2018-09-04 15:46:30 -07:00
// SPDX-License-Identifier: GPL-2.0+
2009-04-06 19:01:37 -07:00
/*
2021-11-08 18:35:01 -08:00
* NILFS segment constructor .
2009-04-06 19:01:37 -07:00
*
* Copyright ( C ) 2005 - 2008 Nippon Telegraph and Telephone Corporation .
*
2016-05-23 16:23:09 -07:00
* Written by Ryusuke Konishi .
2009-04-06 19:01:37 -07:00
*
*/
# include <linux/pagemap.h>
# include <linux/buffer_head.h>
# include <linux/writeback.h>
2015-04-16 12:46:28 -07:00
# include <linux/bitops.h>
2009-04-06 19:01:37 -07:00
# include <linux/bio.h>
# include <linux/completion.h>
# include <linux/blkdev.h>
# include <linux/backing-dev.h>
# include <linux/freezer.h>
# include <linux/kthread.h>
# include <linux/crc32.h>
# include <linux/pagevec.h>
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
percpu.h is included by sched.h and module.h and thus ends up being
included when building most .c files. percpu.h includes slab.h which
in turn includes gfp.h making everything defined by the two files
universally available and complicating inclusion dependencies.
percpu.h -> slab.h dependency is about to be removed. Prepare for
this change by updating users of gfp and slab facilities include those
headers directly instead of assuming availability. As this conversion
needs to touch large number of source files, the following script is
used as the basis of conversion.
http://userweb.kernel.org/~tj/misc/slabh-sweep.py
The script does the followings.
* Scan files for gfp and slab usages and update includes such that
only the necessary includes are there. ie. if only gfp is used,
gfp.h, if slab is used, slab.h.
* When the script inserts a new include, it looks at the include
blocks and try to put the new include such that its order conforms
to its surrounding. It's put in the include block which contains
core kernel includes, in the same order that the rest are ordered -
alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
doesn't seem to be any matching order.
* If the script can't find a place to put a new include (mostly
because the file doesn't have fitting include block), it prints out
an error message indicating which .h file needs to be added to the
file.
The conversion was done in the following steps.
1. The initial automatic conversion of all .c files updated slightly
over 4000 files, deleting around 700 includes and adding ~480 gfp.h
and ~3000 slab.h inclusions. The script emitted errors for ~400
files.
2. Each error was manually checked. Some didn't need the inclusion,
some needed manual addition while adding it to implementation .h or
embedding .c file was more appropriate for others. This step added
inclusions to around 150 files.
3. The script was run again and the output was compared to the edits
from #2 to make sure no file was left behind.
4. Several build tests were done and a couple of problems were fixed.
e.g. lib/decompress_*.c used malloc/free() wrappers around slab
APIs requiring slab.h to be added manually.
5. The script was run on all .h files but without automatically
editing them as sprinkling gfp.h and slab.h inclusions around .h
files could easily lead to inclusion dependency hell. Most gfp.h
inclusion directives were ignored as stuff from gfp.h was usually
wildly available and often used in preprocessor macros. Each
slab.h inclusion directive was examined and added manually as
necessary.
6. percpu.h was updated not to include slab.h.
7. Build test were done on the following configurations and failures
were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
distributed build env didn't work with gcov compiles) and a few
more options had to be turned off depending on archs to make things
build (like ipr on powerpc/64 which failed due to missing writeq).
* x86 and x86_64 UP and SMP allmodconfig and a custom test config.
* powerpc and powerpc64 SMP allmodconfig
* sparc and sparc64 SMP allmodconfig
* ia64 SMP allmodconfig
* s390 SMP allmodconfig
* alpha SMP allmodconfig
* um on x86_64 SMP allmodconfig
8. percpu.h modifications were reverted so that it could be applied as
a separate patch and serve as bisection point.
Given the fact that I had only a couple of failures from tests on step
6, I'm fairly confident about the coverage of this conversion patch.
If there is a breakage, it's likely to be something in one of the arch
headers which should be easily discoverable easily on most builds of
the specific arch.
Signed-off-by: Tejun Heo <tj@kernel.org>
Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
2010-03-24 17:04:11 +09:00
# include <linux/slab.h>
2017-02-02 19:15:33 +01:00
# include <linux/sched/signal.h>
2009-04-06 19:01:37 -07:00
# include "nilfs.h"
# include "btnode.h"
# include "page.h"
# include "segment.h"
# include "sufile.h"
# include "cpfile.h"
# include "ifile.h"
# include "segbuf.h"
/*
* Segment constructor
*/
# define SC_N_INODEVEC 16 /* Size of locally allocated inode vector */
2016-05-23 16:23:48 -07:00
# define SC_MAX_SEGDELTA 64 / *
* Upper limit of the number of segments
* appended in collection retry loop
*/
2009-04-06 19:01:37 -07:00
/* Construction mode */
enum {
SC_LSEG_SR = 1 , /* Make a logical segment having a super root */
2016-05-23 16:23:48 -07:00
SC_LSEG_DSYNC , /*
* Flush data blocks of a given file and make
* a logical segment without a super root .
*/
SC_FLUSH_FILE , /*
* Flush data files , leads to segment writes without
* creating a checkpoint .
*/
SC_FLUSH_DAT , /*
* Flush DAT file . This also creates segments
* without a checkpoint .
*/
2009-04-06 19:01:37 -07:00
} ;
/* Stage numbers of dirty block collection */
enum {
NILFS_ST_INIT = 0 ,
NILFS_ST_GC , /* Collecting dirty blocks for GC */
NILFS_ST_FILE ,
NILFS_ST_IFILE ,
NILFS_ST_CPFILE ,
NILFS_ST_SUFILE ,
NILFS_ST_DAT ,
NILFS_ST_SR , /* Super root */
NILFS_ST_DSYNC , /* Data sync blocks */
NILFS_ST_DONE ,
} ;
2015-11-06 16:31:59 -08:00
# define CREATE_TRACE_POINTS
# include <trace/events/nilfs2.h>
/*
* nilfs_sc_cstage_inc ( ) , nilfs_sc_cstage_set ( ) , nilfs_sc_cstage_get ( ) are
* wrapper functions of stage count ( nilfs_sc_info - > sc_stage . scnt ) . Users of
* the variable must use them because transition of stage count must involve
* trace events ( trace_nilfs2_collection_stage_transition ) .
*
* nilfs_sc_cstage_get ( ) isn ' t required for the above purpose because it doesn ' t
* produce tracepoint events . It is provided just for making the intention
* clear .
*/
static inline void nilfs_sc_cstage_inc ( struct nilfs_sc_info * sci )
{
sci - > sc_stage . scnt + + ;
trace_nilfs2_collection_stage_transition ( sci ) ;
}
static inline void nilfs_sc_cstage_set ( struct nilfs_sc_info * sci , int next_scnt )
{
sci - > sc_stage . scnt = next_scnt ;
trace_nilfs2_collection_stage_transition ( sci ) ;
}
static inline int nilfs_sc_cstage_get ( struct nilfs_sc_info * sci )
{
return sci - > sc_stage . scnt ;
}
2009-04-06 19:01:37 -07:00
/* State flags of collection */
# define NILFS_CF_NODE 0x0001 /* Collecting node blocks */
# define NILFS_CF_IFILE_STARTED 0x0002 /* IFILE stage has started */
2009-05-16 23:44:55 +09:00
# define NILFS_CF_SUFREED 0x0004 /* segment usages has been freed */
# define NILFS_CF_HISTORY_MASK (NILFS_CF_IFILE_STARTED | NILFS_CF_SUFREED)
2009-04-06 19:01:37 -07:00
/* Operations depending on the construction mode and file type */
struct nilfs_sc_operations {
int ( * collect_data ) ( struct nilfs_sc_info * , struct buffer_head * ,
struct inode * ) ;
int ( * collect_node ) ( struct nilfs_sc_info * , struct buffer_head * ,
struct inode * ) ;
int ( * collect_bmap ) ( struct nilfs_sc_info * , struct buffer_head * ,
struct inode * ) ;
void ( * write_data_binfo ) ( struct nilfs_sc_info * ,
struct nilfs_segsum_pointer * ,
union nilfs_binfo * ) ;
void ( * write_node_binfo ) ( struct nilfs_sc_info * ,
struct nilfs_segsum_pointer * ,
union nilfs_binfo * ) ;
} ;
/*
* Other definitions
*/
static void nilfs_segctor_start_timer ( struct nilfs_sc_info * ) ;
static void nilfs_segctor_do_flush ( struct nilfs_sc_info * , int ) ;
static void nilfs_segctor_do_immediate_flush ( struct nilfs_sc_info * ) ;
2011-03-09 11:05:07 +09:00
static void nilfs_dispose_list ( struct the_nilfs * , struct list_head * , int ) ;
2009-04-06 19:01:37 -07:00
# define nilfs_cnt32_ge(a, b) \
( typecheck ( __u32 , a ) & & typecheck ( __u32 , b ) & & \
( ( __s32 ) ( a ) - ( __s32 ) ( b ) > = 0 ) )
2016-08-02 14:05:10 -07:00
static int nilfs_prepare_segment_lock ( struct super_block * sb ,
struct nilfs_transaction_info * ti )
2009-04-06 19:01:37 -07:00
{
struct nilfs_transaction_info * cur_ti = current - > journal_info ;
void * save = NULL ;
if ( cur_ti ) {
if ( cur_ti - > ti_magic = = NILFS_TI_MAGIC )
return + + cur_ti - > ti_count ;
2016-05-23 16:23:42 -07:00
/*
* If journal_info field is occupied by other FS ,
* it is saved and will be restored on
* nilfs_transaction_commit ( ) .
*/
2020-08-11 18:35:49 -07:00
nilfs_warn ( sb , " journal info from a different FS " ) ;
2016-05-23 16:23:42 -07:00
save = current - > journal_info ;
2009-04-06 19:01:37 -07:00
}
if ( ! ti ) {
ti = kmem_cache_alloc ( nilfs_transaction_cachep , GFP_NOFS ) ;
if ( ! ti )
return - ENOMEM ;
ti - > ti_flags = NILFS_TI_DYNAMIC_ALLOC ;
} else {
ti - > ti_flags = 0 ;
}
ti - > ti_count = 0 ;
ti - > ti_save = save ;
ti - > ti_magic = NILFS_TI_MAGIC ;
current - > journal_info = ti ;
return 0 ;
}
/**
* nilfs_transaction_begin - start indivisible file operations .
* @ sb : super block
* @ ti : nilfs_transaction_info
* @ vacancy_check : flags for vacancy rate checks
*
* nilfs_transaction_begin ( ) acquires a reader / writer semaphore , called
* the segment semaphore , to make a segment construction and write tasks
2009-04-06 19:01:45 -07:00
* exclusive . The function is used with nilfs_transaction_commit ( ) in pairs .
2009-04-06 19:01:37 -07:00
* The region enclosed by these two functions can be nested . To avoid a
* deadlock , the semaphore is only acquired or released in the outermost call .
*
* This function allocates a nilfs_transaction_info struct to keep context
* information on it . It is initialized and hooked onto the current task in
* the outermost call . If a pre - allocated struct is given to @ ti , it is used
2010-03-14 03:32:40 +09:00
* instead ; otherwise a new struct is assigned from a slab .
2009-04-06 19:01:37 -07:00
*
* When @ vacancy_check flag is set , this function will check the amount of
* free space , and will wait for the GC to reclaim disk space if low capacity .
*
* Return Value : On success , 0 is returned . On error , one of the following
* negative error code is returned .
*
* % - ENOMEM - Insufficient memory available .
*
* % - ENOSPC - No space left on device
*/
int nilfs_transaction_begin ( struct super_block * sb ,
struct nilfs_transaction_info * ti ,
int vacancy_check )
{
struct the_nilfs * nilfs ;
2016-08-02 14:05:10 -07:00
int ret = nilfs_prepare_segment_lock ( sb , ti ) ;
2015-11-06 16:32:02 -08:00
struct nilfs_transaction_info * trace_ti ;
2009-04-06 19:01:37 -07:00
if ( unlikely ( ret < 0 ) )
return ret ;
2015-11-06 16:32:02 -08:00
if ( ret > 0 ) {
trace_ti = current - > journal_info ;
trace_nilfs2_transaction_transition ( sb , trace_ti ,
trace_ti - > ti_count , trace_ti - > ti_flags ,
TRACE_NILFS2_TRANSACTION_BEGIN ) ;
2009-04-06 19:01:37 -07:00
return 0 ;
2015-11-06 16:32:02 -08:00
}
2009-04-06 19:01:37 -07:00
2012-06-12 16:20:44 +02:00
sb_start_intwrite ( sb ) ;
2010-09-20 18:19:06 +09:00
2011-03-09 11:05:08 +09:00
nilfs = sb - > s_fs_info ;
2009-04-06 19:01:37 -07:00
down_read ( & nilfs - > ns_segctor_sem ) ;
if ( vacancy_check & & nilfs_near_disk_full ( nilfs ) ) {
up_read ( & nilfs - > ns_segctor_sem ) ;
ret = - ENOSPC ;
goto failed ;
}
2015-11-06 16:32:02 -08:00
trace_ti = current - > journal_info ;
trace_nilfs2_transaction_transition ( sb , trace_ti , trace_ti - > ti_count ,
trace_ti - > ti_flags ,
TRACE_NILFS2_TRANSACTION_BEGIN ) ;
2009-04-06 19:01:37 -07:00
return 0 ;
failed :
ti = current - > journal_info ;
current - > journal_info = ti - > ti_save ;
if ( ti - > ti_flags & NILFS_TI_DYNAMIC_ALLOC )
kmem_cache_free ( nilfs_transaction_cachep , ti ) ;
2012-06-12 16:20:44 +02:00
sb_end_intwrite ( sb ) ;
2009-04-06 19:01:37 -07:00
return ret ;
}
/**
2009-04-06 19:01:45 -07:00
* nilfs_transaction_commit - commit indivisible file operations .
2009-04-06 19:01:37 -07:00
* @ sb : super block
*
2009-04-06 19:01:45 -07:00
* nilfs_transaction_commit ( ) releases the read semaphore which is
* acquired by nilfs_transaction_begin ( ) . This is only performed
* in outermost call of this function . If a commit flag is set ,
* nilfs_transaction_commit ( ) sets a timer to start the segment
* constructor . If a sync flag is set , it starts construction
* directly .
2009-04-06 19:01:37 -07:00
*/
2009-04-06 19:01:45 -07:00
int nilfs_transaction_commit ( struct super_block * sb )
2009-04-06 19:01:37 -07:00
{
struct nilfs_transaction_info * ti = current - > journal_info ;
2011-03-09 11:05:08 +09:00
struct the_nilfs * nilfs = sb - > s_fs_info ;
2009-04-06 19:01:37 -07:00
int err = 0 ;
BUG_ON ( ti = = NULL | | ti - > ti_magic ! = NILFS_TI_MAGIC ) ;
2009-04-06 19:01:45 -07:00
ti - > ti_flags | = NILFS_TI_COMMIT ;
2009-04-06 19:01:37 -07:00
if ( ti - > ti_count > 0 ) {
ti - > ti_count - - ;
2015-11-06 16:32:02 -08:00
trace_nilfs2_transaction_transition ( sb , ti , ti - > ti_count ,
ti - > ti_flags , TRACE_NILFS2_TRANSACTION_COMMIT ) ;
2009-04-06 19:01:37 -07:00
return 0 ;
}
2011-03-09 11:05:08 +09:00
if ( nilfs - > ns_writer ) {
struct nilfs_sc_info * sci = nilfs - > ns_writer ;
2009-04-06 19:01:37 -07:00
if ( ti - > ti_flags & NILFS_TI_COMMIT )
nilfs_segctor_start_timer ( sci ) ;
2011-03-09 11:05:08 +09:00
if ( atomic_read ( & nilfs - > ns_ndirtyblks ) > sci - > sc_watermark )
2009-04-06 19:01:37 -07:00
nilfs_segctor_do_flush ( sci , 0 ) ;
}
2011-03-09 11:05:08 +09:00
up_read ( & nilfs - > ns_segctor_sem ) ;
2015-11-06 16:32:02 -08:00
trace_nilfs2_transaction_transition ( sb , ti , ti - > ti_count ,
ti - > ti_flags , TRACE_NILFS2_TRANSACTION_COMMIT ) ;
2009-04-06 19:01:37 -07:00
current - > journal_info = ti - > ti_save ;
if ( ti - > ti_flags & NILFS_TI_SYNC )
err = nilfs_construct_segment ( sb ) ;
if ( ti - > ti_flags & NILFS_TI_DYNAMIC_ALLOC )
kmem_cache_free ( nilfs_transaction_cachep , ti ) ;
2012-06-12 16:20:44 +02:00
sb_end_intwrite ( sb ) ;
2009-04-06 19:01:37 -07:00
return err ;
}
2009-04-06 19:01:45 -07:00
void nilfs_transaction_abort ( struct super_block * sb )
{
struct nilfs_transaction_info * ti = current - > journal_info ;
2011-03-09 11:05:08 +09:00
struct the_nilfs * nilfs = sb - > s_fs_info ;
2009-04-06 19:01:45 -07:00
BUG_ON ( ti = = NULL | | ti - > ti_magic ! = NILFS_TI_MAGIC ) ;
if ( ti - > ti_count > 0 ) {
ti - > ti_count - - ;
2015-11-06 16:32:02 -08:00
trace_nilfs2_transaction_transition ( sb , ti , ti - > ti_count ,
ti - > ti_flags , TRACE_NILFS2_TRANSACTION_ABORT ) ;
2009-04-06 19:01:45 -07:00
return ;
}
2011-03-09 11:05:08 +09:00
up_read ( & nilfs - > ns_segctor_sem ) ;
2009-04-06 19:01:45 -07:00
2015-11-06 16:32:02 -08:00
trace_nilfs2_transaction_transition ( sb , ti , ti - > ti_count ,
ti - > ti_flags , TRACE_NILFS2_TRANSACTION_ABORT ) ;
2009-04-06 19:01:45 -07:00
current - > journal_info = ti - > ti_save ;
if ( ti - > ti_flags & NILFS_TI_DYNAMIC_ALLOC )
kmem_cache_free ( nilfs_transaction_cachep , ti ) ;
2012-06-12 16:20:44 +02:00
sb_end_intwrite ( sb ) ;
2009-04-06 19:01:45 -07:00
}
2009-04-06 19:01:37 -07:00
void nilfs_relax_pressure_in_lock ( struct super_block * sb )
{
2011-03-09 11:05:08 +09:00
struct the_nilfs * nilfs = sb - > s_fs_info ;
2011-03-09 11:05:08 +09:00
struct nilfs_sc_info * sci = nilfs - > ns_writer ;
2009-04-06 19:01:37 -07:00
2022-11-04 23:29:59 +09:00
if ( sb_rdonly ( sb ) | | unlikely ( ! sci ) | | ! sci - > sc_flush_request )
2009-04-06 19:01:37 -07:00
return ;
set_bit ( NILFS_SC_PRIOR_FLUSH , & sci - > sc_flags ) ;
up_read ( & nilfs - > ns_segctor_sem ) ;
down_write ( & nilfs - > ns_segctor_sem ) ;
if ( sci - > sc_flush_request & &
test_bit ( NILFS_SC_PRIOR_FLUSH , & sci - > sc_flags ) ) {
struct nilfs_transaction_info * ti = current - > journal_info ;
ti - > ti_flags | = NILFS_TI_WRITER ;
nilfs_segctor_do_immediate_flush ( sci ) ;
ti - > ti_flags & = ~ NILFS_TI_WRITER ;
}
downgrade_write ( & nilfs - > ns_segctor_sem ) ;
}
2011-03-09 11:05:08 +09:00
static void nilfs_transaction_lock ( struct super_block * sb ,
2009-04-06 19:01:37 -07:00
struct nilfs_transaction_info * ti ,
int gcflag )
{
struct nilfs_transaction_info * cur_ti = current - > journal_info ;
2011-03-09 11:05:08 +09:00
struct the_nilfs * nilfs = sb - > s_fs_info ;
2011-03-09 11:05:08 +09:00
struct nilfs_sc_info * sci = nilfs - > ns_writer ;
2009-04-06 19:01:37 -07:00
2009-04-06 19:01:55 -07:00
WARN_ON ( cur_ti ) ;
2009-04-06 19:01:37 -07:00
ti - > ti_flags = NILFS_TI_WRITER ;
ti - > ti_count = 0 ;
ti - > ti_save = cur_ti ;
ti - > ti_magic = NILFS_TI_MAGIC ;
current - > journal_info = ti ;
for ( ; ; ) {
2015-11-06 16:32:02 -08:00
trace_nilfs2_transaction_transition ( sb , ti , ti - > ti_count ,
ti - > ti_flags , TRACE_NILFS2_TRANSACTION_TRYLOCK ) ;
2011-03-09 11:05:08 +09:00
down_write ( & nilfs - > ns_segctor_sem ) ;
if ( ! test_bit ( NILFS_SC_PRIOR_FLUSH , & sci - > sc_flags ) )
2009-04-06 19:01:37 -07:00
break ;
2011-03-09 11:05:08 +09:00
nilfs_segctor_do_immediate_flush ( sci ) ;
2009-04-06 19:01:37 -07:00
2011-03-09 11:05:08 +09:00
up_write ( & nilfs - > ns_segctor_sem ) ;
2016-08-02 14:05:19 -07:00
cond_resched ( ) ;
2009-04-06 19:01:37 -07:00
}
if ( gcflag )
ti - > ti_flags | = NILFS_TI_GC ;
2015-11-06 16:32:02 -08:00
trace_nilfs2_transaction_transition ( sb , ti , ti - > ti_count ,
ti - > ti_flags , TRACE_NILFS2_TRANSACTION_LOCK ) ;
2009-04-06 19:01:37 -07:00
}
2011-03-09 11:05:08 +09:00
static void nilfs_transaction_unlock ( struct super_block * sb )
2009-04-06 19:01:37 -07:00
{
struct nilfs_transaction_info * ti = current - > journal_info ;
2011-03-09 11:05:08 +09:00
struct the_nilfs * nilfs = sb - > s_fs_info ;
2009-04-06 19:01:37 -07:00
BUG_ON ( ti = = NULL | | ti - > ti_magic ! = NILFS_TI_MAGIC ) ;
BUG_ON ( ti - > ti_count > 0 ) ;
2011-03-09 11:05:07 +09:00
up_write ( & nilfs - > ns_segctor_sem ) ;
2009-04-06 19:01:37 -07:00
current - > journal_info = ti - > ti_save ;
2015-11-06 16:32:02 -08:00
trace_nilfs2_transaction_transition ( sb , ti , ti - > ti_count ,
ti - > ti_flags , TRACE_NILFS2_TRANSACTION_UNLOCK ) ;
2009-04-06 19:01:37 -07:00
}
static void * nilfs_segctor_map_segsum_entry ( struct nilfs_sc_info * sci ,
struct nilfs_segsum_pointer * ssp ,
2016-05-23 16:23:39 -07:00
unsigned int bytes )
2009-04-06 19:01:37 -07:00
{
struct nilfs_segment_buffer * segbuf = sci - > sc_curseg ;
2016-05-23 16:23:39 -07:00
unsigned int blocksize = sci - > sc_super - > s_blocksize ;
2009-04-06 19:01:37 -07:00
void * p ;
if ( unlikely ( ssp - > offset + bytes > blocksize ) ) {
ssp - > offset = 0 ;
BUG_ON ( NILFS_SEGBUF_BH_IS_LAST ( ssp - > bh ,
& segbuf - > sb_segsum_buffers ) ) ;
ssp - > bh = NILFS_SEGBUF_NEXT_BH ( ssp - > bh ) ;
}
p = ssp - > bh - > b_data + ssp - > offset ;
ssp - > offset + = bytes ;
return p ;
}
/**
* nilfs_segctor_reset_segment_buffer - reset the current segment buffer
* @ sci : nilfs_sc_info
*/
static int nilfs_segctor_reset_segment_buffer ( struct nilfs_sc_info * sci )
{
struct nilfs_segment_buffer * segbuf = sci - > sc_curseg ;
struct buffer_head * sumbh ;
2016-05-23 16:23:39 -07:00
unsigned int sumbytes ;
unsigned int flags = 0 ;
2009-04-06 19:01:37 -07:00
int err ;
if ( nilfs_doing_gc ( ) )
flags = NILFS_SS_GC ;
2010-08-20 20:10:38 +09:00
err = nilfs_segbuf_reset ( segbuf , flags , sci - > sc_seg_ctime , sci - > sc_cno ) ;
2009-04-06 19:01:37 -07:00
if ( unlikely ( err ) )
return err ;
sumbh = NILFS_SEGBUF_FIRST_BH ( & segbuf - > sb_segsum_buffers ) ;
sumbytes = segbuf - > sb_sum . sumbytes ;
sci - > sc_finfo_ptr . bh = sumbh ; sci - > sc_finfo_ptr . offset = sumbytes ;
sci - > sc_binfo_ptr . bh = sumbh ; sci - > sc_binfo_ptr . offset = sumbytes ;
sci - > sc_blk_cnt = sci - > sc_datablk_cnt = 0 ;
return 0 ;
}
2023-04-18 02:35:13 +09:00
/**
* nilfs_segctor_zeropad_segsum - zero pad the rest of the segment summary area
* @ sci : segment constructor object
*
* nilfs_segctor_zeropad_segsum ( ) zero - fills unallocated space at the end of
* the current segment summary block .
