013-06-29 12:46:44 +04:00
compat.c [readdir] constify ->actor 2013-06-29 12:57:05 +04:00
coredump.c coredump: '% at the end' shouldn't bypass core_uses_pid logic 2013-07-03 16:08:02 -07:00
coredump.h
dcache.c vfs: make the dentry cache use the lockref infrastructure 2013-08-28 18:24:59 -07:00
dcookies.c consolidate compat lookup_dcookie() 2013-03-03 23:00:23 -05:00
direct-io.c Merge branch 'for-3.10/core' of git://git.kernel.dk/linux-block 2013-05-08 10:13:35 -07:00
drop_caches.c
eventfd.c
eventpoll.c Merge branch 'akpm' (updates from Andrew Morton) 2013-07-03 17:12:13 -07:00
exec.c Fix TLB gather virtual address range invalidation corner cases 2013-08-16 08:52:46 -07:00
fcntl.c vfs: add missing check for __O_TMPFILE in fcntl_init() 2013-08-05 18:25:32 +04:00
fhandle.c
file_table.c fput: turn "list_head delayed_fput_list" into llist_head 2013-07-13 13:29:10 +04:00
file.c don't bother with deferred freeing of fdtables 2013-05-01 17:31:42 -04:00
filesystems.c fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
fs_struct.c constify path_get/path_put and fs_struct.c stuff 2013-03-01 23:51:07 -05:00
fs-writeback.c mm/writeback: don't check force_wait to handle bdi->work_list 2013-07-09 10:33:22 -07:00
generic_acl.c
inode.c allow the temp files created by open() to be linked to 2013-06-29 12:57:11 +04:00
internal.h constify rw_verify_area() 2013-06-29 12:57:34 +04:00
ioctl.c
ioprio.c
Kconfig efivarfs: Move to fs/efivarfs 2013-04-17 13:25:09 +01:00
Kconfig.binfmt fs: make binfmt support for #! scripts modular and removable 2013-04-30 17:04:04 -07:00
libfs.c make simple_lookup() usable for filesystems that set ->s_d_op 2013-07-14 17:43:25 +04:00
locks.c locks: move file_lock_list to a set of percpu hlist_heads and convert file_lock_lock to an lglock 2013-07-08 13:36:42 +04:00
Makefile Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
mbcache.c
mount.h get rid of full-hash scan on detaching vfsmounts 2013-04-09 14:12:52 -04:00
mpage.c
namei.c vfs: make the dentry cache use the lockref infrastructure 2013-08-28 18:24:59 -07:00
namespace.c VFS: collect_mounts() should return an ERR_PTR 2013-08-24 12:10:29 -04:00
no-block.c
open.c fs: Fix file mode for O_TMPFILE 2013-08-05 18:24:10 +04:00
pipe.c aio: don't include aio.h in sched.h 2013-05-07 20:16:25 -07:00
pnode.c vfs: Fix invalid ida_remove() call 2013-05-31 15:16:33 -04:00
pnode.h Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
posix_acl.c
proc_namespace.c
read_write.c vfs: export lseek_execute() to modules 2013-07-03 16:23:27 +04:00
readdir.c [readdir] constify ->actor 2013-06-29 12:57:05 +04:00
select.c net: rename include/net/ll_poll.h to include/net/busy_poll.h 2013-07-10 17:08:27 -07:00
seq_file.c seq_file: add seq_list_*_percpu helpers 2013-07-08 13:36:41 +04:00
signalfd.c switch signalfd{,4}() to COMPAT_SYSCALL_DEFINE 2013-03-03 22:58:46 -05:00
splice.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-07-03 09:10:19 -07:00
stack.c
stat.c
statfs.c
super.c livelock avoidance in sget() 2013-07-20 04:58:58 +04:00
sync.c teach SYSCALL_DEFINE<n> how to deal with long long/unsigned long long 2013-03-03 22:46:22 -05:00
timerfd.c timerfd: Add alarm timers 2013-05-29 12:57:34 -07:00
utimes.c
xattr_acl.c
xattr.c