*/
static void nilfs_segctor_zeropad_segsum ( struct nilfs_sc_info * sci )
{
struct nilfs_segsum_pointer * ssp ;
ssp = sci - > sc_blk_cnt > 0 ? & sci - > sc_binfo_ptr : & sci - > sc_finfo_ptr ;
if ( ssp - > offset < ssp - > bh - > b_size )
memset ( ssp - > bh - > b_data + ssp - > offset , 0 ,
ssp - > bh - > b_size - ssp - > offset ) ;
}
2009-04-06 19:01:37 -07:00
static int nilfs_segctor_feed_segment ( struct nilfs_sc_info * sci )
{
sci - > sc_nblk_this_inc + = sci - > sc_curseg - > sb_sum . nblocks ;
if ( NILFS_SEGBUF_IS_LAST ( sci - > sc_curseg , & sci - > sc_segbufs ) )
2016-05-23 16:23:48 -07:00
return - E2BIG ; /*
* The current segment is filled up
* ( internal code )
*/
2023-04-18 02:35:13 +09:00
nilfs_segctor_zeropad_segsum ( sci ) ;
2009-04-06 19:01:37 -07:00
sci - > sc_curseg = NILFS_NEXT_SEGBUF ( sci - > sc_curseg ) ;
return nilfs_segctor_reset_segment_buffer ( sci ) ;
}
static int nilfs_segctor_add_super_root ( struct nilfs_sc_info * sci )
{
struct nilfs_segment_buffer * segbuf = sci - > sc_curseg ;
int err ;
if ( segbuf - > sb_sum . nblocks > = segbuf - > sb_rest_blocks ) {
err = nilfs_segctor_feed_segment ( sci ) ;
if ( err )
return err ;
segbuf = sci - > sc_curseg ;
}
2010-03-23 01:15:31 +09:00
err = nilfs_segbuf_extend_payload ( segbuf , & segbuf - > sb_super_root ) ;
2009-04-06 19:01:37 -07:00
if ( likely ( ! err ) )
segbuf - > sb_sum . flags | = NILFS_SS_SR ;
return err ;
}
/*
* Functions for making segment summary and payloads
*/
static int nilfs_segctor_segsum_block_required (
struct nilfs_sc_info * sci , const struct nilfs_segsum_pointer * ssp ,
2016-05-23 16:23:39 -07:00
unsigned int binfo_size )
2009-04-06 19:01:37 -07:00
{
2016-05-23 16:23:39 -07:00
unsigned int blocksize = sci - > sc_super - > s_blocksize ;
2009-04-06 19:01:37 -07:00
/* Size of finfo and binfo is enough small against blocksize */
return ssp - > offset + binfo_size +
( ! sci - > sc_blk_cnt ? sizeof ( struct nilfs_finfo ) : 0 ) >
blocksize ;
}
static void nilfs_segctor_begin_finfo ( struct nilfs_sc_info * sci ,
struct inode * inode )
{
sci - > sc_curseg - > sb_sum . nfinfo + + ;
sci - > sc_binfo_ptr = sci - > sc_finfo_ptr ;
nilfs_segctor_map_segsum_entry (
sci , & sci - > sc_binfo_ptr , sizeof ( struct nilfs_finfo ) ) ;
2009-04-06 19:01:57 -07:00
2011-02-28 13:41:11 +09:00
if ( NILFS_I ( inode ) - > i_root & &
! test_bit ( NILFS_SC_HAVE_DELTA , & sci - > sc_flags ) )
2009-04-06 19:01:57 -07:00
set_bit ( NILFS_SC_HAVE_DELTA , & sci - > sc_flags ) ;
2009-04-06 19:01:37 -07:00
/* skip finfo */
}
static void nilfs_segctor_end_finfo ( struct nilfs_sc_info * sci ,
struct inode * inode )
{
struct nilfs_finfo * finfo ;
struct nilfs_inode_info * ii ;
struct nilfs_segment_buffer * segbuf ;
2010-08-20 20:10:38 +09:00
__u64 cno ;
2009-04-06 19:01:37 -07:00
if ( sci - > sc_blk_cnt = = 0 )
return ;
ii = NILFS_I ( inode ) ;
2010-08-20 20:10:38 +09:00
if ( test_bit ( NILFS_I_GCINODE , & ii - > i_state ) )
cno = ii - > i_cno ;
else if ( NILFS_ROOT_METADATA_FILE ( inode - > i_ino ) )
cno = 0 ;
else
cno = sci - > sc_cno ;
2009-04-06 19:01:37 -07:00
finfo = nilfs_segctor_map_segsum_entry ( sci , & sci - > sc_finfo_ptr ,
sizeof ( * finfo ) ) ;
finfo - > fi_ino = cpu_to_le64 ( inode - > i_ino ) ;
finfo - > fi_nblocks = cpu_to_le32 ( sci - > sc_blk_cnt ) ;
finfo - > fi_ndatablk = cpu_to_le32 ( sci - > sc_datablk_cnt ) ;
2010-08-20 20:10:38 +09:00
finfo - > fi_cno = cpu_to_le64 ( cno ) ;
2009-04-06 19:01:37 -07:00
segbuf = sci - > sc_curseg ;
segbuf - > sb_sum . sumbytes = sci - > sc_binfo_ptr . offset +
sci - > sc_super - > s_blocksize * ( segbuf - > sb_sum . nsumblk - 1 ) ;
sci - > sc_finfo_ptr = sci - > sc_binfo_ptr ;
sci - > sc_blk_cnt = sci - > sc_datablk_cnt = 0 ;
}
static int nilfs_segctor_add_file_block ( struct nilfs_sc_info * sci ,
struct buffer_head * bh ,
struct inode * inode ,
2016-05-23 16:23:39 -07:00
unsigned int binfo_size )
2009-04-06 19:01:37 -07:00
{
struct nilfs_segment_buffer * segbuf ;
int required , err = 0 ;
retry :
segbuf = sci - > sc_curseg ;
required = nilfs_segctor_segsum_block_required (
sci , & sci - > sc_binfo_ptr , binfo_size ) ;
if ( segbuf - > sb_sum . nblocks + required + 1 > segbuf - > sb_rest_blocks ) {
nilfs_segctor_end_finfo ( sci , inode ) ;
err = nilfs_segctor_feed_segment ( sci ) ;
if ( err )
return err ;
goto retry ;
}
if ( unlikely ( required ) ) {
2023-04-18 02:35:13 +09:00
nilfs_segctor_zeropad_segsum ( sci ) ;
2009-04-06 19:01:37 -07:00
err = nilfs_segbuf_extend_segsum ( segbuf ) ;
if ( unlikely ( err ) )
goto failed ;
}
if ( sci - > sc_blk_cnt = = 0 )
nilfs_segctor_begin_finfo ( sci , inode ) ;
nilfs_segctor_map_segsum_entry ( sci , & sci - > sc_binfo_ptr , binfo_size ) ;
/* Substitution to vblocknr is delayed until update_blocknr() */
nilfs_segbuf_add_file_buffer ( segbuf , bh ) ;
sci - > sc_blk_cnt + + ;
failed :
return err ;
}
/*
* Callback functions that enumerate , mark , and collect dirty blocks
*/
static int nilfs_collect_file_data ( struct nilfs_sc_info * sci ,
struct buffer_head * bh , struct inode * inode )
{
int err ;
err = nilfs_bmap_propagate ( NILFS_I ( inode ) - > i_bmap , bh ) ;
2010-11-19 15:26:20 +09:00
if ( err < 0 )
return err ;
2009-04-06 19:01:37 -07:00
err = nilfs_segctor_add_file_block ( sci , bh , inode ,
sizeof ( struct nilfs_binfo_v ) ) ;
if ( ! err )
sci - > sc_datablk_cnt + + ;
return err ;
}
static int nilfs_collect_file_node ( struct nilfs_sc_info * sci ,
struct buffer_head * bh ,
struct inode * inode )
{
2010-11-19 15:26:20 +09:00
return nilfs_bmap_propagate ( NILFS_I ( inode ) - > i_bmap , bh ) ;
2009-04-06 19:01:37 -07:00
}
static int nilfs_collect_file_bmap ( struct nilfs_sc_info * sci ,
struct buffer_head * bh ,
struct inode * inode )
{
2009-04-06 19:01:55 -07:00
WARN_ON ( ! buffer_dirty ( bh ) ) ;
2009-04-06 19:01:37 -07:00
return nilfs_segctor_add_file_block ( sci , bh , inode , sizeof ( __le64 ) ) ;
}
static void nilfs_write_file_data_binfo ( struct nilfs_sc_info * sci ,
struct nilfs_segsum_pointer * ssp ,
union nilfs_binfo * binfo )
{
struct nilfs_binfo_v * binfo_v = nilfs_segctor_map_segsum_entry (
sci , ssp , sizeof ( * binfo_v ) ) ;
* binfo_v = binfo - > bi_v ;
}
static void nilfs_write_file_node_binfo ( struct nilfs_sc_info * sci ,
struct nilfs_segsum_pointer * ssp ,
union nilfs_binfo * binfo )
{
__le64 * vblocknr = nilfs_segctor_map_segsum_entry (
sci , ssp , sizeof ( * vblocknr ) ) ;
* vblocknr = binfo - > bi_v . bi_vblocknr ;
}
2016-05-23 16:22:57 -07:00
static const struct nilfs_sc_operations nilfs_sc_file_ops = {
2009-04-06 19:01:37 -07:00
. collect_data = nilfs_collect_file_data ,
. collect_node = nilfs_collect_file_node ,
. collect_bmap = nilfs_collect_file_bmap ,
. write_data_binfo = nilfs_write_file_data_binfo ,
. write_node_binfo = nilfs_write_file_node_binfo ,
} ;
static int nilfs_collect_dat_data ( struct nilfs_sc_info * sci ,
struct buffer_head * bh , struct inode * inode )
{
int err ;
err = nilfs_bmap_propagate ( NILFS_I ( inode ) - > i_bmap , bh ) ;
2010-11-19 15:26:20 +09:00
if ( err < 0 )
return err ;
2009-04-06 19:01:37 -07:00
err = nilfs_segctor_add_file_block ( sci , bh , inode , sizeof ( __le64 ) ) ;
if ( ! err )
sci - > sc_datablk_cnt + + ;
return err ;
}
static int nilfs_collect_dat_bmap ( struct nilfs_sc_info * sci ,
struct buffer_head * bh , struct inode * inode )
{
2009-04-06 19:01:55 -07:00
WARN_ON ( ! buffer_dirty ( bh ) ) ;
2009-04-06 19:01:37 -07:00
return nilfs_segctor_add_file_block ( sci , bh , inode ,
sizeof ( struct nilfs_binfo_dat ) ) ;
}
static void nilfs_write_dat_data_binfo ( struct nilfs_sc_info * sci ,
struct nilfs_segsum_pointer * ssp ,
union nilfs_binfo * binfo )
{
__le64 * blkoff = nilfs_segctor_map_segsum_entry ( sci , ssp ,
sizeof ( * blkoff ) ) ;
* blkoff = binfo - > bi_dat . bi_blkoff ;
}
static void nilfs_write_dat_node_binfo ( struct nilfs_sc_info * sci ,
struct nilfs_segsum_pointer * ssp ,
union nilfs_binfo * binfo )
{
struct nilfs_binfo_dat * binfo_dat =
nilfs_segctor_map_segsum_entry ( sci , ssp , sizeof ( * binfo_dat ) ) ;
* binfo_dat = binfo - > bi_dat ;
}
2016-05-23 16:22:57 -07:00
static const struct nilfs_sc_operations nilfs_sc_dat_ops = {
2009-04-06 19:01:37 -07:00
. collect_data = nilfs_collect_dat_data ,
. collect_node = nilfs_collect_file_node ,
. collect_bmap = nilfs_collect_dat_bmap ,
. write_data_binfo = nilfs_write_dat_data_binfo ,
. write_node_binfo = nilfs_write_dat_node_binfo ,
} ;
2016-05-23 16:22:57 -07:00
static const struct nilfs_sc_operations nilfs_sc_dsync_ops = {
2009-04-06 19:01:37 -07:00
. collect_data = nilfs_collect_file_data ,
. collect_node = NULL ,
. collect_bmap = NULL ,
. write_data_binfo = nilfs_write_file_data_binfo ,
. write_node_binfo = NULL ,
} ;
2009-04-06 19:01:38 -07:00
static size_t nilfs_lookup_dirty_data_buffers ( struct inode * inode ,
struct list_head * listp ,
size_t nlimit ,
loff_t start , loff_t end )
2009-04-06 19:01:37 -07:00
{
struct address_space * mapping = inode - > i_mapping ;
2023-01-04 13:14:43 -08:00
struct folio_batch fbatch ;
2009-04-06 19:01:38 -07:00
pgoff_t index = 0 , last = ULONG_MAX ;
size_t ndirties = 0 ;
int i ;
2009-04-06 19:01:37 -07:00
2009-04-06 19:01:38 -07:00
if ( unlikely ( start ! = 0 | | end ! = LLONG_MAX ) ) {
/*
* A valid range is given for sync - ing data pages . The
* range is rounded to per - page ; extra dirty buffers
* may be included if blocksize < pagesize .
*/
index = start > > PAGE_SHIFT ;
last = end > > PAGE_SHIFT ;
}
2023-01-04 13:14:43 -08:00
folio_batch_init ( & fbatch ) ;
2009-04-06 19:01:37 -07:00
repeat :
2009-04-06 19:01:38 -07:00
if ( unlikely ( index > last ) | |
2023-01-04 13:14:43 -08:00
! filemap_get_folios_tag ( mapping , & index , last ,
PAGECACHE_TAG_DIRTY , & fbatch ) )
2009-04-06 19:01:38 -07:00
return ndirties ;
2009-04-06 19:01:37 -07:00
2023-01-04 13:14:43 -08:00
for ( i = 0 ; i < folio_batch_count ( & fbatch ) ; i + + ) {
2009-04-06 19:01:37 -07:00
struct buffer_head * bh , * head ;
2023-01-04 13:14:43 -08:00
struct folio * folio = fbatch . folios [ i ] ;
2009-04-06 19:01:37 -07:00
2023-01-04 13:14:43 -08:00
folio_lock ( folio ) ;
2023-08-05 22:20:38 +09:00
if ( unlikely ( folio - > mapping ! = mapping ) ) {
/* Exclude folios removed from the address space */
folio_unlock ( folio ) ;
continue ;
}
2023-01-04 13:14:43 -08:00
head = folio_buffers ( folio ) ;
2023-10-16 21:11:03 +01:00
if ( ! head )
2023-10-16 21:11:14 +01:00
head = create_empty_buffers ( folio ,
2023-10-16 21:11:03 +01:00
i_blocksize ( inode ) , 0 ) ;
2023-01-04 13:14:43 -08:00
folio_unlock ( folio ) ;
2009-04-06 19:01:37 -07:00
2023-01-04 13:14:43 -08:00
bh = head ;
2009-04-06 19:01:37 -07:00
do {
nilfs2: fix issue with race condition of competition between segments for dirty blocks
Many NILFS2 users were reported about strange file system corruption
(for example):
NILFS: bad btree node (blocknr=185027): level = 0, flags = 0x0, nchildren = 768
NILFS error (device sda4): nilfs_bmap_last_key: broken bmap (inode number=11540)
But such error messages are consequence of file system's issue that takes
place more earlier. Fortunately, Jerome Poulin <jeromepoulin@gmail.com>
and Anton Eliasson <devel@antoneliasson.se> were reported about another
issue not so recently. These reports describe the issue with segctor
thread's crash:
BUG: unable to handle kernel paging request at 0000000000004c83
IP: nilfs_end_page_io+0x12/0xd0 [nilfs2]
Call Trace:
nilfs_segctor_do_construct+0xf25/0x1b20 [nilfs2]
nilfs_segctor_construct+0x17b/0x290 [nilfs2]
nilfs_segctor_thread+0x122/0x3b0 [nilfs2]
kthread+0xc0/0xd0
ret_from_fork+0x7c/0xb0
These two issues have one reason. This reason can raise third issue
too. Third issue results in hanging of segctor thread with eating of
100% CPU.
REPRODUCING PATH:
One of the possible way or the issue reproducing was described by
Jermoe me Poulin <jeromepoulin@gmail.com>:
1. init S to get to single user mode.
2. sysrq+E to make sure only my shell is running
3. start network-manager to get my wifi connection up
4. login as root and launch "screen"
5. cd /boot/log/nilfs which is a ext3 mount point and can log when NILFS dies.
6. lscp | xz -9e > lscp.txt.xz
7. mount my snapshot using mount -o cp=3360839,ro /dev/vgUbuntu/root /mnt/nilfs
8. start a screen to dump /proc/kmsg to text file since rsyslog is killed
9. start a screen and launch strace -f -o find-cat.log -t find
/mnt/nilfs -type f -exec cat {} > /dev/null \;
10. start a screen and launch strace -f -o apt-get.log -t apt-get update
11. launch the last command again as it did not crash the first time
12. apt-get crashes
13. ps aux > ps-aux-crashed.log
13. sysrq+W
14. sysrq+E wait for everything to terminate
15. sysrq+SUSB
Simplified way of the issue reproducing is starting kernel compilation
task and "apt-get update" in parallel.
REPRODUCIBILITY:
The issue is reproduced not stable [60% - 80%]. It is very important to
have proper environment for the issue reproducing. The critical
conditions for successful reproducing:
(1) It should have big modified file by mmap() way.
(2) This file should have the count of dirty blocks are greater that
several segments in size (for example, two or three) from time to time
during processing.
(3) It should be intensive background activity of files modification
in another thread.
INVESTIGATION:
First of all, it is possible to see that the reason of crash is not valid
page address:
NILFS [nilfs_segctor_complete_write]:2100 bh->b_count 0, bh->b_blocknr 13895680, bh->b_size 13897727, bh->b_page 0000000000001a82
NILFS [nilfs_segctor_complete_write]:2101 segbuf->sb_segnum 6783
Moreover, value of b_page (0x1a82) is 6786. This value looks like segment
number. And b_blocknr with b_size values look like block numbers. So,
buffer_head's pointer points on not proper address value.
Detailed investigation of the issue is discovered such picture:
[-----------------------------SEGMENT 6783-------------------------------]
NILFS [nilfs_segctor_do_construct]:2310 nilfs_segctor_begin_construction
NILFS [nilfs_segctor_do_construct]:2321 nilfs_segctor_collect
NILFS [nilfs_segctor_do_construct]:2336 nilfs_segctor_assign
NILFS [nilfs_segctor_do_construct]:2367 nilfs_segctor_update_segusage
NILFS [nilfs_segctor_do_construct]:2371 nilfs_segctor_prepare_write
NILFS [nilfs_segctor_do_construct]:2376 nilfs_add_checksums_on_logs
NILFS [nilfs_segctor_do_construct]:2381 nilfs_segctor_write
NILFS [nilfs_segbuf_submit_bio]:464 bio->bi_sector 111149024, segbuf->sb_segnum 6783
[-----------------------------SEGMENT 6784-------------------------------]
NILFS [nilfs_segctor_do_construct]:2310 nilfs_segctor_begin_construction
NILFS [nilfs_segctor_do_construct]:2321 nilfs_segctor_collect
NILFS [nilfs_lookup_dirty_data_buffers]:782 bh->b_count 1, bh->b_page ffffea000709b000, page->index 0, i_ino 1033103, i_size 25165824
NILFS [nilfs_lookup_dirty_data_buffers]:783 bh->b_assoc_buffers.next ffff8802174a6798, bh->b_assoc_buffers.prev ffff880221cffee8
NILFS [nilfs_segctor_do_construct]:2336 nilfs_segctor_assign
NILFS [nilfs_segctor_do_construct]:2367 nilfs_segctor_update_segusage
NILFS [nilfs_segctor_do_construct]:2371 nilfs_segctor_prepare_write
NILFS [nilfs_segctor_do_construct]:2376 nilfs_add_checksums_on_logs
NILFS [nilfs_segctor_do_construct]:2381 nilfs_segctor_write
NILFS [nilfs_segbuf_submit_bh]:575 bh->b_count 1, bh->b_page ffffea000709b000, page->index 0, i_ino 1033103, i_size 25165824
NILFS [nilfs_segbuf_submit_bh]:576 segbuf->sb_segnum 6784
NILFS [nilfs_segbuf_submit_bh]:577 bh->b_assoc_buffers.next ffff880218a0d5f8, bh->b_assoc_buffers.prev ffff880218bcdf50
NILFS [nilfs_segbuf_submit_bio]:464 bio->bi_sector 111150080, segbuf->sb_segnum 6784, segbuf->sb_nbio 0
[----------] ditto
NILFS [nilfs_segbuf_submit_bio]:464 bio->bi_sector 111164416, segbuf->sb_segnum 6784, segbuf->sb_nbio 15
[-----------------------------SEGMENT 6785-------------------------------]
NILFS [nilfs_segctor_do_construct]:2310 nilfs_segctor_begin_construction
NILFS [nilfs_segctor_do_construct]:2321 nilfs_segctor_collect
NILFS [nilfs_lookup_dirty_data_buffers]:782 bh->b_count 2, bh->b_page ffffea000709b000, page->index 0, i_ino 1033103, i_size 25165824
NILFS [nilfs_lookup_dirty_data_buffers]:783 bh->b_assoc_buffers.next ffff880219277e80, bh->b_assoc_buffers.prev ffff880221cffc88
NILFS [nilfs_segctor_do_construct]:2367 nilfs_segctor_update_segusage
NILFS [nilfs_segctor_do_construct]:2371 nilfs_segctor_prepare_write
NILFS [nilfs_segctor_do_construct]:2376 nilfs_add_checksums_on_logs
NILFS [nilfs_segctor_do_construct]:2381 nilfs_segctor_write
NILFS [nilfs_segbuf_submit_bh]:575 bh->b_count 2, bh->b_page ffffea000709b000, page->index 0, i_ino 1033103, i_size 25165824
NILFS [nilfs_segbuf_submit_bh]:576 segbuf->sb_segnum 6785
NILFS [nilfs_segbuf_submit_bh]:577 bh->b_assoc_buffers.next ffff880218a0d5f8, bh->b_assoc_buffers.prev ffff880222cc7ee8
NILFS [nilfs_segbuf_submit_bio]:464 bio->bi_sector 111165440, segbuf->sb_segnum 6785, segbuf->sb_nbio 0
[----------] ditto
NILFS [nilfs_segbuf_submit_bio]:464 bio->bi_sector 111177728, segbuf->sb_segnum 6785, segbuf->sb_nbio 12
NILFS [nilfs_segctor_do_construct]:2399 nilfs_segctor_wait
NILFS [nilfs_segbuf_wait]:676 segbuf->sb_segnum 6783
NILFS [nilfs_segbuf_wait]:676 segbuf->sb_segnum 6784
NILFS [nilfs_segbuf_wait]:676 segbuf->sb_segnum 6785
NILFS [nilfs_segctor_complete_write]:2100 bh->b_count 0, bh->b_blocknr 13895680, bh->b_size 13897727, bh->b_page 0000000000001a82
BUG: unable to handle kernel paging request at 0000000000001a82
IP: [<ffffffffa024d0f2>] nilfs_end_page_io+0x12/0xd0 [nilfs2]
Usually, for every segment we collect dirty files in list. Then, dirty
blocks are gathered for every dirty file, prepared for write and
submitted by means of nilfs_segbuf_submit_bh() call. Finally, it takes
place complete write phase after calling nilfs_end_bio_write() on the
block layer. Buffers/pages are marked as not dirty on final phase and
processed files removed from the list of dirty files.
It is possible to see that we had three prepare_write and submit_bio
phases before segbuf_wait and complete_write phase. Moreover, segments
compete between each other for dirty blocks because on every iteration
of segments processing dirty buffer_heads are added in several lists of
payload_buffers:
[SEGMENT 6784]: bh->b_assoc_buffers.next ffff880218a0d5f8, bh->b_assoc_buffers.prev ffff880218bcdf50
[SEGMENT 6785]: bh->b_assoc_buffers.next ffff880218a0d5f8, bh->b_assoc_buffers.prev ffff880222cc7ee8
The next pointer is the same but prev pointer has changed. It means
that buffer_head has next pointer from one list but prev pointer from
another. Such modification can be made several times. And, finally, it
can be resulted in various issues: (1) segctor hanging, (2) segctor
crashing, (3) file system metadata corruption.
FIX:
This patch adds:
(1) setting of BH_Async_Write flag in nilfs_segctor_prepare_write()
for every proccessed dirty block;
(2) checking of BH_Async_Write flag in
nilfs_lookup_dirty_data_buffers() and
nilfs_lookup_dirty_node_buffers();
(3) clearing of BH_Async_Write flag in nilfs_segctor_complete_write(),
nilfs_abort_logs(), nilfs_forget_buffer(), nilfs_clear_dirty_page().
Reported-by: Jerome Poulin <jeromepoulin@gmail.com>
Reported-by: Anton Eliasson <devel@antoneliasson.se>
Cc: Paul Fertser <fercerpav@gmail.com>
Cc: ARAI Shun-ichi <hermes@ceres.dti.ne.jp>
Cc: Piotr Szymaniak <szarpaj@grubelek.pl>
Cc: Juan Barry Manuel Canham <Linux@riotingpacifist.net>
Cc: Zahid Chowdhury <zahid.chowdhury@starsolutions.com>
Cc: Elmer Zhang <freeboy6716@gmail.com>
Cc: Kenneth Langga <klangga@gmail.com>
Signed-off-by: Vyacheslav Dubeyko <slava@dubeyko.com>
Acked-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-09-30 13:45:12 -07:00
if ( ! buffer_dirty ( bh ) | | buffer_async_write ( bh ) )
2009-04-06 19:01:38 -07:00
continue ;
get_bh ( bh ) ;
list_add_tail ( & bh - > b_assoc_buffers , listp ) ;
ndirties + + ;
if ( unlikely ( ndirties > = nlimit ) ) {
2023-01-04 13:14:43 -08:00
folio_batch_release ( & fbatch ) ;
2009-04-06 19:01:38 -07:00
cond_resched ( ) ;
return ndirties ;
2009-04-06 19:01:37 -07:00
}
2009-04-06 19:01:38 -07:00
} while ( bh = bh - > b_this_page , bh ! = head ) ;
2009-04-06 19:01:37 -07:00
}
2023-01-04 13:14:43 -08:00
folio_batch_release ( & fbatch ) ;
2009-04-06 19:01:37 -07:00
cond_resched ( ) ;
2009-04-06 19:01:38 -07:00
goto repeat ;
2009-04-06 19:01:37 -07:00
}
static void nilfs_lookup_dirty_node_buffers ( struct inode * inode ,
struct list_head * listp )
{
struct nilfs_inode_info * ii = NILFS_I ( inode ) ;
2022-04-01 11:28:18 -07:00
struct inode * btnc_inode = ii - > i_assoc_inode ;
2023-01-04 13:14:44 -08:00
struct folio_batch fbatch ;
2009-04-06 19:01:37 -07:00
struct buffer_head * bh , * head ;
unsigned int i ;
pgoff_t index = 0 ;
2022-04-01 11:28:18 -07:00
if ( ! btnc_inode )
return ;
2023-01-04 13:14:44 -08:00
folio_batch_init ( & fbatch ) ;
2022-04-01 11:28:18 -07:00
2023-01-04 13:14:44 -08:00
while ( filemap_get_folios_tag ( btnc_inode - > i_mapping , & index ,
( pgoff_t ) - 1 , PAGECACHE_TAG_DIRTY , & fbatch ) ) {
for ( i = 0 ; i < folio_batch_count ( & fbatch ) ; i + + ) {
bh = head = folio_buffers ( fbatch . folios [ i ] ) ;
2009-04-06 19:01:37 -07:00
do {
nilfs2: fix issue with race condition of competition between segments for dirty blocks
Many NILFS2 users were reported about strange file system corruption
(for example):
NILFS: bad btree node (blocknr=185027): level = 0, flags = 0x0, nchildren = 768
NILFS error (device sda4): nilfs_bmap_last_key: broken bmap (inode number=11540)
But such error messages are consequence of file system's issue that takes
place more earlier. Fortunately, Jerome Poulin <jeromepoulin@gmail.com>
and Anton Eliasson <devel@antoneliasson.se> were reported about another
issue not so recently. These reports describe the issue with segctor
thread's crash:
BUG: unable to handle kernel paging request at 0000000000004c83
IP: nilfs_end_page_io+0x12/0xd0 [nilfs2]
Call Trace:
nilfs_segctor_do_construct+0xf25/0x1b20 [nilfs2]
nilfs_segctor_construct+0x17b/0x290 [nilfs2]
nilfs_segctor_thread+0x122/0x3b0 [nilfs2]
kthread+0xc0/0xd0
ret_from_fork+0x7c/0xb0
These two issues have one reason. This reason can raise third issue
too. Third issue results in hanging of segctor thread with eating of
100% CPU.
REPRODUCING PATH:
One of the possible way or the issue reproducing was described by
Jermoe me Poulin <jeromepoulin@gmail.com>:
1. init S to get to single user mode.
2. sysrq+E to make sure only my shell is running
3. start network-manager to get my wifi connection up
4. login as root and launch "screen"
5. cd /boot/log/nilfs which is a ext3 mount point and can log when NILFS dies.
6. lscp | xz -9e > lscp.txt.xz
7. mount my snapshot using mount -o cp=3360839,ro /dev/vgUbuntu/root /mnt/nilfs
8. start a screen to dump /proc/kmsg to text file since rsyslog is killed
9. start a screen and launch strace -f -o find-cat.log -t find
/mnt/nilfs -type f -exec cat {} > /dev/null \;
10. start a screen and launch strace -f -o apt-get.log -t apt-get update
11. launch the last command again as it did not crash the first time
12. apt-get crashes
13. ps aux > ps-aux-crashed.log
13. sysrq+W
14. sysrq+E wait for everything to terminate
15. sysrq+SUSB
Simplified way of the issue reproducing is starting kernel compilation
task and "apt-get update" in parallel.
REPRODUCIBILITY:
The issue is reproduced not stable [60% - 80%]. It is very important to
have proper environment for the issue reproducing. The critical
conditions for successful reproducing:
(1) It should have big modified file by mmap() way.
(2) This file should have the count of dirty blocks are greater that
several segments in size (for example, two or three) from time to time
during processing.
(3) It should be intensive background activity of files modification
in another thread.
INVESTIGATION:
First of all, it is possible to see that the reason of crash is not valid
page address:
NILFS [nilfs_segctor_complete_write]:2100 bh->b_count 0, bh->b_blocknr 13895680, bh->b_size 13897727, bh->b_page 0000000000001a82
NILFS [nilfs_segctor_complete_write]:2101 segbuf->sb_segnum 6783
Moreover, value of b_page (0x1a82) is 6786. This value looks like segment
number. And b_blocknr with b_size values look like block numbers. So,
buffer_head's pointer points on not proper address value.
Detailed investigation of the issue is discovered such picture:
[-----------------------------SEGMENT 6783-------------------------------]
NILFS [nilfs_segctor_do_construct]:2310 nilfs_segctor_begin_construction
NILFS [nilfs_segctor_do_construct]:2321 nilfs_segctor_collect
NILFS [nilfs_segctor_do_construct]:2336 nilfs_segctor_assign
NILFS [nilfs_segctor_do_construct]:2367 nilfs_segctor_update_segusage
NILFS [nilfs_segctor_do_construct]:2371 nilfs_segctor_prepare_write
NILFS [nilfs_segctor_do_construct]:2376 nilfs_add_checksums_on_logs
NILFS [nilfs_segctor_do_construct]:2381 nilfs_segctor_write
NILFS [nilfs_segbuf_submit_bio]:464 bio->bi_sector 111149024, segbuf->sb_segnum 6783
[-----------------------------SEGMENT 6784-------------------------------]
NILFS [nilfs_segctor_do_construct]:2310 nilfs_segctor_begin_construction
NILFS [nilfs_segctor_do_construct]:2321 nilfs_segctor_collect
NILFS [nilfs_lookup_dirty_data_buffers]:782 bh->b_count 1, bh->b_page ffffea000709b000, page->index 0, i_ino 1033103, i_size 25165824
NILFS [nilfs_lookup_dirty_data_buffers]:783 bh->b_assoc_buffers.next ffff8802174a6798, bh->b_assoc_buffers.prev ffff880221cffee8
NILFS [nilfs_segctor_do_construct]:2336 nilfs_segctor_assign
NILFS [nilfs_segctor_do_construct]:2367 nilfs_segctor_update_segusage
NILFS [nilfs_segctor_do_construct]:2371 nilfs_segctor_prepare_write
NILFS [nilfs_segctor_do_construct]:2376 nilfs_add_checksums_on_logs
NILFS [nilfs_segctor_do_construct]:2381 nilfs_segctor_write
NILFS [nilfs_segbuf_submit_bh]:575 bh->b_count 1, bh->b_page ffffea000709b000, page->index 0, i_ino 1033103, i_size 25165824
NILFS [nilfs_segbuf_submit_bh]:576 segbuf->sb_segnum 6784
NILFS [nilfs_segbuf_submit_bh]:577 bh->b_assoc_buffers.next ffff880218a0d5f8, bh->b_assoc_buffers.prev ffff880218bcdf50
NILFS [nilfs_segbuf_submit_bio]:464 bio->bi_sector 111150080, segbuf->sb_segnum 6784, segbuf->sb_nbio 0
[----------] ditto
NILFS [nilfs_segbuf_submit_bio]:464 bio->bi_sector 111164416, segbuf->sb_segnum 6784, segbuf->sb_nbio 15
[-----------------------------SEGMENT 6785-------------------------------]
NILFS [nilfs_segctor_do_construct]:2310 nilfs_segctor_begin_construction
NILFS [nilfs_segctor_do_construct]:2321 nilfs_segctor_collect
NILFS [nilfs_lookup_dirty_data_buffers]:782 bh->b_count 2, bh->b_page ffffea000709b000, page->index 0, i_ino 1033103, i_size 25165824
NILFS [nilfs_lookup_dirty_data_buffers]:783 bh->b_assoc_buffers.next ffff880219277e80, bh->b_assoc_buffers.prev ffff880221cffc88
NILFS [nilfs_segctor_do_construct]:2367 nilfs_segctor_update_segusage
NILFS [nilfs_segctor_do_construct]:2371 nilfs_segctor_prepare_write
NILFS [nilfs_segctor_do_construct]:2376 nilfs_add_checksums_on_logs
NILFS [nilfs_segctor_do_construct]:2381 nilfs_segctor_write
NILFS [nilfs_segbuf_submit_bh]:575 bh->b_count 2, bh->b_page ffffea000709b000, page->index 0, i_ino 1033103, i_size 25165824
NILFS [nilfs_segbuf_submit_bh]:576 segbuf->sb_segnum 6785
NILFS [nilfs_segbuf_submit_bh]:577 bh->b_assoc_buffers.next ffff880218a0d5f8, bh->b_assoc_buffers.prev ffff880222cc7ee8
NILFS [nilfs_segbuf_submit_bio]:464 bio->bi_sector 111165440, segbuf->sb_segnum 6785, segbuf->sb_nbio 0
[----------] ditto
NILFS [nilfs_segbuf_submit_bio]:464 bio->bi_sector 111177728, segbuf->sb_segnum 6785, segbuf->sb_nbio 12
NILFS [nilfs_segctor_do_construct]:2399 nilfs_segctor_wait
NILFS [nilfs_segbuf_wait]:676 segbuf->sb_segnum 6783
NILFS [nilfs_segbuf_wait]:676 segbuf->sb_segnum 6784
NILFS [nilfs_segbuf_wait]:676 segbuf->sb_segnum 6785
NILFS [nilfs_segctor_complete_write]:2100 bh->b_count 0, bh->b_blocknr 13895680, bh->b_size 13897727, bh->b_page 0000000000001a82
BUG: unable to handle kernel paging request at 0000000000001a82
IP: [<ffffffffa024d0f2>] nilfs_end_page_io+0x12/0xd0 [nilfs2]
Usually, for every segment we collect dirty files in list. Then, dirty
blocks are gathered for every dirty file, prepared for write and
submitted by means of nilfs_segbuf_submit_bh() call. Finally, it takes
place complete write phase after calling nilfs_end_bio_write() on the
block layer. Buffers/pages are marked as not dirty on final phase and
processed files removed from the list of dirty files.
It is possible to see that we had three prepare_write and submit_bio
phases before segbuf_wait and complete_write phase. Moreover, segments
compete between each other for dirty blocks because on every iteration
of segments processing dirty buffer_heads are added in several lists of
payload_buffers:
[SEGMENT 6784]: bh->b_assoc_buffers.next ffff880218a0d5f8, bh->b_assoc_buffers.prev ffff880218bcdf50
[SEGMENT 6785]: bh->b_assoc_buffers.next ffff880218a0d5f8, bh->b_assoc_buffers.prev ffff880222cc7ee8
The next pointer is the same but prev pointer has changed. It means
that buffer_head has next pointer from one list but prev pointer from
another. Such modification can be made several times. And, finally, it
can be resulted in various issues: (1) segctor hanging, (2) segctor
crashing, (3) file system metadata corruption.
FIX:
This patch adds:
(1) setting of BH_Async_Write flag in nilfs_segctor_prepare_write()
for every proccessed dirty block;
(2) checking of BH_Async_Write flag in
nilfs_lookup_dirty_data_buffers() and
nilfs_lookup_dirty_node_buffers();
(3) clearing of BH_Async_Write flag in nilfs_segctor_complete_write(),
nilfs_abort_logs(), nilfs_forget_buffer(), nilfs_clear_dirty_page().
Reported-by: Jerome Poulin <jeromepoulin@gmail.com>
Reported-by: Anton Eliasson <devel@antoneliasson.se>
Cc: Paul Fertser <fercerpav@gmail.com>
Cc: ARAI Shun-ichi <hermes@ceres.dti.ne.jp>
Cc: Piotr Szymaniak <szarpaj@grubelek.pl>
Cc: Juan Barry Manuel Canham <Linux@riotingpacifist.net>
Cc: Zahid Chowdhury <zahid.chowdhury@starsolutions.com>
Cc: Elmer Zhang <freeboy6716@gmail.com>
Cc: Kenneth Langga <klangga@gmail.com>
Signed-off-by: Vyacheslav Dubeyko <slava@dubeyko.com>
Acked-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-09-30 13:45:12 -07:00
if ( buffer_dirty ( bh ) & &
! buffer_async_write ( bh ) ) {
2009-04-06 19:01:37 -07:00
get_bh ( bh ) ;
list_add_tail ( & bh - > b_assoc_buffers ,
listp ) ;
}
bh = bh - > b_this_page ;
} while ( bh ! = head ) ;
}
2023-01-04 13:14:44 -08:00
folio_batch_release ( & fbatch ) ;
2009-04-06 19:01:37 -07:00
cond_resched ( ) ;
}
}
2011-03-09 11:05:07 +09:00
static void nilfs_dispose_list ( struct the_nilfs * nilfs ,
2009-04-06 19:01:37 -07:00
struct list_head * head , int force )
{
struct nilfs_inode_info * ii , * n ;
struct nilfs_inode_info * ivec [ SC_N_INODEVEC ] , * * pii ;
2016-05-23 16:23:39 -07:00
unsigned int nv = 0 ;
2009-04-06 19:01:37 -07:00
while ( ! list_empty ( head ) ) {
2011-03-09 11:05:07 +09:00
spin_lock ( & nilfs - > ns_inode_lock ) ;
2009-04-06 19:01:37 -07:00
list_for_each_entry_safe ( ii , n , head , i_dirty ) {
list_del_init ( & ii - > i_dirty ) ;
if ( force ) {
if ( unlikely ( ii - > i_bh ) ) {
brelse ( ii - > i_bh ) ;
ii - > i_bh = NULL ;
}
} else if ( test_bit ( NILFS_I_DIRTY , & ii - > i_state ) ) {
set_bit ( NILFS_I_QUEUED , & ii - > i_state ) ;
list_add_tail ( & ii - > i_dirty ,
2011-03-09 11:05:07 +09:00
& nilfs - > ns_dirty_files ) ;
2009-04-06 19:01:37 -07:00
continue ;
}
ivec [ nv + + ] = ii ;
if ( nv = = SC_N_INODEVEC )
break ;
}
2011-03-09 11:05:07 +09:00
spin_unlock ( & nilfs - > ns_inode_lock ) ;
2009-04-06 19:01:37 -07:00
for ( pii = ivec ; nv > 0 ; pii + + , nv - - )
iput ( & ( * pii ) - > vfs_inode ) ;
}
}
2015-02-05 12:25:20 -08:00
static void nilfs_iput_work_func ( struct work_struct * work )
{
struct nilfs_sc_info * sci = container_of ( work , struct nilfs_sc_info ,
sc_iput_work ) ;
struct the_nilfs * nilfs = sci - > sc_super - > s_fs_info ;
nilfs_dispose_list ( nilfs , & sci - > sc_iput_queue , 0 ) ;
}
2010-08-14 13:07:15 +09:00
static int nilfs_test_metadata_dirty ( struct the_nilfs * nilfs ,
struct nilfs_root * root )
2009-04-06 19:01:37 -07:00
{
int ret = 0 ;
2010-08-14 13:07:15 +09:00
if ( nilfs_mdt_fetch_dirty ( root - > ifile ) )
2009-04-06 19:01:37 -07:00
ret + + ;
if ( nilfs_mdt_fetch_dirty ( nilfs - > ns_cpfile ) )
ret + + ;
if ( nilfs_mdt_fetch_dirty ( nilfs - > ns_sufile ) )
ret + + ;
2010-12-27 00:07:30 +09:00
if ( ( ret | | nilfs_doing_gc ( ) ) & & nilfs_mdt_fetch_dirty ( nilfs - > ns_dat ) )
ret + + ;
2009-04-06 19:01:37 -07:00
return ret ;
}
static int nilfs_segctor_clean ( struct nilfs_sc_info * sci )
{
return list_empty ( & sci - > sc_dirty_files ) & &
! test_bit ( NILFS_SC_DIRTY , & sci - > sc_flags ) & &
2009-05-16 23:44:55 +09:00
sci - > sc_nfreesegs = = 0 & &
2009-04-06 19:01:37 -07:00
( ! nilfs_doing_gc ( ) | | list_empty ( & sci - > sc_gc_inodes ) ) ;
}
static int nilfs_segctor_confirm ( struct nilfs_sc_info * sci )
{
2011-03-09 11:05:08 +09:00
struct the_nilfs * nilfs = sci - > sc_super - > s_fs_info ;
2009-04-06 19:01:37 -07:00
int ret = 0 ;
2011-03-09 11:05:07 +09:00
if ( nilfs_test_metadata_dirty ( nilfs , sci - > sc_root ) )
2009-04-06 19:01:37 -07:00
set_bit ( NILFS_SC_DIRTY , & sci - > sc_flags ) ;
2011-03-09 11:05:07 +09:00
spin_lock ( & nilfs - > ns_inode_lock ) ;
if ( list_empty ( & nilfs - > ns_dirty_files ) & & nilfs_segctor_clean ( sci ) )
2009-04-06 19:01:37 -07:00
ret + + ;
2011-03-09 11:05:07 +09:00
spin_unlock ( & nilfs - > ns_inode_lock ) ;
2009-04-06 19:01:37 -07:00
return ret ;
}
static void nilfs_segctor_clear_metadata_dirty ( struct nilfs_sc_info * sci )
{
2011-03-09 11:05:08 +09:00
struct the_nilfs * nilfs = sci - > sc_super - > s_fs_info ;
2009-04-06 19:01:37 -07:00
2010-08-14 13:07:15 +09:00
nilfs_mdt_clear_dirty ( sci - > sc_root - > ifile ) ;
2009-04-06 19:01:37 -07:00
nilfs_mdt_clear_dirty ( nilfs - > ns_cpfile ) ;
nilfs_mdt_clear_dirty ( nilfs - > ns_sufile ) ;
2010-12-27 00:07:30 +09:00
nilfs_mdt_clear_dirty ( nilfs - > ns_dat ) ;
2009-04-06 19:01:37 -07:00
}
static void nilfs_fill_in_file_bmap ( struct inode * ifile ,
struct nilfs_inode_info * ii )
{
struct buffer_head * ibh ;
struct nilfs_inode * raw_inode ;
if ( test_bit ( NILFS_I_BMAP , & ii - > i_state ) ) {
ibh = ii - > i_bh ;
BUG_ON ( ! ibh ) ;
raw_inode = nilfs_ifile_map_inode ( ifile , ii - > vfs_inode . i_ino ,
ibh ) ;
nilfs_bmap_write ( ii - > i_bmap , raw_inode ) ;
2024-01-22 23:01:57 +09:00
nilfs_ifile_unmap_inode ( raw_inode ) ;
2009-04-06 19:01:37 -07:00
}
}
2010-08-14 13:07:15 +09:00
static void nilfs_segctor_fill_in_file_bmap ( struct nilfs_sc_info * sci )
2009-04-06 19:01:37 -07:00
{
struct nilfs_inode_info * ii ;
list_for_each_entry ( ii , & sci - > sc_dirty_files , i_dirty ) {
2010-08-14 13:07:15 +09:00
nilfs_fill_in_file_bmap ( sci - > sc_root - > ifile , ii ) ;
2009-04-06 19:01:37 -07:00
set_bit ( NILFS_I_COLLECTED , & ii - > i_state ) ;
}
}
2024-01-22 23:01:55 +09:00
/**
* nilfs_write_root_mdt_inode - export root metadata inode information to
* the on - disk inode
* @ inode : inode object of the root metadata file
* @ raw_inode : on - disk inode
*
* nilfs_write_root_mdt_inode ( ) writes inode information and bmap data of
* @ inode to the inode area of the metadata file allocated on the super root
* block created to finalize the log . Since super root blocks are configured
* each time , this function zero - fills the unused area of @ raw_inode .
*/
static void nilfs_write_root_mdt_inode ( struct inode * inode ,
struct nilfs_inode * raw_inode )
{
struct the_nilfs * nilfs = inode - > i_sb - > s_fs_info ;
nilfs_write_inode_common ( inode , raw_inode ) ;
/* zero-fill unused portion of raw_inode */
raw_inode - > i_xattr = 0 ;
raw_inode - > i_pad = 0 ;
memset ( ( void * ) raw_inode + sizeof ( * raw_inode ) , 0 ,
nilfs - > ns_inode_size - sizeof ( * raw_inode ) ) ;
nilfs_bmap_write ( NILFS_I ( inode ) - > i_bmap , raw_inode ) ;
}
2009-04-06 19:01:37 -07:00
static void nilfs_segctor_fill_in_super_root ( struct nilfs_sc_info * sci ,
struct the_nilfs * nilfs )
{
2010-03-23 01:15:31 +09:00
struct buffer_head * bh_sr ;
struct nilfs_super_root * raw_sr ;
2016-05-23 16:23:39 -07:00
unsigned int isz , srsz ;
2009-04-06 19:01:37 -07:00
2010-03-23 01:15:31 +09:00
bh_sr = NILFS_LAST_SEGBUF ( & sci - > sc_segbufs ) - > sb_super_root ;
nilfs2: fix buffer corruption due to concurrent device reads
As a result of analysis of a syzbot report, it turned out that in three
cases where nilfs2 allocates block device buffers directly via sb_getblk,
concurrent reads to the device can corrupt the allocated buffers.
Nilfs2 uses sb_getblk for segment summary blocks, that make up a log
header, and the super root block, that is the trailer, and when moving and
writing the second super block after fs resize.
In any of these, since the uptodate flag is not set when storing metadata
to be written in the allocated buffers, the stored metadata will be
overwritten if a device read of the same block occurs concurrently before
the write. This causes metadata corruption and misbehavior in the log
write itself, causing warnings in nilfs_btree_assign() as reported.
Fix these issues by setting an uptodate flag on the buffer head on the
first or before modifying each buffer obtained with sb_getblk, and
clearing the flag on failure.
When setting the uptodate flag, the lock_buffer/unlock_buffer pair is used
to perform necessary exclusive control, and the buffer is filled to ensure
that uninitialized bytes are not mixed into the data read from others. As
for buffers for segment summary blocks, they are filled incrementally, so
if the uptodate flag was unset on their allocation, set the flag and zero
fill the buffer once at that point.
Also, regarding the superblock move routine, the starting point of the
memset call to zerofill the block is incorrectly specified, which can
cause a buffer overflow on file systems with block sizes greater than
4KiB. In addition, if the superblock is moved within a large block, it is
necessary to assume the possibility that the data in the superblock will
be destroyed by zero-filling before copying. So fix these potential
issues as well.
Link: https://lkml.kernel.org/r/20230609035732.20426-1-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+31837fe952932efc8fb9@syzkaller.appspotmail.com
Closes: https://lkml.kernel.org/r/00000000000030000a05e981f475@google.com
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2023-06-09 12:57:32 +09:00
lock_buffer ( bh_sr ) ;
2010-03-23 01:15:31 +09:00
raw_sr = ( struct nilfs_super_root * ) bh_sr - > b_data ;
2011-04-30 18:56:12 +09:00
isz = nilfs - > ns_inode_size ;
srsz = NILFS_SR_BYTES ( isz ) ;
2010-03-23 01:15:31 +09:00
nilfs2: fix buffer corruption due to concurrent device reads
As a result of analysis of a syzbot report, it turned out that in three
cases where nilfs2 allocates block device buffers directly via sb_getblk,
concurrent reads to the device can corrupt the allocated buffers.
Nilfs2 uses sb_getblk for segment summary blocks, that make up a log
header, and the super root block, that is the trailer, and when moving and
writing the second super block after fs resize.
In any of these, since the uptodate flag is not set when storing metadata
to be written in the allocated buffers, the stored metadata will be
overwritten if a device read of the same block occurs concurrently before
the write. This causes metadata corruption and misbehavior in the log
write itself, causing warnings in nilfs_btree_assign() as reported.
Fix these issues by setting an uptodate flag on the buffer head on the
first or before modifying each buffer obtained with sb_getblk, and
clearing the flag on failure.
When setting the uptodate flag, the lock_buffer/unlock_buffer pair is used
to perform necessary exclusive control, and the buffer is filled to ensure
that uninitialized bytes are not mixed into the data read from others. As
for buffers for segment summary blocks, they are filled incrementally, so
if the uptodate flag was unset on their allocation, set the flag and zero
fill the buffer once at that point.
Also, regarding the superblock move routine, the starting point of the
memset call to zerofill the block is incorrectly specified, which can
cause a buffer overflow on file systems with block sizes greater than
4KiB. In addition, if the superblock is moved within a large block, it is
necessary to assume the possibility that the data in the superblock will
be destroyed by zero-filling before copying. So fix these potential
issues as well.
Link: https://lkml.kernel.org/r/20230609035732.20426-1-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+31837fe952932efc8fb9@syzkaller.appspotmail.com
Closes: https://lkml.kernel.org/r/00000000000030000a05e981f475@google.com
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2023-06-09 12:57:32 +09:00
raw_sr - > sr_sum = 0 ; /* Ensure initialization within this update */
2011-04-30 18:56:12 +09:00
raw_sr - > sr_bytes = cpu_to_le16 ( srsz ) ;
2009-04-06 19:01:37 -07:00
raw_sr - > sr_nongc_ctime
= cpu_to_le64 ( nilfs_doing_gc ( ) ?
nilfs - > ns_nongc_ctime : sci - > sc_seg_ctime ) ;
raw_sr - > sr_flags = 0 ;
2024-01-22 23:01:55 +09:00
nilfs_write_root_mdt_inode ( nilfs - > ns_dat , ( void * ) raw_sr +
NILFS_SR_DAT_OFFSET ( isz ) ) ;
nilfs_write_root_mdt_inode ( nilfs - > ns_cpfile , ( void * ) raw_sr +
NILFS_SR_CPFILE_OFFSET ( isz ) ) ;
nilfs_write_root_mdt_inode ( nilfs - > ns_sufile , ( void * ) raw_sr +
NILFS_SR_SUFILE_OFFSET ( isz ) ) ;
2011-04-30 18:56:12 +09:00
memset ( ( void * ) raw_sr + srsz , 0 , nilfs - > ns_blocksize - srsz ) ;
nilfs2: fix buffer corruption due to concurrent device reads
As a result of analysis of a syzbot report, it turned out that in three
cases where nilfs2 allocates block device buffers directly via sb_getblk,
concurrent reads to the device can corrupt the allocated buffers.
Nilfs2 uses sb_getblk for segment summary blocks, that make up a log
header, and the super root block, that is the trailer, and when moving and
writing the second super block after fs resize.
In any of these, since the uptodate flag is not set when storing metadata
to be written in the allocated buffers, the stored metadata will be
overwritten if a device read of the same block occurs concurrently before
the write. This causes metadata corruption and misbehavior in the log
write itself, causing warnings in nilfs_btree_assign() as reported.
Fix these issues by setting an uptodate flag on the buffer head on the
first or before modifying each buffer obtained with sb_getblk, and
clearing the flag on failure.
When setting the uptodate flag, the lock_buffer/unlock_buffer pair is used
to perform necessary exclusive control, and the buffer is filled to ensure
that uninitialized bytes are not mixed into the data read from others. As
for buffers for segment summary blocks, they are filled incrementally, so
if the uptodate flag was unset on their allocation, set the flag and zero
fill the buffer once at that point.
Also, regarding the superblock move routine, the starting point of the
memset call to zerofill the block is incorrectly specified, which can
cause a buffer overflow on file systems with block sizes greater than
4KiB. In addition, if the superblock is moved within a large block, it is
necessary to assume the possibility that the data in the superblock will
be destroyed by zero-filling before copying. So fix these potential
issues as well.
Link: https://lkml.kernel.org/r/20230609035732.20426-1-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+31837fe952932efc8fb9@syzkaller.appspotmail.com
Closes: https://lkml.kernel.org/r/00000000000030000a05e981f475@google.com
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2023-06-09 12:57:32 +09:00
set_buffer_uptodate ( bh_sr ) ;
unlock_buffer ( bh_sr ) ;
2009-04-06 19:01:37 -07:00
}
static void nilfs_redirty_inodes ( struct list_head * head )
{
struct nilfs_inode_info * ii ;
list_for_each_entry ( ii , head , i_dirty ) {
if ( test_bit ( NILFS_I_COLLECTED , & ii - > i_state ) )
clear_bit ( NILFS_I_COLLECTED , & ii - > i_state ) ;
}
}
static void nilfs_drop_collected_inodes ( struct list_head * head )
{
struct nilfs_inode_info * ii ;
list_for_each_entry ( ii , head , i_dirty ) {
if ( ! test_and_clear_bit ( NILFS_I_COLLECTED , & ii - > i_state ) )
continue ;
2014-10-13 15:53:22 -07:00
clear_bit ( NILFS_I_INODE_SYNC , & ii - > i_state ) ;
2009-04-06 19:01:37 -07:00
set_bit ( NILFS_I_UPDATED , & ii - > i_state ) ;
}
}
static int nilfs_segctor_apply_buffers ( struct nilfs_sc_info * sci ,
struct inode * inode ,
struct list_head * listp ,
int ( * collect ) ( struct nilfs_sc_info * ,
struct buffer_head * ,
struct inode * ) )
{
struct buffer_head * bh , * n ;
int err = 0 ;
if ( collect ) {
list_for_each_entry_safe ( bh , n , listp , b_assoc_buffers ) {
list_del_init ( & bh - > b_assoc_buffers ) ;
err = collect ( sci , bh , inode ) ;
brelse ( bh ) ;
if ( unlikely ( err ) )
goto dispose_buffers ;
}
return 0 ;
}
dispose_buffers :
while ( ! list_empty ( listp ) ) {
2011-05-05 12:56:51 +09:00
bh = list_first_entry ( listp , struct buffer_head ,
b_assoc_buffers ) ;
2009-04-06 19:01:37 -07:00
list_del_init ( & bh - > b_assoc_buffers ) ;
brelse ( bh ) ;
}
return err ;
}
2009-04-06 19:01:38 -07:00
static size_t nilfs_segctor_buffer_rest ( struct nilfs_sc_info * sci )
{
/* Remaining number of blocks within segment buffer */
return sci - > sc_segbuf_nblocks -
( sci - > sc_nblk_this_inc + sci - > sc_curseg - > sb_sum . nblocks ) ;
}
2009-04-06 19:01:37 -07:00
static int nilfs_segctor_scan_file ( struct nilfs_sc_info * sci ,
struct inode * inode ,
2016-05-23 16:22:57 -07:00
const struct nilfs_sc_operations * sc_ops )
2009-04-06 19:01:37 -07:00
{
LIST_HEAD ( data_buffers ) ;
LIST_HEAD ( node_buffers ) ;
2009-04-06 19:01:38 -07:00
int err ;
2009-04-06 19:01:37 -07:00
if ( ! ( sci - > sc_stage . flags & NILFS_CF_NODE ) ) {
2009-04-06 19:01:38 -07:00
size_t n , rest = nilfs_segctor_buffer_rest ( sci ) ;
n = nilfs_lookup_dirty_data_buffers (
inode , & data_buffers , rest + 1 , 0 , LLONG_MAX ) ;
if ( n > rest ) {
err = nilfs_segctor_apply_buffers (
2009-04-06 19:01:37 -07:00
sci , inode , & data_buffers ,
2009-04-06 19:01:38 -07:00
sc_ops - > collect_data ) ;
BUG_ON ( ! err ) ; /* always receive -E2BIG or true error */
2009-04-06 19:01:37 -07:00
goto break_or_fail ;
}
}
nilfs_lookup_dirty_node_buffers ( inode , & node_buffers ) ;
if ( ! ( sci - > sc_stage . flags & NILFS_CF_NODE ) ) {
err = nilfs_segctor_apply_buffers (
sci , inode , & data_buffers , sc_ops - > collect_data ) ;
if ( unlikely ( err ) ) {
/* dispose node list */
nilfs_segctor_apply_buffers (
sci , inode , & node_buffers , NULL ) ;
goto break_or_fail ;
}
sci - > sc_stage . flags | = NILFS_CF_NODE ;
}
/* Collect node */
err = nilfs_segctor_apply_buffers (
sci , inode , & node_buffers , sc_ops - > collect_node ) ;
if ( unlikely ( err ) )
goto break_or_fail ;
nilfs_bmap_lookup_dirty_buffers ( NILFS_I ( inode ) - > i_bmap , & node_buffers ) ;
err = nilfs_segctor_apply_buffers (
sci , inode , & node_buffers , sc_ops - > collect_bmap ) ;
if ( unlikely ( err ) )
goto break_or_fail ;
nilfs_segctor_end_finfo ( sci , inode ) ;
sci - > sc_stage . flags & = ~ NILFS_CF_NODE ;
break_or_fail :
return err ;
}
static int nilfs_segctor_scan_file_dsync ( struct nilfs_sc_info * sci ,
struct inode * inode )
{
LIST_HEAD ( data_buffers ) ;
2009-04-06 19:01:38 -07:00
size_t n , rest = nilfs_segctor_buffer_rest ( sci ) ;
int err ;
2009-04-06 19:01:37 -07:00
2009-04-06 19:01:38 -07:00
n = nilfs_lookup_dirty_data_buffers ( inode , & data_buffers , rest + 1 ,
sci - > sc_dsync_start ,
sci - > sc_dsync_end ) ;
err = nilfs_segctor_apply_buffers ( sci , inode , & data_buffers ,
nilfs_collect_file_data ) ;
if ( ! err ) {
2009-04-06 19:01:37 -07:00
nilfs_segctor_end_finfo ( sci , inode ) ;
2009-04-06 19:01:38 -07:00
BUG_ON ( n > rest ) ;
/* always receive -E2BIG or true error if n > rest */
}
2009-04-06 19:01:37 -07:00
return err ;
}
static int nilfs_segctor_collect_blocks ( struct nilfs_sc_info * sci , int mode )
{
2011-03-09 11:05:08 +09:00
struct the_nilfs * nilfs = sci - > sc_super - > s_fs_info ;
2009-04-06 19:01:37 -07:00
struct list_head * head ;
struct nilfs_inode_info * ii ;
2009-05-16 23:44:55 +09:00
size_t ndone ;
2009-04-06 19:01:37 -07:00
int err = 0 ;
2015-11-06 16:31:59 -08:00
switch ( nilfs_sc_cstage_get ( sci ) ) {
2009-04-06 19:01:37 -07:00
case NILFS_ST_INIT :
/* Pre-processes */
sci - > sc_stage . flags = 0 ;
if ( ! test_bit ( NILFS_SC_UNCLOSED , & sci - > sc_flags ) ) {
sci - > sc_nblk_inc = 0 ;
sci - > sc_curseg - > sb_sum . flags = NILFS_SS_LOGBGN ;
if ( mode = = SC_LSEG_DSYNC ) {
2015-11-06 16:31:59 -08:00
nilfs_sc_cstage_set ( sci , NILFS_ST_DSYNC ) ;
2009-04-06 19:01:37 -07:00
goto dsync_mode ;
}
}
sci - > sc_stage . dirty_file_ptr = NULL ;
sci - > sc_stage . gc_inode_ptr = NULL ;
if ( mode = = SC_FLUSH_DAT ) {
2015-11-06 16:31:59 -08:00
nilfs_sc_cstage_set ( sci , NILFS_ST_DAT ) ;
2009-04-06 19:01:37 -07:00
goto dat_stage ;
}
2020-08-23 17:36:59 -05:00
nilfs_sc_cstage_inc ( sci ) ;
fallthrough ;
2009-04-06 19:01:37 -07:00
case NILFS_ST_GC :
if ( nilfs_doing_gc ( ) ) {
head = & sci - > sc_gc_inodes ;
ii = list_prepare_entry ( sci - > sc_stage . gc_inode_ptr ,
head , i_dirty ) ;
list_for_each_entry_continue ( ii , head , i_dirty ) {
err = nilfs_segctor_scan_file (
sci , & ii - > vfs_inode ,
& nilfs_sc_file_ops ) ;
if ( unlikely ( err ) ) {
sci - > sc_stage . gc_inode_ptr = list_entry (
ii - > i_dirty . prev ,
struct nilfs_inode_info ,
i_dirty ) ;
goto break_or_fail ;
}
set_bit ( NILFS_I_COLLECTED , & ii - > i_state ) ;
}
sci - > sc_stage . gc_inode_ptr = NULL ;
}
2020-08-23 17:36:59 -05:00
nilfs_sc_cstage_inc ( sci ) ;
fallthrough ;
2009-04-06 19:01:37 -07:00
case NILFS_ST_FILE :
head = & sci - > sc_dirty_files ;
ii = list_prepare_entry ( sci - > sc_stage . dirty_file_ptr , head ,
i_dirty ) ;
list_for_each_entry_continue ( ii , head , i_dirty ) {
clear_bit ( NILFS_I_DIRTY , & ii - > i_state ) ;
err = nilfs_segctor_scan_file ( sci , & ii - > vfs_inode ,
& nilfs_sc_file_ops ) ;
if ( unlikely ( err ) ) {
sci - > sc_stage . dirty_file_ptr =
list_entry ( ii - > i_dirty . prev ,
struct nilfs_inode_info ,
i_dirty ) ;
goto break_or_fail ;
}
/* sci->sc_stage.dirty_file_ptr = NILFS_I(inode); */
/* XXX: required ? */
}
sci - > sc_stage . dirty_file_ptr = NULL ;
if ( mode = = SC_FLUSH_FILE ) {
2015-11-06 16:31:59 -08:00
nilfs_sc_cstage_set ( sci , NILFS_ST_DONE ) ;
2009-04-06 19:01:37 -07:00
return 0 ;
}
2015-11-06 16:31:59 -08:00
nilfs_sc_cstage_inc ( sci ) ;
2009-04-06 19:01:37 -07:00
sci - > sc_stage . flags | = NILFS_CF_IFILE_STARTED ;
2020-08-23 17:36:59 -05:00
fallthrough ;
2009-04-06 19:01:37 -07:00
case NILFS_ST_IFILE :
2010-08-14 13:07:15 +09:00
err = nilfs_segctor_scan_file ( sci , sci - > sc_root - > ifile ,
2009-04-06 19:01:37 -07:00
& nilfs_sc_file_ops ) ;
if ( unlikely ( err ) )
break ;
2015-11-06 16:31:59 -08:00
nilfs_sc_cstage_inc ( sci ) ;
2009-04-06 19:01:37 -07:00
/* Creating a checkpoint */
2024-01-22 23:01:58 +09:00
err = nilfs_cpfile_create_checkpoint ( nilfs - > ns_cpfile ,
nilfs - > ns_cno ) ;
2009-04-06 19:01:37 -07:00
if ( unlikely ( err ) )
break ;
2020-08-23 17:36:59 -05:00
fallthrough ;
2009-04-06 19:01:37 -07:00
case NILFS_ST_CPFILE :
err = nilfs_segctor_scan_file ( sci , nilfs - > ns_cpfile ,
& nilfs_sc_file_ops ) ;
if ( unlikely ( err ) )
break ;
2020-08-23 17:36:59 -05:00
nilfs_sc_cstage_inc ( sci ) ;
fallthrough ;
2009-04-06 19:01:37 -07:00
case NILFS_ST_SUFILE :
2009-05-16 23:44:55 +09:00
err = nilfs_sufile_freev ( nilfs - > ns_sufile , sci - > sc_freesegs ,
sci - > sc_nfreesegs , & ndone ) ;
if ( unlikely ( err ) ) {
nilfs_sufile_cancel_freev ( nilfs - > ns_sufile ,
sci - > sc_freesegs , ndone ,
NULL ) ;
2009-04-06 19:01:37 -07:00
break ;
2009-05-16 23:44:55 +09:00
}
sci - > sc_stage . flags | = NILFS_CF_SUFREED ;
2009-04-06 19:01:37 -07:00
err = nilfs_segctor_scan_file ( sci , nilfs - > ns_sufile ,
& nilfs_sc_file_ops ) ;
if ( unlikely ( err ) )
break ;
2020-08-23 17:36:59 -05:00
nilfs_sc_cstage_inc ( sci ) ;
fallthrough ;
2009-04-06 19:01:37 -07:00
case NILFS_ST_DAT :
dat_stage :
2010-12-27 00:07:30 +09:00
err = nilfs_segctor_scan_file ( sci , nilfs - > ns_dat ,
2009-04-06 19:01:37 -07:00
& nilfs_sc_dat_ops ) ;
if ( unlikely ( err ) )
break ;
if ( mode = = SC_FLUSH_DAT ) {
2015-11-06 16:31:59 -08:00
nilfs_sc_cstage_set ( sci , NILFS_ST_DONE ) ;
2009-04-06 19:01:37 -07:00
return 0 ;
}
2020-08-23 17:36:59 -05:00
nilfs_sc_cstage_inc ( sci ) ;
fallthrough ;
2009-04-06 19:01:37 -07:00
case NILFS_ST_SR :
if ( mode = = SC_LSEG_SR ) {
/* Appending a super root */
err = nilfs_segctor_add_super_root ( sci ) ;
if ( unlikely ( err ) )
break ;
}
/* End of a logical segment */
sci - > sc_curseg - > sb_sum . flags | = NILFS_SS_LOGEND ;
2015-11-06 16:31:59 -08:00
nilfs_sc_cstage_set ( sci , NILFS_ST_DONE ) ;
2009-04-06 19:01:37 -07:00
return 0 ;
case NILFS_ST_DSYNC :
dsync_mode :
sci - > sc_curseg - > sb_sum . flags | = NILFS_SS_SYNDT ;
2009-04-06 19:01:38 -07:00
ii = sci - > sc_dsync_inode ;
2009-04-06 19:01:37 -07:00
if ( ! test_bit ( NILFS_I_BUSY , & ii - > i_state ) )
break ;
err = nilfs_segctor_scan_file_dsync ( sci , & ii - > vfs_inode ) ;
if ( unlikely ( err ) )
break ;
sci - > sc_curseg - > sb_sum . flags | = NILFS_SS_LOGEND ;
2015-11-06 16:31:59 -08:00
nilfs_sc_cstage_set ( sci , NILFS_ST_DONE ) ;
2009-04-06 19:01:37 -07:00
return 0 ;
case NILFS_ST_DONE :
return 0 ;
default :
BUG ( ) ;
}
break_or_fail :
return err ;
}
2009-11-29 23:03:04 +09:00
/**
* nilfs_segctor_begin_construction - setup segment buffer to make a new log
* @ sci : nilfs_sc_info
* @ nilfs : nilfs object
*/
2009-04-06 19:01:37 -07:00
static int nilfs_segctor_begin_construction ( struct nilfs_sc_info * sci ,
struct the_nilfs * nilfs )
{
2009-11-29 23:03:04 +09:00
struct nilfs_segment_buffer * segbuf , * prev ;
2009-04-06 19:01:37 -07:00
__u64 nextnum ;
2009-11-29 23:03:04 +09:00
int err , alloc = 0 ;
2009-04-06 19:01:37 -07:00
2009-11-29 23:03:04 +09:00
segbuf = nilfs_segbuf_new ( sci - > sc_super ) ;
if ( unlikely ( ! segbuf ) )
return - ENOMEM ;
2009-04-06 19:01:37 -07:00
2009-11-29 23:03:04 +09:00
if ( list_empty ( & sci - > sc_write_logs ) ) {
nilfs_segbuf_map ( segbuf , nilfs - > ns_segnum ,
nilfs - > ns_pseg_offset , nilfs ) ;
if ( segbuf - > sb_rest_blocks < NILFS_PSEG_MIN_BLOCKS ) {
nilfs_shift_to_next_segment ( nilfs ) ;
nilfs_segbuf_map ( segbuf , nilfs - > ns_segnum , 0 , nilfs ) ;
}
2009-04-06 19:01:37 -07:00
2009-11-29 23:03:04 +09:00
segbuf - > sb_sum . seg_seq = nilfs - > ns_seg_seq ;
nextnum = nilfs - > ns_nextnum ;
if ( nilfs - > ns_segnum = = nilfs - > ns_nextnum )
/* Start from the head of a new full segment */
alloc + + ;
} else {
/* Continue logs */
prev = NILFS_LAST_SEGBUF ( & sci - > sc_write_logs ) ;
nilfs_segbuf_map_cont ( segbuf , prev ) ;
segbuf - > sb_sum . seg_seq = prev - > sb_sum . seg_seq ;
nextnum = prev - > sb_nextnum ;
if ( segbuf - > sb_rest_blocks < NILFS_PSEG_MIN_BLOCKS ) {
nilfs_segbuf_map ( segbuf , prev - > sb_nextnum , 0 , nilfs ) ;
segbuf - > sb_sum . seg_seq + + ;
alloc + + ;
}
2009-04-06 19:01:37 -07:00
}
2009-11-18 17:25:12 +09:00
err = nilfs_sufile_mark_dirty ( nilfs - > ns_sufile , segbuf - > sb_segnum ) ;
2009-11-29 23:03:04 +09:00
if ( err )
goto failed ;
2009-04-06 19:01:37 -07:00
2009-11-29 23:03:04 +09:00
if ( alloc ) {
2009-04-06 19:01:58 -07:00
err = nilfs_sufile_alloc ( nilfs - > ns_sufile , & nextnum ) ;
2009-11-29 23:03:04 +09:00
if ( err )
goto failed ;
}
2009-04-06 19:01:37 -07:00
nilfs_segbuf_set_next_segnum ( segbuf , nextnum , nilfs ) ;
2009-11-29 23:03:04 +09:00
BUG_ON ( ! list_empty ( & sci - > sc_segbufs ) ) ;
list_add_tail ( & segbuf - > sb_list , & sci - > sc_segbufs ) ;
sci - > sc_segbuf_nblocks = segbuf - > sb_rest_blocks ;
2009-04-06 19:01:58 -07:00
return 0 ;
2009-11-29 23:03:04 +09:00
failed :
nilfs_segbuf_free ( segbuf ) ;
return err ;
2009-04-06 19:01:37 -07:00
}
static int nilfs_segctor_extend_segments ( struct nilfs_sc_info * sci ,
struct the_nilfs * nilfs , int nadd )
{
2009-11-29 16:51:16 +09:00
struct nilfs_segment_buffer * segbuf , * prev ;
2009-04-06 19:01:37 -07:00
struct inode * sufile = nilfs - > ns_sufile ;
__u64 nextnextnum ;
LIST_HEAD ( list ) ;
int err , ret , i ;
prev = NILFS_LAST_SEGBUF ( & sci - > sc_segbufs ) ;
/*
* Since the segment specified with nextnum might be allocated during
* the previous construction , the buffer including its segusage may
* not be dirty . The following call ensures that the buffer is dirty
* and will pin the buffer on memory until the sufile is written .
*/
2009-11-18 17:25:12 +09:00
err = nilfs_sufile_mark_dirty ( sufile , prev - > sb_nextnum ) ;
2009-04-06 19:01:37 -07:00
if ( unlikely ( err ) )
return err ;
for ( i = 0 ; i < nadd ; i + + ) {
/* extend segment info */
err = - ENOMEM ;
segbuf = nilfs_segbuf_new ( sci - > sc_super ) ;
if ( unlikely ( ! segbuf ) )
goto failed ;
/* map this buffer to region of segment on-disk */
2009-04-06 19:01:58 -07:00
nilfs_segbuf_map ( segbuf , prev - > sb_nextnum , 0 , nilfs ) ;
2009-04-06 19:01:37 -07:00
sci - > sc_segbuf_nblocks + = segbuf - > sb_rest_blocks ;
/* allocate the next next full segment */
err = nilfs_sufile_alloc ( sufile , & nextnextnum ) ;
if ( unlikely ( err ) )
goto failed_segbuf ;
segbuf - > sb_sum . seg_seq = prev - > sb_sum . seg_seq + 1 ;
nilfs_segbuf_set_next_segnum ( segbuf , nextnextnum , nilfs ) ;
list_add_tail ( & segbuf - > sb_list , & list ) ;
prev = segbuf ;
}
2009-11-29 02:39:11 +09:00
list_splice_tail ( & list , & sci - > sc_segbufs ) ;
2009-04-06 19:01:37 -07:00
return 0 ;
failed_segbuf :
nilfs_segbuf_free ( segbuf ) ;
failed :
2009-11-29 16:51:16 +09:00
list_for_each_entry ( segbuf , & list , sb_list ) {
2009-04-06 19:01:37 -07:00
ret = nilfs_sufile_free ( sufile , segbuf - > sb_nextnum ) ;
2009-04-06 19:01:55 -07:00
WARN_ON ( ret ) ; /* never fails */
2009-04-06 19:01:37 -07:00
}
2009-11-29 16:51:16 +09:00
nilfs_destroy_logs ( & list ) ;
2009-04-06 19:01:37 -07:00
return err ;
}
2009-11-29 23:03:04 +09:00
static void nilfs_free_incomplete_logs ( struct list_head * logs ,
struct the_nilfs * nilfs )
2009-04-06 19:01:37 -07:00
{
2009-11-29 23:03:04 +09:00
struct nilfs_segment_buffer * segbuf , * prev ;
struct inode * sufile = nilfs - > ns_sufile ;
2009-11-25 01:04:21 +09:00
int ret ;
2009-04-06 19:01:37 -07:00
2009-11-29 23:03:04 +09:00
segbuf = NILFS_FIRST_SEGBUF ( logs ) ;
2009-04-06 19:01:37 -07:00
if ( nilfs - > ns_nextnum ! = segbuf - > sb_nextnum ) {
2009-11-29 23:03:04 +09:00
ret = nilfs_sufile_free ( sufile , segbuf - > sb_nextnum ) ;
2009-04-06 19:01:55 -07:00
WARN_ON ( ret ) ; /* never fails */
2009-04-06 19:01:37 -07:00
}
2009-11-25 01:04:21 +09:00
if ( atomic_read ( & segbuf - > sb_err ) ) {
2009-04-06 19:01:37 -07:00
/* Case 1: The first segment failed */
if ( segbuf - > sb_pseg_start ! = segbuf - > sb_fseg_start )
2016-05-23 16:23:48 -07:00
/*
* Case 1 a : Partial segment appended into an existing
* segment
*/
2009-04-06 19:01:37 -07:00
nilfs_terminate_segment ( nilfs , segbuf - > sb_fseg_start ,
segbuf - > sb_fseg_end ) ;
else /* Case 1b: New full segment */
set_nilfs_discontinued ( nilfs ) ;
}
2009-11-29 23:03:04 +09:00
prev = segbuf ;
list_for_each_entry_continue ( segbuf , logs , sb_list ) {
if ( prev - > sb_nextnum ! = segbuf - > sb_nextnum ) {
ret = nilfs_sufile_free ( sufile , segbuf - > sb_nextnum ) ;
WARN_ON ( ret ) ; /* never fails */
}
2009-11-25 01:04:21 +09:00
if ( atomic_read ( & segbuf - > sb_err ) & &
segbuf - > sb_segnum ! = nilfs - > ns_nextnum )
/* Case 2: extended segment (!= next) failed */
2009-11-29 23:03:04 +09:00
nilfs_sufile_set_error ( sufile , segbuf - > sb_segnum ) ;
prev = segbuf ;
2009-04-06 19:01:37 -07:00
}
}
static void nilfs_segctor_update_segusage ( struct nilfs_sc_info * sci ,
struct inode * sufile )
{
struct nilfs_segment_buffer * segbuf ;
unsigned long live_blocks ;
int ret ;
list_for_each_entry ( segbuf , & sci - > sc_segbufs , sb_list ) {
live_blocks = segbuf - > sb_sum . nblocks +
( segbuf - > sb_pseg_start - segbuf - > sb_fseg_start ) ;
2009-11-18 18:23:34 +09:00
ret = nilfs_sufile_set_segment_usage ( sufile , segbuf - > sb_segnum ,
live_blocks ,
sci - > sc_seg_ctime ) ;
WARN_ON ( ret ) ; /* always succeed because the segusage is dirty */
2009-04-06 19:01:37 -07:00
}
}
2009-11-29 23:03:04 +09:00
static void nilfs_cancel_segusage ( struct list_head * logs , struct inode * sufile )
2009-04-06 19:01:37 -07:00
{
struct nilfs_segment_buffer * segbuf ;
int ret ;
2009-11-29 23:03:04 +09:00
segbuf = NILFS_FIRST_SEGBUF ( logs ) ;
2009-11-18 18:23:34 +09:00
ret = nilfs_sufile_set_segment_usage ( sufile , segbuf - > sb_segnum ,
segbuf - > sb_pseg_start -
segbuf - > sb_fseg_start , 0 ) ;
WARN_ON ( ret ) ; /* always succeed because the segusage is dirty */
2009-04-06 19:01:37 -07:00
2009-11-29 23:03:04 +09:00
list_for_each_entry_continue ( segbuf , logs , sb_list ) {
2009-11-18 18:23:34 +09:00
ret = nilfs_sufile_set_segment_usage ( sufile , segbuf - > sb_segnum ,
0 , 0 ) ;
2009-04-06 19:01:55 -07:00
WARN_ON ( ret ) ; /* always succeed */
2009-04-06 19:01:37 -07:00
}
}
static void nilfs_segctor_truncate_segments ( struct nilfs_sc_info * sci ,
struct nilfs_segment_buffer * last ,
struct inode * sufile )
{
2009-11-29 16:51:16 +09:00
struct nilfs_segment_buffer * segbuf = last ;
2009-04-06 19:01:37 -07:00
int ret ;
2009-11-29 16:51:16 +09:00
list_for_each_entry_continue ( segbuf , & sci - > sc_segbufs , sb_list ) {
2009-04-06 19:01:37 -07:00
sci - > sc_segbuf_nblocks - = segbuf - > sb_rest_blocks ;
ret = nilfs_sufile_free ( sufile , segbuf - > sb_nextnum ) ;
2009-04-06 19:01:55 -07:00
WARN_ON ( ret ) ;
2009-04-06 19:01:37 -07:00
}
2009-11-29 16:51:16 +09:00
nilfs_truncate_logs ( & sci - > sc_segbufs , last ) ;
2009-04-06 19:01:37 -07:00
}
static int nilfs_segctor_collect ( struct nilfs_sc_info * sci ,
struct the_nilfs * nilfs , int mode )
{
struct nilfs_cstage prev_stage = sci - > sc_stage ;
int err , nadd = 1 ;
/* Collection retry loop */
for ( ; ; ) {
sci - > sc_nblk_this_inc = 0 ;
sci - > sc_curseg = NILFS_FIRST_SEGBUF ( & sci - > sc_segbufs ) ;
err = nilfs_segctor_reset_segment_buffer ( sci ) ;
if ( unlikely ( err ) )
goto failed ;
err = nilfs_segctor_collect_blocks ( sci , mode ) ;
sci - > sc_nblk_this_inc + = sci - > sc_curseg - > sb_sum . nblocks ;
if ( ! err )
break ;
if ( unlikely ( err ! = - E2BIG ) )
goto failed ;
/* The current segment is filled up */
2015-11-06 16:31:59 -08:00
if ( mode ! = SC_LSEG_SR | |
nilfs_sc_cstage_get ( sci ) < NILFS_ST_CPFILE )
2009-04-06 19:01:37 -07:00
break ;
2010-03-22 14:01:24 +09:00
nilfs_clear_logs ( & sci - > sc_segbufs ) ;
2009-05-16 23:44:55 +09:00
if ( sci - > sc_stage . flags & NILFS_CF_SUFREED ) {
err = nilfs_sufile_cancel_freev ( nilfs - > ns_sufile ,
sci - > sc_freesegs ,
sci - > sc_nfreesegs ,
NULL ) ;
WARN_ON ( err ) ; /* do not happen */
2014-01-14 17:56:36 -08:00
sci - > sc_stage . flags & = ~ NILFS_CF_SUFREED ;
2009-05-16 23:44:55 +09:00
}
2014-01-14 17:56:36 -08:00
err = nilfs_segctor_extend_segments ( sci , nilfs , nadd ) ;
if ( unlikely ( err ) )
return err ;
2009-04-06 19:01:37 -07:00
nadd = min_t ( int , nadd < < 1 , SC_MAX_SEGDELTA ) ;
sci - > sc_stage = prev_stage ;
}
2023-04-18 02:35:13 +09:00
nilfs_segctor_zeropad_segsum ( sci ) ;
2009-04-06 19:01:37 -07:00
nilfs_segctor_truncate_segments ( sci , sci - > sc_curseg , nilfs - > ns_sufile ) ;
return 0 ;
failed :
return err ;
}
static void nilfs_list_replace_buffer ( struct buffer_head * old_bh ,
struct buffer_head * new_bh )
{
BUG_ON ( ! list_empty ( & new_bh - > b_assoc_buffers ) ) ;
list_replace_init ( & old_bh - > b_assoc_buffers , & new_bh - > b_assoc_buffers ) ;
/* The caller must release old_bh */
}
static int
nilfs_segctor_update_payload_blocknr ( struct nilfs_sc_info * sci ,
struct nilfs_segment_buffer * segbuf ,
int mode )
{
struct inode * inode = NULL ;
sector_t blocknr ;
unsigned long nfinfo = segbuf - > sb_sum . nfinfo ;
unsigned long nblocks = 0 , ndatablk = 0 ;
2016-05-23 16:22:57 -07:00
const struct nilfs_sc_operations * sc_op = NULL ;
2009-04-06 19:01:37 -07:00
struct nilfs_segsum_pointer ssp ;
struct nilfs_finfo * finfo = NULL ;
union nilfs_binfo binfo ;
struct buffer_head * bh , * bh_org ;
ino_t ino = 0 ;
int err = 0 ;
if ( ! nfinfo )
goto out ;
blocknr = segbuf - > sb_pseg_start + segbuf - > sb_sum . nsumblk ;
ssp . bh = NILFS_SEGBUF_FIRST_BH ( & segbuf - > sb_segsum_buffers ) ;
ssp . offset = sizeof ( struct nilfs_segment_summary ) ;
list_for_each_entry ( bh , & segbuf - > sb_payload_buffers , b_assoc_buffers ) {
2010-03-23 01:15:31 +09:00
if ( bh = = segbuf - > sb_super_root )
2009-04-06 19:01:37 -07:00
break ;
if ( ! finfo ) {
finfo = nilfs_segctor_map_segsum_entry (
sci , & ssp , sizeof ( * finfo ) ) ;
ino = le64_to_cpu ( finfo - > fi_ino ) ;
nblocks = le32_to_cpu ( finfo - > fi_nblocks ) ;
ndatablk = le32_to_cpu ( finfo - > fi_ndatablk ) ;
2022-12-15 21:44:00 +00:00
inode = bh - > b_folio - > mapping - > host ;
2009-04-06 19:01:37 -07:00
if ( mode = = SC_LSEG_DSYNC )
sc_op = & nilfs_sc_dsync_ops ;
else if ( ino = = NILFS_DAT_INO )
sc_op = & nilfs_sc_dat_ops ;
else /* file blocks */
sc_op = & nilfs_sc_file_ops ;
}
bh_org = bh ;
get_bh ( bh_org ) ;
err = nilfs_bmap_assign ( NILFS_I ( inode ) - > i_bmap , & bh , blocknr ,
& binfo ) ;
if ( bh ! = bh_org )
nilfs_list_replace_buffer ( bh_org , bh ) ;
brelse ( bh_org ) ;
if ( unlikely ( err ) )
goto failed_bmap ;
if ( ndatablk > 0 )
sc_op - > write_data_binfo ( sci , & ssp , & binfo ) ;
else
sc_op - > write_node_binfo ( sci , & ssp , & binfo ) ;
blocknr + + ;
if ( - - nblocks = = 0 ) {
finfo = NULL ;
if ( - - nfinfo = = 0 )
break ;
} else if ( ndatablk > 0 )
ndatablk - - ;
}
out :
return 0 ;
failed_bmap :
return err ;
}
static int nilfs_segctor_assign ( struct nilfs_sc_info * sci , int mode )
{
struct nilfs_segment_buffer * segbuf ;
int err ;
list_for_each_entry ( segbuf , & sci - > sc_segbufs , sb_list ) {
err = nilfs_segctor_update_payload_blocknr ( sci , segbuf , mode ) ;
if ( unlikely ( err ) )
return err ;
nilfs_segbuf_fill_in_segsum ( segbuf ) ;
}
return 0 ;
}
2023-11-14 17:44:26 +09:00
static void nilfs_begin_folio_io ( struct folio * folio )
2009-04-06 19:01:37 -07:00
{
2023-11-14 17:44:26 +09:00
if ( ! folio | | folio_test_writeback ( folio ) )
2016-05-23 16:23:48 -07:00
/*
* For split b - tree node pages , this function may be called
* twice . We ignore the 2 nd or later calls by this check .
*/
2011-04-04 12:53:28 +09:00
return ;
2009-04-06 19:01:37 -07:00
2023-11-14 17:44:26 +09:00
folio_lock ( folio ) ;
folio_clear_dirty_for_io ( folio ) ;
folio_start_writeback ( folio ) ;
folio_unlock ( folio ) ;
2009-04-06 19:01:37 -07:00
}
2011-04-04 12:53:28 +09:00
static void nilfs_segctor_prepare_write ( struct nilfs_sc_info * sci )
2009-04-06 19:01:37 -07:00
{
struct nilfs_segment_buffer * segbuf ;
2023-11-14 17:44:26 +09:00
struct folio * bd_folio = NULL , * fs_folio = NULL ;
2009-04-06 19:01:37 -07:00
list_for_each_entry ( segbuf , & sci - > sc_segbufs , sb_list ) {
struct buffer_head * bh ;
list_for_each_entry ( bh , & segbuf - > sb_segsum_buffers ,
b_assoc_buffers ) {
2023-11-14 17:44:26 +09:00
if ( bh - > b_folio ! = bd_folio ) {
if ( bd_folio ) {
folio_lock ( bd_folio ) ;
folio_clear_dirty_for_io ( bd_folio ) ;
folio_start_writeback ( bd_folio ) ;
folio_unlock ( bd_folio ) ;
2009-04-06 19:01:37 -07:00
}
2023-11-14 17:44:26 +09:00
bd_folio = bh - > b_folio ;
2009-04-06 19:01:37 -07:00
}
}
list_for_each_entry ( bh , & segbuf - > sb_payload_buffers ,
b_assoc_buffers ) {
2010-03-23 01:15:31 +09:00
if ( bh = = segbuf - > sb_super_root ) {
2023-11-14 17:44:26 +09:00
if ( bh - > b_folio ! = bd_folio ) {
folio_lock ( bd_folio ) ;
folio_clear_dirty_for_io ( bd_folio ) ;
folio_start_writeback ( bd_folio ) ;
folio_unlock ( bd_folio ) ;
bd_folio = bh - > b_folio ;
2009-04-06 19:01:37 -07:00
}
break ;
}
2024-02-04 01:16:45 +09:00
set_buffer_async_write ( bh ) ;
2023-11-14 17:44:26 +09:00
if ( bh - > b_folio ! = fs_folio ) {
nilfs_begin_folio_io ( fs_folio ) ;
fs_folio = bh - > b_folio ;
2009-04-06 19:01:37 -07:00
}
}
}
2023-11-14 17:44:26 +09:00
if ( bd_folio ) {
folio_lock ( bd_folio ) ;
folio_clear_dirty_for_io ( bd_folio ) ;
folio_start_writeback ( bd_folio ) ;
folio_unlock ( bd_folio ) ;
2009-04-06 19:01:37 -07:00
}
2023-11-14 17:44:26 +09:00
nilfs_begin_folio_io ( fs_folio ) ;
2009-04-06 19:01:37 -07:00
}
static int nilfs_segctor_write ( struct nilfs_sc_info * sci ,
2009-11-29 01:17:31 +09:00
struct the_nilfs * nilfs )
2009-04-06 19:01:37 -07:00
{
2009-12-17 00:55:40 +09:00
int ret ;
2009-04-06 19:01:37 -07:00
2009-12-17 00:55:40 +09:00
ret = nilfs_write_logs ( & sci - > sc_segbufs , nilfs ) ;
2009-11-29 23:03:04 +09:00
list_splice_tail_init ( & sci - > sc_segbufs , & sci - > sc_write_logs ) ;
return ret ;
2009-04-06 19:01:37 -07:00
}
2023-11-14 17:44:17 +09:00
static void nilfs_end_folio_io ( struct folio * folio , int err )
2009-04-06 19:01:37 -07:00
{
2023-11-14 17:44:17 +09:00
if ( ! folio )
2009-04-06 19:01:37 -07:00
return ;
2023-11-14 17:44:17 +09:00
if ( buffer_nilfs_node ( folio_buffers ( folio ) ) & &
! folio_test_writeback ( folio ) ) {
2009-06-18 23:52:23 +09:00
/*
* For b - tree node pages , this function may be called twice
* or more because they might be split in a segment .
*/
2023-11-14 17:44:17 +09:00
if ( folio_test_dirty ( folio ) ) {
2009-07-28 17:55:29 +09:00
/*
* For pages holding split b - tree node buffers , dirty
* flag on the buffers may be cleared discretely .
* In that case , the page is once redirtied for
* remaining buffers , and it must be cancelled if
* all the buffers get cleaned later .
*/
2023-11-14 17:44:17 +09:00
folio_lock ( folio ) ;
2023-11-14 17:44:21 +09:00
if ( nilfs_folio_buffers_clean ( folio ) )
2023-11-14 17:44:25 +09:00
__nilfs_clear_folio_dirty ( folio ) ;
2023-11-14 17:44:17 +09:00
folio_unlock ( folio ) ;
2009-07-28 17:55:29 +09:00
}
2009-04-06 19:01:37 -07:00
return ;
2009-07-28 17:55:29 +09:00
}
2009-04-06 19:01:37 -07:00
2011-04-04 12:53:28 +09:00
if ( ! err ) {
2023-11-14 17:44:21 +09:00
if ( ! nilfs_folio_buffers_clean ( folio ) )
2023-11-14 17:44:17 +09:00
filemap_dirty_folio ( folio - > mapping , folio ) ;
folio_clear_error ( folio ) ;
2011-04-04 12:53:28 +09:00
} else {
2023-11-14 17:44:17 +09:00
filemap_dirty_folio ( folio - > mapping , folio ) ;
folio_set_error ( folio ) ;
2009-04-06 19:01:37 -07:00
}
2011-04-04 12:53:28 +09:00
2023-11-14 17:44:17 +09:00
folio_end_writeback ( folio ) ;
}
2011-04-04 12:53:28 +09:00
static void nilfs_abort_logs ( struct list_head * logs , int err )
2009-04-06 19:01:37 -07:00
{
struct nilfs_segment_buffer * segbuf ;
2023-11-14 17:44:18 +09:00
struct folio * bd_folio = NULL , * fs_folio = NULL ;
2009-11-29 23:03:04 +09:00
struct buffer_head * bh ;
2009-04-06 19:01:37 -07:00
2009-11-29 23:03:04 +09:00
if ( list_empty ( logs ) )
return ;
2009-04-06 19:01:37 -07:00
2009-11-29 23:03:04 +09:00
list_for_each_entry ( segbuf , logs , sb_list ) {
2009-04-06 19:01:37 -07:00
list_for_each_entry ( bh , & segbuf - > sb_segsum_buffers ,
b_assoc_buffers ) {
nilfs2: fix buffer corruption due to concurrent device reads
As a result of analysis of a syzbot report, it turned out that in three
cases where nilfs2 allocates block device buffers directly via sb_getblk,
concurrent reads to the device can corrupt the allocated buffers.
Nilfs2 uses sb_getblk for segment summary blocks, that make up a log
header, and the super root block, that is the trailer, and when moving and
writing the second super block after fs resize.
In any of these, since the uptodate flag is not set when storing metadata
to be written in the allocated buffers, the stored metadata will be
overwritten if a device read of the same block occurs concurrently before
the write. This causes metadata corruption and misbehavior in the log
write itself, causing warnings in nilfs_btree_assign() as reported.
Fix these issues by setting an uptodate flag on the buffer head on the
first or before modifying each buffer obtained with sb_getblk, and
clearing the flag on failure.
When setting the uptodate flag, the lock_buffer/unlock_buffer pair is used
to perform necessary exclusive control, and the buffer is filled to ensure
that uninitialized bytes are not mixed into the data read from others. As
for buffers for segment summary blocks, they are filled incrementally, so
if the uptodate flag was unset on their allocation, set the flag and zero
fill the buffer once at that point.
Also, regarding the superblock move routine, the starting point of the
memset call to zerofill the block is incorrectly specified, which can
cause a buffer overflow on file systems with block sizes greater than
4KiB. In addition, if the superblock is moved within a large block, it is
necessary to assume the possibility that the data in the superblock will
be destroyed by zero-filling before copying. So fix these potential
issues as well.
Link: https://lkml.kernel.org/r/20230609035732.20426-1-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+31837fe952932efc8fb9@syzkaller.appspotmail.com
Closes: https://lkml.kernel.org/r/00000000000030000a05e981f475@google.com
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2023-06-09 12:57:32 +09:00
clear_buffer_uptodate ( bh ) ;
2023-11-14 17:44:18 +09:00
if ( bh - > b_folio ! = bd_folio ) {
if ( bd_folio )
folio_end_writeback ( bd_folio ) ;
bd_folio = bh - > b_folio ;
2009-04-06 19:01:37 -07:00
}
}
list_for_each_entry ( bh , & segbuf - > sb_payload_buffers ,
b_assoc_buffers ) {
2010-03-23 01:15:31 +09:00
if ( bh = = segbuf - > sb_super_root ) {
nilfs2: fix buffer corruption due to concurrent device reads
As a result of analysis of a syzbot report, it turned out that in three
cases where nilfs2 allocates block device buffers directly via sb_getblk,
concurrent reads to the device can corrupt the allocated buffers.
Nilfs2 uses sb_getblk for segment summary blocks, that make up a log
header, and the super root block, that is the trailer, and when moving and
writing the second super block after fs resize.
In any of these, since the uptodate flag is not set when storing metadata
to be written in the allocated buffers, the stored metadata will be
overwritten if a device read of the same block occurs concurrently before
the write. This causes metadata corruption and misbehavior in the log
write itself, causing warnings in nilfs_btree_assign() as reported.
Fix these issues by setting an uptodate flag on the buffer head on the
first or before modifying each buffer obtained with sb_getblk, and
clearing the flag on failure.
When setting the uptodate flag, the lock_buffer/unlock_buffer pair is used
to perform necessary exclusive control, and the buffer is filled to ensure
that uninitialized bytes are not mixed into the data read from others. As
for buffers for segment summary blocks, they are filled incrementally, so
if the uptodate flag was unset on their allocation, set the flag and zero
fill the buffer once at that point.
Also, regarding the superblock move routine, the starting point of the
memset call to zerofill the block is incorrectly specified, which can
cause a buffer overflow on file systems with block sizes greater than
4KiB. In addition, if the superblock is moved within a large block, it is
necessary to assume the possibility that the data in the superblock will
be destroyed by zero-filling before copying. So fix these potential
issues as well.
Link: https://lkml.kernel.org/r/20230609035732.20426-1-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+31837fe952932efc8fb9@syzkaller.appspotmail.com
Closes: https://lkml.kernel.org/r/00000000000030000a05e981f475@google.com
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2023-06-09 12:57:32 +09:00
clear_buffer_uptodate ( bh ) ;
2023-11-14 17:44:18 +09:00
if ( bh - > b_folio ! = bd_folio ) {
folio_end_writeback ( bd_folio ) ;
bd_folio = bh - > b_folio ;
2009-04-06 19:01:37 -07:00
}
break ;
}
2024-02-04 01:16:45 +09:00
clear_buffer_async_write ( bh ) ;
2023-11-14 17:44:18 +09:00
if ( bh - > b_folio ! = fs_folio ) {
nilfs_end_folio_io ( fs_folio , err ) ;
fs_folio = bh - > b_folio ;
2009-04-06 19:01:37 -07:00
}
}
}
2023-11-14 17:44:18 +09:00
if ( bd_folio )
folio_end_writeback ( bd_folio ) ;
2009-04-06 19:01:37 -07:00
2023-11-14 17:44:18 +09:00
nilfs_end_folio_io ( fs_folio , err ) ;
2009-11-29 23:03:04 +09:00
}
static void nilfs_segctor_abort_construction ( struct nilfs_sc_info * sci ,
struct the_nilfs * nilfs , int err )
{
LIST_HEAD ( logs ) ;
int ret ;
list_splice_tail_init ( & sci - > sc_write_logs , & logs ) ;
ret = nilfs_wait_on_logs ( & logs ) ;
2011-04-04 12:53:28 +09:00
nilfs_abort_logs ( & logs , ret ? : err ) ;
2009-11-29 23:03:04 +09:00
list_splice_tail_init ( & sci - > sc_segbufs , & logs ) ;
nilfs_cancel_segusage ( & logs , nilfs - > ns_sufile ) ;
nilfs_free_incomplete_logs ( & logs , nilfs ) ;
if ( sci - > sc_stage . flags & NILFS_CF_SUFREED ) {
ret = nilfs_sufile_cancel_freev ( nilfs - > ns_sufile ,
sci - > sc_freesegs ,
sci - > sc_nfreesegs ,
NULL ) ;
WARN_ON ( ret ) ; /* do not happen */
}
nilfs_destroy_logs ( & logs ) ;
2009-04-06 19:01:37 -07:00
}
static void nilfs_set_next_segment ( struct the_nilfs * nilfs ,
struct nilfs_segment_buffer * segbuf )
{
nilfs - > ns_segnum = segbuf - > sb_segnum ;
nilfs - > ns_nextnum = segbuf - > sb_nextnum ;
nilfs - > ns_pseg_offset = segbuf - > sb_pseg_start - segbuf - > sb_fseg_start
+ segbuf - > sb_sum . nblocks ;
nilfs - > ns_seg_seq = segbuf - > sb_sum . seg_seq ;
nilfs - > ns_ctime = segbuf - > sb_sum . ctime ;
}
static void nilfs_segctor_complete_write ( struct nilfs_sc_info * sci )
{
struct nilfs_segment_buffer * segbuf ;
2023-11-14 17:44:19 +09:00
struct folio * bd_folio = NULL , * fs_folio = NULL ;
2011-03-09 11:05:08 +09:00
struct the_nilfs * nilfs = sci - > sc_super - > s_fs_info ;
2010-03-23 01:15:31 +09:00
int update_sr = false ;
2009-04-06 19:01:37 -07:00
2009-11-29 23:03:04 +09:00
list_for_each_entry ( segbuf , & sci - > sc_write_logs , sb_list ) {
2009-04-06 19:01:37 -07:00
struct buffer_head * bh ;
list_for_each_entry ( bh , & segbuf - > sb_segsum_buffers ,
b_assoc_buffers ) {
set_buffer_uptodate ( bh ) ;
clear_buffer_dirty ( bh ) ;
2023-11-14 17:44:19 +09:00
if ( bh - > b_folio ! = bd_folio ) {
if ( bd_folio )
folio_end_writeback ( bd_folio ) ;
bd_folio = bh - > b_folio ;
2009-04-06 19:01:37 -07:00
}
}
/*
2023-11-14 17:44:19 +09:00
* We assume that the buffers which belong to the same folio
2009-04-06 19:01:37 -07:00
* continue over the buffer list .
2023-11-14 17:44:19 +09:00
* Under this assumption , the last BHs of folios is
* identifiable by the discontinuity of bh - > b_folio
* ( folio ! = fs_folio ) .
2009-04-06 19:01:37 -07:00
*
* For B - tree node blocks , however , this assumption is not
2023-11-14 17:44:19 +09:00
* guaranteed . The cleanup code of B - tree node folios needs
2009-04-06 19:01:37 -07:00
* special care .
*/
list_for_each_entry ( bh , & segbuf - > sb_payload_buffers ,
b_assoc_buffers ) {
2016-08-02 14:05:28 -07:00
const unsigned long set_bits = BIT ( BH_Uptodate ) ;
2015-04-16 12:46:28 -07:00
const unsigned long clear_bits =
2016-08-02 14:05:28 -07:00
( BIT ( BH_Dirty ) | BIT ( BH_Async_Write ) |
BIT ( BH_Delay ) | BIT ( BH_NILFS_Volatile ) |
BIT ( BH_NILFS_Redirected ) ) ;
2015-04-16 12:46:28 -07:00
2010-03-23 01:15:31 +09:00
if ( bh = = segbuf - > sb_super_root ) {
2024-02-04 01:16:45 +09:00
set_buffer_uptodate ( bh ) ;
clear_buffer_dirty ( bh ) ;
2023-11-14 17:44:19 +09:00
if ( bh - > b_folio ! = bd_folio ) {
folio_end_writeback ( bd_folio ) ;
bd_folio = bh - > b_folio ;
2009-04-06 19:01:37 -07:00
}
2010-03-23 01:15:31 +09:00
update_sr = true ;
2009-04-06 19:01:37 -07:00
break ;
}
2024-02-04 01:16:45 +09:00
set_mask_bits ( & bh - > b_state , clear_bits , set_bits ) ;
2023-11-14 17:44:19 +09:00
if ( bh - > b_folio ! = fs_folio ) {
nilfs_end_folio_io ( fs_folio , 0 ) ;
fs_folio = bh - > b_folio ;
2009-04-06 19:01:37 -07:00
}
}
2010-05-23 21:48:36 +09:00
if ( ! nilfs_segbuf_simplex ( segbuf ) ) {
if ( segbuf - > sb_sum . flags & NILFS_SS_LOGBGN ) {
2009-04-06 19:01:37 -07:00
set_bit ( NILFS_SC_UNCLOSED , & sci - > sc_flags ) ;
sci - > sc_lseg_stime = jiffies ;
}
2010-05-23 21:48:36 +09:00
if ( segbuf - > sb_sum . flags & NILFS_SS_LOGEND )
2009-04-06 19:01:37 -07:00
clear_bit ( NILFS_SC_UNCLOSED , & sci - > sc_flags ) ;
}
}
/*
2023-11-14 17:44:19 +09:00
* Since folios may continue over multiple segment buffers ,
* end of the last folio must be checked outside of the loop .
2009-04-06 19:01:37 -07:00
*/
2023-11-14 17:44:19 +09:00
if ( bd_folio )
folio_end_writeback ( bd_folio ) ;
2009-04-06 19:01:37 -07:00
2023-11-14 17:44:19 +09:00
nilfs_end_folio_io ( fs_folio , 0 ) ;
2009-04-06 19:01:37 -07:00
nilfs_drop_collected_inodes ( & sci - > sc_dirty_files ) ;
2010-08-29 12:44:56 +09:00
if ( nilfs_doing_gc ( ) )
2009-04-06 19:01:37 -07:00
nilfs_drop_collected_inodes ( & sci - > sc_gc_inodes ) ;
2010-08-29 12:44:56 +09:00
else
2009-04-06 19:01:37 -07:00
nilfs - > ns_nongc_ctime = sci - > sc_seg_ctime ;
sci - > sc_nblk_inc + = sci - > sc_nblk_this_inc ;
2009-11-29 23:03:04 +09:00
segbuf = NILFS_LAST_SEGBUF ( & sci - > sc_write_logs ) ;
2009-04-06 19:01:37 -07:00
nilfs_set_next_segment ( nilfs , segbuf ) ;
if ( update_sr ) {
2014-10-13 15:53:20 -07:00
nilfs - > ns_flushed_device = 0 ;
2009-04-06 19:01:37 -07:00
nilfs_set_last_segment ( nilfs , segbuf - > sb_pseg_start ,
2009-04-06 19:01:59 -07:00
segbuf - > sb_sum . seg_seq , nilfs - > ns_cno + + ) ;
2009-04-06 19:01:37 -07:00
2009-04-06 19:01:57 -07:00
clear_bit ( NILFS_SC_HAVE_DELTA , & sci - > sc_flags ) ;
2009-04-06 19:01:37 -07:00
clear_bit ( NILFS_SC_DIRTY , & sci - > sc_flags ) ;
set_bit ( NILFS_SC_SUPER_ROOT , & sci - > sc_flags ) ;
2009-11-29 23:03:04 +09:00
nilfs_segctor_clear_metadata_dirty ( sci ) ;
2009-04-06 19:01:37 -07:00
} else
clear_bit ( NILFS_SC_SUPER_ROOT , & sci - > sc_flags ) ;
}
2009-11-29 23:03:04 +09:00
static int nilfs_segctor_wait ( struct nilfs_sc_info * sci )
{
int ret ;
ret = nilfs_wait_on_logs ( & sci - > sc_write_logs ) ;
if ( ! ret ) {
nilfs_segctor_complete_write ( sci ) ;
nilfs_destroy_logs ( & sci - > sc_write_logs ) ;
}
return ret ;
}
2011-03-09 11:05:07 +09:00
static int nilfs_segctor_collect_dirty_files ( struct nilfs_sc_info * sci ,
struct the_nilfs * nilfs )
2009-04-06 19:01:37 -07:00
{
struct nilfs_inode_info * ii , * n ;
2010-08-14 13:07:15 +09:00
struct inode * ifile = sci - > sc_root - > ifile ;
2009-04-06 19:01:37 -07:00
2011-03-09 11:05:07 +09:00
spin_lock ( & nilfs - > ns_inode_lock ) ;
2009-04-06 19:01:37 -07:00
retry :
2011-03-09 11:05:07 +09:00
list_for_each_entry_safe ( ii , n , & nilfs - > ns_dirty_files , i_dirty ) {
2009-04-06 19:01:37 -07:00
if ( ! ii - > i_bh ) {
struct buffer_head * ibh ;
int err ;
2011-03-09 11:05:07 +09:00
spin_unlock ( & nilfs - > ns_inode_lock ) ;
2009-04-06 19:01:37 -07:00
err = nilfs_ifile_get_inode_block (
2010-08-14 13:07:15 +09:00
ifile , ii - > vfs_inode . i_ino , & ibh ) ;
2009-04-06 19:01:37 -07:00
if ( unlikely ( err ) ) {
2020-08-11 18:35:49 -07:00
nilfs_warn ( sci - > sc_super ,
" log writer: error %d getting inode block (ino=%lu) " ,
err , ii - > vfs_inode . i_ino ) ;
2009-04-06 19:01:37 -07:00
return err ;
}
2011-03-09 11:05:07 +09:00
spin_lock ( & nilfs - > ns_inode_lock ) ;
2009-04-06 19:01:37 -07:00
if ( likely ( ! ii - > i_bh ) )
ii - > i_bh = ibh ;
else
brelse ( ibh ) ;
goto retry ;
}
nilfs2: fix race condition that causes file system corruption
There is a race condition between nilfs_dirty_inode() and
nilfs_set_file_dirty().
When a file is opened, nilfs_dirty_inode() is called to update the
access timestamp in the inode. It calls __nilfs_mark_inode_dirty() in a
separate transaction. __nilfs_mark_inode_dirty() caches the ifile
buffer_head in the i_bh field of the inode info structure and marks it
as dirty.
After some data was written to the file in another transaction, the
function nilfs_set_file_dirty() is called, which adds the inode to the
ns_dirty_files list.
Then the segment construction calls nilfs_segctor_collect_dirty_files(),
which goes through the ns_dirty_files list and checks the i_bh field.
If there is a cached buffer_head in i_bh it is not marked as dirty
again.
Since nilfs_dirty_inode() and nilfs_set_file_dirty() use separate
transactions, it is possible that a segment construction that writes out
the ifile occurs in-between the two. If this happens the inode is not
on the ns_dirty_files list, but its ifile block is still marked as dirty
and written out.
In the next segment construction, the data for the file is written out
and nilfs_bmap_propagate() updates the b-tree. Eventually the bmap root
is written into the i_bh block, which is not dirty, because it was
written out in another segment construction.
As a result the bmap update can be lost, which leads to file system
corruption. Either the virtual block address points to an unallocated
DAT block, or the DAT entry will be reused for something different.
The error can remain undetected for a long time. A typical error
message would be one of the "bad btree" errors or a warning that a DAT
entry could not be found.
This bug can be reproduced reliably by a simple benchmark that creates
and overwrites millions of 4k files.
Link: http://lkml.kernel.org/r/1509367935-3086-2-git-send-email-konishi.ryusuke@lab.ntt.co.jp
Signed-off-by: Andreas Rohner <andreas.rohner@gmx.net>
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Tested-by: Andreas Rohner <andreas.rohner@gmx.net>
Tested-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-11-17 15:29:35 -08:00
// Always redirty the buffer to avoid race condition
mark_buffer_dirty ( ii - > i_bh ) ;
nilfs_mdt_mark_dirty ( ifile ) ;
2009-04-06 19:01:37 -07:00
clear_bit ( NILFS_I_QUEUED , & ii - > i_state ) ;
set_bit ( NILFS_I_BUSY , & ii - > i_state ) ;
2011-03-19 16:45:30 +01:00
list_move_tail ( & ii - > i_dirty , & sci - > sc_dirty_files ) ;
2009-04-06 19:01:37 -07:00
}
2011-03-09 11:05:07 +09:00
spin_unlock ( & nilfs - > ns_inode_lock ) ;
2009-04-06 19:01:37 -07:00
return 0 ;
}
2011-03-09 11:05:07 +09:00
static void nilfs_segctor_drop_written_files ( struct nilfs_sc_info * sci ,
struct the_nilfs * nilfs )
2009-04-06 19:01:37 -07:00
{
struct nilfs_inode_info * ii , * n ;
2017-11-27 13:05:09 -08:00
int during_mount = ! ( sci - > sc_super - > s_flags & SB_ACTIVE ) ;
2015-02-05 12:25:20 -08:00
int defer_iput = false ;
2009-04-06 19:01:37 -07:00
2011-03-09 11:05:07 +09:00
spin_lock ( & nilfs - > ns_inode_lock ) ;
2009-04-06 19:01:37 -07:00
list_for_each_entry_safe ( ii , n , & sci - > sc_dirty_files , i_dirty ) {
if ( ! test_and_clear_bit ( NILFS_I_UPDATED , & ii - > i_state ) | |
2010-08-20 20:10:38 +09:00
test_bit ( NILFS_I_DIRTY , & ii - > i_state ) )
2009-04-06 19:01:37 -07:00
continue ;
2010-08-20 20:10:38 +09:00
2009-04-06 19:01:37 -07:00
clear_bit ( NILFS_I_BUSY , & ii - > i_state ) ;
brelse ( ii - > i_bh ) ;
ii - > i_bh = NULL ;
2015-02-05 12:25:20 -08:00
list_del_init ( & ii - > i_dirty ) ;
2015-03-12 16:26:00 -07:00
if ( ! ii - > vfs_inode . i_nlink | | during_mount ) {
2015-02-05 12:25:20 -08:00
/*
2015-03-12 16:26:00 -07:00
* Defer calling iput ( ) to avoid deadlocks if
* i_nlink = = 0 or mount is not yet finished .
2015-02-05 12:25:20 -08:00
*/
list_add_tail ( & ii - > i_dirty , & sci - > sc_iput_queue ) ;
defer_iput = true ;
} else {
spin_unlock ( & nilfs - > ns_inode_lock ) ;
iput ( & ii - > vfs_inode ) ;
spin_lock ( & nilfs - > ns_inode_lock ) ;
}
2009-04-06 19:01:37 -07:00
}
2011-03-09 11:05:07 +09:00
spin_unlock ( & nilfs - > ns_inode_lock ) ;
2015-02-05 12:25:20 -08:00
if ( defer_iput )
schedule_work ( & sci - > sc_iput_work ) ;
2009-04-06 19:01:37 -07:00
}
/*
* Main procedure of segment constructor
*/
static int nilfs_segctor_do_construct ( struct nilfs_sc_info * sci , int mode )
{
2011-03-09 11:05:08 +09:00
struct the_nilfs * nilfs = sci - > sc_super - > s_fs_info ;
2010-03-23 01:15:31 +09:00
int err ;
2009-04-06 19:01:37 -07:00
2023-04-27 10:15:26 +09:00
if ( sb_rdonly ( sci - > sc_super ) )
return - EROFS ;
2015-11-06 16:31:59 -08:00
nilfs_sc_cstage_set ( sci , NILFS_ST_INIT ) ;
2010-08-20 20:10:38 +09:00
sci - > sc_cno = nilfs - > ns_cno ;
2009-04-06 19:01:37 -07:00
2011-03-09 11:05:07 +09:00
err = nilfs_segctor_collect_dirty_files ( sci , nilfs ) ;
2009-04-06 19:01:37 -07:00
if ( unlikely ( err ) )
goto out ;
2010-08-14 13:07:15 +09:00
if ( nilfs_test_metadata_dirty ( nilfs , sci - > sc_root ) )
2009-04-06 19:01:37 -07:00
set_bit ( NILFS_SC_DIRTY , & sci - > sc_flags ) ;
if ( nilfs_segctor_clean ( sci ) )
goto out ;
do {
sci - > sc_stage . flags & = ~ NILFS_CF_HISTORY_MASK ;
err = nilfs_segctor_begin_construction ( sci , nilfs ) ;
if ( unlikely ( err ) )
goto out ;
/* Update time stamp */
2018-02-06 15:39:21 -08:00
sci - > sc_seg_ctime = ktime_get_real_seconds ( ) ;
2009-04-06 19:01:37 -07:00
err = nilfs_segctor_collect ( sci , nilfs , mode ) ;
if ( unlikely ( err ) )
goto failed ;
/* Avoid empty segment */
2015-11-06 16:31:59 -08:00
if ( nilfs_sc_cstage_get ( sci ) = = NILFS_ST_DONE & &
2010-05-23 21:48:36 +09:00
nilfs_segbuf_empty ( sci - > sc_curseg ) ) {
2009-11-29 23:03:04 +09:00
nilfs_segctor_abort_construction ( sci , nilfs , 1 ) ;
2009-04-06 19:01:37 -07:00
goto out ;
}
err = nilfs_segctor_assign ( sci , mode ) ;
if ( unlikely ( err ) )
goto failed ;
if ( sci - > sc_stage . flags & NILFS_CF_IFILE_STARTED )
2010-08-14 13:07:15 +09:00
nilfs_segctor_fill_in_file_bmap ( sci ) ;
2009-04-06 19:01:37 -07:00
2010-03-23 01:15:31 +09:00
if ( mode = = SC_LSEG_SR & &
2015-11-06 16:31:59 -08:00
nilfs_sc_cstage_get ( sci ) > = NILFS_ST_CPFILE ) {
2024-01-22 23:01:59 +09:00
err = nilfs_cpfile_finalize_checkpoint (
nilfs - > ns_cpfile , nilfs - > ns_cno , sci - > sc_root ,
sci - > sc_nblk_inc + sci - > sc_nblk_this_inc ,
sci - > sc_seg_ctime ,
! test_bit ( NILFS_SC_HAVE_DELTA , & sci - > sc_flags ) ) ;
2009-04-06 19:01:37 -07:00
if ( unlikely ( err ) )
2009-11-29 23:03:04 +09:00
goto failed_to_write ;
2009-04-06 19:01:37 -07:00
nilfs_segctor_fill_in_super_root ( sci , nilfs ) ;
}
nilfs_segctor_update_segusage ( sci , nilfs - > ns_sufile ) ;
/* Write partial segments */
2011-04-04 12:53:28 +09:00
nilfs_segctor_prepare_write ( sci ) ;
2010-03-23 01:50:38 +09:00
nilfs_add_checksums_on_logs ( & sci - > sc_segbufs ,
nilfs - > ns_crc_seed ) ;
2009-04-06 19:01:37 -07:00
2009-11-29 01:17:31 +09:00
err = nilfs_segctor_write ( sci , nilfs ) ;
2009-04-06 19:01:37 -07:00
if ( unlikely ( err ) )
goto failed_to_write ;
2015-11-06 16:31:59 -08:00
if ( nilfs_sc_cstage_get ( sci ) = = NILFS_ST_DONE | |
mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros
PAGE_CACHE_{SIZE,SHIFT,MASK,ALIGN} macros were introduced *long* time
ago with promise that one day it will be possible to implement page
cache with bigger chunks than PAGE_SIZE.
This promise never materialized. And unlikely will.
We have many places where PAGE_CACHE_SIZE assumed to be equal to
PAGE_SIZE. And it's constant source of confusion on whether
PAGE_CACHE_* or PAGE_* constant should be used in a particular case,
especially on the border between fs and mm.
Global switching to PAGE_CACHE_SIZE != PAGE_SIZE would cause to much
breakage to be doable.
Let's stop pretending that pages in page cache are special. They are
not.
The changes are pretty straight-forward:
- <foo> << (PAGE_CACHE_SHIFT - PAGE_SHIFT) -> <foo>;
- <foo> >> (PAGE_CACHE_SHIFT - PAGE_SHIFT) -> <foo>;
- PAGE_CACHE_{SIZE,SHIFT,MASK,ALIGN} -> PAGE_{SIZE,SHIFT,MASK,ALIGN};
- page_cache_get() -> get_page();
- page_cache_release() -> put_page();
This patch contains automated changes generated with coccinelle using
script below. For some reason, coccinelle doesn't patch header files.
I've called spatch for them manually.
The only adjustment after coccinelle is revert of changes to
PAGE_CAHCE_ALIGN definition: we are going to drop it later.
There are few places in the code where coccinelle didn't reach. I'll
fix them manually in a separate patch. Comments and documentation also
will be addressed with the separate patch.
virtual patch
@@
expression E;
@@
- E << (PAGE_CACHE_SHIFT - PAGE_SHIFT)
+ E
@@
expression E;
@@
- E >> (PAGE_CACHE_SHIFT - PAGE_SHIFT)
+ E
@@
@@
- PAGE_CACHE_SHIFT
+ PAGE_SHIFT
@@
@@
- PAGE_CACHE_SIZE
+ PAGE_SIZE
@@
@@
- PAGE_CACHE_MASK
+ PAGE_MASK
@@
expression E;
@@
- PAGE_CACHE_ALIGN(E)
+ PAGE_ALIGN(E)
@@
expression E;
@@
- page_cache_get(E)
+ get_page(E)
@@
expression E;
@@
- page_cache_release(E)
+ put_page(E)
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2016-04-01 15:29:47 +03:00
nilfs - > ns_blocksize_bits ! = PAGE_SHIFT ) {
2009-11-29 23:03:04 +09:00
/*
* At this point , we avoid double buffering
* for blocksize < pagesize because page dirty
* flag is turned off during write and dirty
* buffers are not properly collected for
* pages crossing over segments .
*/
err = nilfs_segctor_wait ( sci ) ;
if ( err )
goto failed_to_write ;
}
2015-11-06 16:31:59 -08:00
} while ( nilfs_sc_cstage_get ( sci ) ! = NILFS_ST_DONE ) ;
2009-04-06 19:01:37 -07:00
out :
2011-03-09 11:05:07 +09:00
nilfs_segctor_drop_written_files ( sci , nilfs ) ;
2009-04-06 19:01:37 -07:00
return err ;
failed_to_write :
if ( sci - > sc_stage . flags & NILFS_CF_IFILE_STARTED )
nilfs_redirty_inodes ( & sci - > sc_dirty_files ) ;
failed :
if ( nilfs_doing_gc ( ) )
nilfs_redirty_inodes ( & sci - > sc_gc_inodes ) ;
2009-11-29 23:03:04 +09:00
nilfs_segctor_abort_construction ( sci , nilfs , err ) ;
2009-04-06 19:01:37 -07:00
goto out ;
}
/**
2010-03-14 03:01:03 +09:00
* nilfs_segctor_start_timer - set timer of background write
2009-04-06 19:01:37 -07:00
* @ sci : nilfs_sc_info
*
* If the timer has already been set , it ignores the new request .
* This function MUST be called within a section locking the segment
* semaphore .
*/
static void nilfs_segctor_start_timer ( struct nilfs_sc_info * sci )
{
spin_lock ( & sci - > sc_state_lock ) ;
2010-04-10 23:25:39 +08:00
if ( ! ( sci - > sc_state & NILFS_SEGCTOR_COMMIT ) ) {
sci - > sc_timer . expires = jiffies + sci - > sc_interval ;
add_timer ( & sci - > sc_timer ) ;
2009-04-06 19:01:37 -07:00
sci - > sc_state | = NILFS_SEGCTOR_COMMIT ;
}
spin_unlock ( & sci - > sc_state_lock ) ;
}
static void nilfs_segctor_do_flush ( struct nilfs_sc_info * sci , int bn )
{
spin_lock ( & sci - > sc_state_lock ) ;
2016-08-02 14:05:28 -07:00
if ( ! ( sci - > sc_flush_request & BIT ( bn ) ) ) {
2009-04-06 19:01:37 -07:00
unsigned long prev_req = sci - > sc_flush_request ;
2016-08-02 14:05:28 -07:00
sci - > sc_flush_request | = BIT ( bn ) ;
2009-04-06 19:01:37 -07:00
if ( ! prev_req )
wake_up ( & sci - > sc_wait_daemon ) ;
}
spin_unlock ( & sci - > sc_state_lock ) ;
}
/**
* nilfs_flush_segment - trigger a segment construction for resource control
* @ sb : super block
* @ ino : inode number of the file to be flushed out .
*/
void nilfs_flush_segment ( struct super_block * sb , ino_t ino )
{
2011-03-09 11:05:08 +09:00
struct the_nilfs * nilfs = sb - > s_fs_info ;
2011-03-09 11:05:08 +09:00
struct nilfs_sc_info * sci = nilfs - > ns_writer ;
2009-04-06 19:01:37 -07:00
if ( ! sci | | nilfs_doing_construction ( ) )
return ;
nilfs_segctor_do_flush ( sci , NILFS_MDT_INODE ( sb , ino ) ? ino : 0 ) ;
/* assign bit 0 to data files */
}
struct nilfs_segctor_wait_request {
2017-06-20 12:06:13 +02:00
wait_queue_entry_t wq ;
2009-04-06 19:01:37 -07:00
__u32 seq ;
int err ;
atomic_t done ;
} ;
static int nilfs_segctor_sync ( struct nilfs_sc_info * sci )
{
struct nilfs_segctor_wait_request wait_req ;
int err = 0 ;
spin_lock ( & sci - > sc_state_lock ) ;
init_wait ( & wait_req . wq ) ;
wait_req . err = 0 ;
atomic_set ( & wait_req . done , 0 ) ;
wait_req . seq = + + sci - > sc_seq_request ;
spin_unlock ( & sci - > sc_state_lock ) ;
init_waitqueue_entry ( & wait_req . wq , current ) ;
add_wait_queue ( & sci - > sc_wait_request , & wait_req . wq ) ;
set_current_state ( TASK_INTERRUPTIBLE ) ;
wake_up ( & sci - > sc_wait_daemon ) ;
for ( ; ; ) {
if ( atomic_read ( & wait_req . done ) ) {
err = wait_req . err ;
break ;
}
if ( ! signal_pending ( current ) ) {
schedule ( ) ;
continue ;
}
err = - ERESTARTSYS ;
break ;
}
finish_wait ( & sci - > sc_wait_request , & wait_req . wq ) ;
return err ;
}
static void nilfs_segctor_wakeup ( struct nilfs_sc_info * sci , int err )
{
struct nilfs_segctor_wait_request * wrq , * n ;
unsigned long flags ;
spin_lock_irqsave ( & sci - > sc_wait_request . lock , flags ) ;
sched/wait: Disambiguate wq_entry->task_list and wq_head->task_list naming
So I've noticed a number of instances where it was not obvious from the
code whether ->task_list was for a wait-queue head or a wait-queue entry.
Furthermore, there's a number of wait-queue users where the lists are
not for 'tasks' but other entities (poll tables, etc.), in which case
the 'task_list' name is actively confusing.
To clear this all up, name the wait-queue head and entry list structure
fields unambiguously:
struct wait_queue_head::task_list => ::head
struct wait_queue_entry::task_list => ::entry
For example, this code:
rqw->wait.task_list.next != &wait->task_list
... is was pretty unclear (to me) what it's doing, while now it's written this way:
rqw->wait.head.next != &wait->entry
... which makes it pretty clear that we are iterating a list until we see the head.
Other examples are:
list_for_each_entry_safe(pos, next, &x->task_list, task_list) {
list_for_each_entry(wq, &fence->wait.task_list, task_list) {
... where it's unclear (to me) what we are iterating, and during review it's
hard to tell whether it's trying to walk a wait-queue entry (which would be
a bug), while now it's written as:
list_for_each_entry_safe(pos, next, &x->head, entry) {
list_for_each_entry(wq, &fence->wait.head, entry) {
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2017-06-20 12:06:46 +02:00
list_for_each_entry_safe ( wrq , n , & sci - > sc_wait_request . head , wq . entry ) {
2009-04-06 19:01:37 -07:00
if ( ! atomic_read ( & wrq - > done ) & &
nilfs_cnt32_ge ( sci - > sc_seq_done , wrq - > seq ) ) {
wrq - > err = err ;
atomic_set ( & wrq - > done , 1 ) ;
}
if ( atomic_read ( & wrq - > done ) ) {
wrq - > wq . func ( & wrq - > wq ,
TASK_UNINTERRUPTIBLE | TASK_INTERRUPTIBLE ,
0 , NULL ) ;
}
}
spin_unlock_irqrestore ( & sci - > sc_wait_request . lock , flags ) ;
}
/**
* nilfs_construct_segment - construct a logical segment
* @ sb : super block
*
2021-05-06 18:04:13 -07:00
* Return Value : On success , 0 is returned . On errors , one of the following
2009-04-06 19:01:37 -07:00
* negative error code is returned .
*
* % - EROFS - Read only filesystem .
*
* % - EIO - I / O error
*
* % - ENOSPC - No space left on device ( only in a panic state ) .
*
* % - ERESTARTSYS - Interrupted .
*
* % - ENOMEM - Insufficient memory available .
*/
int nilfs_construct_segment ( struct super_block * sb )
{
2011-03-09 11:05:08 +09:00
struct the_nilfs * nilfs = sb - > s_fs_info ;
2011-03-09 11:05:08 +09:00
struct nilfs_sc_info * sci = nilfs - > ns_writer ;
2009-04-06 19:01:37 -07:00
struct nilfs_transaction_info * ti ;
2022-11-04 23:29:59 +09:00
if ( sb_rdonly ( sb ) | | unlikely ( ! sci ) )
2009-04-06 19:01:37 -07:00
return - EROFS ;
/* A call inside transactions causes a deadlock. */
BUG_ON ( ( ti = current - > journal_info ) & & ti - > ti_magic = = NILFS_TI_MAGIC ) ;
2022-09-21 12:48:03 +09:00
return nilfs_segctor_sync ( sci ) ;
2009-04-06 19:01:37 -07:00
}
/**
* nilfs_construct_dsync_segment - construct a data - only logical segment
* @ sb : super block
2009-04-06 19:01:38 -07:00
* @ inode : inode whose data blocks should be written out
* @ start : start byte offset
* @ end : end byte offset ( inclusive )
2009-04-06 19:01:37 -07:00
*
2021-05-06 18:04:13 -07:00
* Return Value : On success , 0 is returned . On errors , one of the following
2009-04-06 19:01:37 -07:00
* negative error code is returned .
*
* % - EROFS - Read only filesystem .
*
* % - EIO - I / O error
*
* % - ENOSPC - No space left on device ( only in a panic state ) .
*
* % - ERESTARTSYS - Interrupted .
*
* % - ENOMEM - Insufficient memory available .
*/
2009-04-06 19:01:38 -07:00
int nilfs_construct_dsync_segment ( struct super_block * sb , struct inode * inode ,
loff_t start , loff_t end )
2009-04-06 19:01:37 -07:00
{
2011-03-09 11:05:08 +09:00
struct the_nilfs * nilfs = sb - > s_fs_info ;
2011-03-09 11:05:08 +09:00
struct nilfs_sc_info * sci = nilfs - > ns_writer ;
2009-04-06 19:01:37 -07:00
struct nilfs_inode_info * ii ;
struct nilfs_transaction_info ti ;
int err = 0 ;
2022-11-04 23:29:59 +09:00
if ( sb_rdonly ( sb ) | | unlikely ( ! sci ) )
2009-04-06 19:01:37 -07:00
return - EROFS ;
2011-03-09 11:05:08 +09:00
nilfs_transaction_lock ( sb , & ti , 0 ) ;
2009-04-06 19:01:37 -07:00
ii = NILFS_I ( inode ) ;
2014-10-13 15:53:22 -07:00
if ( test_bit ( NILFS_I_INODE_SYNC , & ii - > i_state ) | |
2011-03-09 11:05:07 +09:00
nilfs_test_opt ( nilfs , STRICT_ORDER ) | |
2009-04-06 19:01:37 -07:00
test_bit ( NILFS_SC_UNCLOSED , & sci - > sc_flags ) | |
2011-03-09 11:05:07 +09:00
nilfs_discontinued ( nilfs ) ) {
2011-03-09 11:05:08 +09:00
nilfs_transaction_unlock ( sb ) ;
2009-04-06 19:01:37 -07:00
err = nilfs_segctor_sync ( sci ) ;
return err ;
}
2011-03-09 11:05:07 +09:00
spin_lock ( & nilfs - > ns_inode_lock ) ;
2009-04-06 19:01:37 -07:00
if ( ! test_bit ( NILFS_I_QUEUED , & ii - > i_state ) & &
! test_bit ( NILFS_I_BUSY , & ii - > i_state ) ) {
2011-03-09 11:05:07 +09:00
spin_unlock ( & nilfs - > ns_inode_lock ) ;
2011-03-09 11:05:08 +09:00
nilfs_transaction_unlock ( sb ) ;
2009-04-06 19:01:37 -07:00
return 0 ;
}
2011-03-09 11:05:07 +09:00
spin_unlock ( & nilfs - > ns_inode_lock ) ;
2009-04-06 19:01:38 -07:00
sci - > sc_dsync_inode = ii ;
sci - > sc_dsync_start = start ;
sci - > sc_dsync_end = end ;
2009-04-06 19:01:37 -07:00
err = nilfs_segctor_do_construct ( sci , SC_LSEG_DSYNC ) ;
2014-10-13 15:53:20 -07:00
if ( ! err )
nilfs - > ns_flushed_device = 0 ;
2009-04-06 19:01:37 -07:00
2011-03-09 11:05:08 +09:00
nilfs_transaction_unlock ( sb ) ;
2009-04-06 19:01:37 -07:00
return err ;
}
# define FLUSH_FILE_BIT (0x1) /* data file only */
2016-08-02 14:05:28 -07:00
# define FLUSH_DAT_BIT BIT(NILFS_DAT_INO) /* DAT only */
2009-04-06 19:01:37 -07:00
2010-01-26 15:20:15 +09:00
/**
* nilfs_segctor_accept - record accepted sequence count of log - write requests
* @ sci : segment constructor object
*/
static void nilfs_segctor_accept ( struct nilfs_sc_info * sci )
2009-04-06 19:01:37 -07:00
{
spin_lock ( & sci - > sc_state_lock ) ;
2010-01-26 15:20:15 +09:00
sci - > sc_seq_accepted = sci - > sc_seq_request ;
2009-04-06 19:01:37 -07:00
spin_unlock ( & sci - > sc_state_lock ) ;
2010-04-10 23:25:39 +08:00
del_timer_sync ( & sci - > sc_timer ) ;
2009-04-06 19:01:37 -07:00
}
2010-01-26 15:20:15 +09:00
/**
* nilfs_segctor_notify - notify the result of request to caller threads
* @ sci : segment constructor object
* @ mode : mode of log forming
* @ err : error code to be notified
*/
static void nilfs_segctor_notify ( struct nilfs_sc_info * sci , int mode , int err )
2009-04-06 19:01:37 -07:00
{
/* Clear requests (even when the construction failed) */
spin_lock ( & sci - > sc_state_lock ) ;
2010-01-26 15:20:15 +09:00
if ( mode = = SC_LSEG_SR ) {
2009-11-02 15:08:13 +09:00
sci - > sc_state & = ~ NILFS_SEGCTOR_COMMIT ;
2010-01-26 15:20:15 +09:00
sci - > sc_seq_done = sci - > sc_seq_accepted ;
nilfs_segctor_wakeup ( sci , err ) ;
2009-04-06 19:01:37 -07:00
sci - > sc_flush_request = 0 ;
2009-11-02 15:08:13 +09:00
} else {
2010-01-26 15:20:15 +09:00
if ( mode = = SC_FLUSH_FILE )
2009-11-02 15:08:13 +09:00
sci - > sc_flush_request & = ~ FLUSH_FILE_BIT ;
2010-01-26 15:20:15 +09:00
else if ( mode = = SC_FLUSH_DAT )
2009-11-02 15:08:13 +09:00
sci - > sc_flush_request & = ~ FLUSH_DAT_BIT ;
/* re-enable timer if checkpoint creation was not done */
2010-04-10 23:25:39 +08:00
if ( ( sci - > sc_state & NILFS_SEGCTOR_COMMIT ) & &
time_before ( jiffies , sci - > sc_timer . expires ) )
add_timer ( & sci - > sc_timer ) ;
2009-11-02 15:08:13 +09:00
}
2009-04-06 19:01:37 -07:00
spin_unlock ( & sci - > sc_state_lock ) ;
}
2010-01-26 15:20:15 +09:00
/**
* nilfs_segctor_construct - form logs and write them to disk
* @ sci : segment constructor object
* @ mode : mode of log forming
*/
static int nilfs_segctor_construct ( struct nilfs_sc_info * sci , int mode )
2009-04-06 19:01:37 -07:00
{
2011-03-09 11:05:08 +09:00
struct the_nilfs * nilfs = sci - > sc_super - > s_fs_info ;
2010-06-28 17:49:32 +09:00
struct nilfs_super_block * * sbp ;
2009-04-06 19:01:37 -07:00
int err = 0 ;
2010-01-26 15:20:15 +09:00
nilfs_segctor_accept ( sci ) ;
2009-04-06 19:01:37 -07:00
if ( nilfs_discontinued ( nilfs ) )
2010-01-26 15:20:15 +09:00
mode = SC_LSEG_SR ;
if ( ! nilfs_segctor_confirm ( sci ) )
err = nilfs_segctor_do_construct ( sci , mode ) ;
2009-04-06 19:01:37 -07:00
if ( likely ( ! err ) ) {
2010-01-26 15:20:15 +09:00
if ( mode ! = SC_FLUSH_DAT )
2009-04-06 19:01:37 -07:00
atomic_set ( & nilfs - > ns_ndirtyblks , 0 ) ;
if ( test_bit ( NILFS_SC_SUPER_ROOT , & sci - > sc_flags ) & &
nilfs_discontinued ( nilfs ) ) {
down_write ( & nilfs - > ns_sem ) ;
2010-06-28 17:49:32 +09:00
err = - EIO ;
2011-03-09 11:05:08 +09:00
sbp = nilfs_prepare_super ( sci - > sc_super ,
2010-06-28 17:49:33 +09:00
nilfs_sb_will_flip ( nilfs ) ) ;
if ( likely ( sbp ) ) {
nilfs_set_log_cursor ( sbp [ 0 ] , nilfs ) ;
2011-03-09 11:05:08 +09:00
err = nilfs_commit_super ( sci - > sc_super ,
NILFS_SB_COMMIT ) ;
2010-06-28 17:49:33 +09:00
}
2009-04-06 19:01:37 -07:00
up_write ( & nilfs - > ns_sem ) ;
}
}
2010-01-26 15:20:15 +09:00
nilfs_segctor_notify ( sci , mode , err ) ;
2009-04-06 19:01:37 -07:00
return err ;
}
2017-11-17 15:29:32 -08:00
static void nilfs_construction_timeout ( struct timer_list * t )
2009-04-06 19:01:37 -07:00
{
2017-11-17 15:29:32 -08:00
struct nilfs_sc_info * sci = from_timer ( sci , t , sc_timer ) ;
2016-05-23 16:23:25 -07:00
2017-11-17 15:29:32 -08:00
wake_up_process ( sci - > sc_timer_task ) ;
2009-04-06 19:01:37 -07:00
}
static void
nilfs_remove_written_gcinodes ( struct the_nilfs * nilfs , struct list_head * head )
{
struct nilfs_inode_info * ii , * n ;
list_for_each_entry_safe ( ii , n , head , i_dirty ) {
if ( ! test_bit ( NILFS_I_UPDATED , & ii - > i_state ) )
continue ;
list_del_init ( & ii - > i_dirty ) ;
2012-06-20 12:52:57 -07:00
truncate_inode_pages ( & ii - > vfs_inode . i_data , 0 ) ;
2022-04-01 11:28:18 -07:00
nilfs_btnode_cache_clear ( ii - > i_assoc_inode - > i_mapping ) ;
2010-08-20 19:06:11 +09:00
iput ( & ii - > vfs_inode ) ;
2009-04-06 19:01:37 -07:00
}
}
2009-05-10 22:41:43 +09:00
int nilfs_clean_segments ( struct super_block * sb , struct nilfs_argv * argv ,
void * * kbufs )
2009-04-06 19:01:37 -07:00
{
2011-03-09 11:05:08 +09:00
struct the_nilfs * nilfs = sb - > s_fs_info ;
2011-03-09 11:05:08 +09:00
struct nilfs_sc_info * sci = nilfs - > ns_writer ;
2009-04-06 19:01:37 -07:00
struct nilfs_transaction_info ti ;
int err ;
if ( unlikely ( ! sci ) )
return - EROFS ;
2011-03-09 11:05:08 +09:00
nilfs_transaction_lock ( sb , & ti , 1 ) ;
2009-04-06 19:01:37 -07:00
2010-08-29 12:44:56 +09:00
err = nilfs_mdt_save_to_shadow_map ( nilfs - > ns_dat ) ;
2009-04-06 19:01:37 -07:00
if ( unlikely ( err ) )
goto out_unlock ;
2009-05-16 23:44:55 +09:00
2009-05-10 22:41:43 +09:00
err = nilfs_ioctl_prepare_clean_segments ( nilfs , argv , kbufs ) ;
2010-08-29 12:44:56 +09:00
if ( unlikely ( err ) ) {
nilfs_mdt_restore_from_shadow_map ( nilfs - > ns_dat ) ;
2009-04-06 19:01:37 -07:00
goto out_unlock ;
2010-08-29 12:44:56 +09:00
}
2009-04-06 19:01:37 -07:00
2009-05-16 23:44:55 +09:00
sci - > sc_freesegs = kbufs [ 4 ] ;
sci - > sc_nfreesegs = argv [ 4 ] . v_nmembs ;
2009-11-29 02:39:11 +09:00
list_splice_tail_init ( & nilfs - > ns_gc_inodes , & sci - > sc_gc_inodes ) ;
2009-04-06 19:01:37 -07:00
for ( ; ; ) {
2010-01-26 15:20:15 +09:00
err = nilfs_segctor_construct ( sci , SC_LSEG_SR ) ;
2009-04-06 19:01:37 -07:00
nilfs_remove_written_gcinodes ( nilfs , & sci - > sc_gc_inodes ) ;
if ( likely ( ! err ) )
break ;
2020-08-11 18:35:49 -07:00
nilfs_warn ( sb , " error %d cleaning segments " , err ) ;
2009-04-06 19:01:37 -07:00
set_current_state ( TASK_INTERRUPTIBLE ) ;
schedule_timeout ( sci - > sc_interval ) ;
}
2011-03-09 11:05:07 +09:00
if ( nilfs_test_opt ( nilfs , DISCARD ) ) {
2010-01-30 18:06:35 +09:00
int ret = nilfs_discard_segments ( nilfs , sci - > sc_freesegs ,
sci - > sc_nfreesegs ) ;
if ( ret ) {
2020-08-11 18:35:49 -07:00
nilfs_warn ( sb ,
" error %d on discard request, turning discards off for the device " ,
ret ) ;
2011-03-09 11:05:07 +09:00
nilfs_clear_opt ( nilfs , DISCARD ) ;
2010-01-30 18:06:35 +09:00
}
}
2009-04-06 19:01:37 -07:00
out_unlock :
2009-05-16 23:44:55 +09:00
sci - > sc_freesegs = NULL ;
sci - > sc_nfreesegs = 0 ;
2010-08-29 12:44:56 +09:00
nilfs_mdt_clear_shadow_map ( nilfs - > ns_dat ) ;
2011-03-09 11:05:08 +09:00
nilfs_transaction_unlock ( sb ) ;
2009-04-06 19:01:37 -07:00
return err ;
}
static void nilfs_segctor_thread_construct ( struct nilfs_sc_info * sci , int mode )
{
struct nilfs_transaction_info ti ;
2011-03-09 11:05:08 +09:00
nilfs_transaction_lock ( sci - > sc_super , & ti , 0 ) ;
2010-01-26 15:20:15 +09:00
nilfs_segctor_construct ( sci , mode ) ;
2009-04-06 19:01:37 -07:00
/*
* Unclosed segment should be retried . We do this using sc_timer .
* Timeout of sc_timer will invoke complete construction which leads
* to close the current logical segment .
*/
if ( test_bit ( NILFS_SC_UNCLOSED , & sci - > sc_flags ) )
nilfs_segctor_start_timer ( sci ) ;
2011-03-09 11:05:08 +09:00
nilfs_transaction_unlock ( sci - > sc_super ) ;
2009-04-06 19:01:37 -07:00
}
static void nilfs_segctor_do_immediate_flush ( struct nilfs_sc_info * sci )
{
int mode = 0 ;
spin_lock ( & sci - > sc_state_lock ) ;
mode = ( sci - > sc_flush_request & FLUSH_DAT_BIT ) ?
SC_FLUSH_DAT : SC_FLUSH_FILE ;
spin_unlock ( & sci - > sc_state_lock ) ;
if ( mode ) {
2015-11-06 16:32:14 -08:00
nilfs_segctor_do_construct ( sci , mode ) ;
2009-04-06 19:01:37 -07:00
spin_lock ( & sci - > sc_state_lock ) ;
sci - > sc_flush_request & = ( mode = = SC_FLUSH_FILE ) ?
~ FLUSH_FILE_BIT : ~ FLUSH_DAT_BIT ;
spin_unlock ( & sci - > sc_state_lock ) ;
}
clear_bit ( NILFS_SC_PRIOR_FLUSH , & sci - > sc_flags ) ;
}
static int nilfs_segctor_flush_mode ( struct nilfs_sc_info * sci )
{
if ( ! test_bit ( NILFS_SC_UNCLOSED , & sci - > sc_flags ) | |
time_before ( jiffies , sci - > sc_lseg_stime + sci - > sc_mjcp_freq ) ) {
if ( ! ( sci - > sc_flush_request & ~ FLUSH_FILE_BIT ) )
return SC_FLUSH_FILE ;
else if ( ! ( sci - > sc_flush_request & ~ FLUSH_DAT_BIT ) )
return SC_FLUSH_DAT ;
}
return SC_LSEG_SR ;
}
/**
* nilfs_segctor_thread - main loop of the segment constructor thread .
* @ arg : pointer to a struct nilfs_sc_info .
*
* nilfs_segctor_thread ( ) initializes a timer and serves as a daemon
* to execute segment constructions .
*/
static int nilfs_segctor_thread ( void * arg )
{
struct nilfs_sc_info * sci = ( struct nilfs_sc_info * ) arg ;
2011-03-09 11:05:08 +09:00
struct the_nilfs * nilfs = sci - > sc_super - > s_fs_info ;
2009-04-06 19:01:37 -07:00
int timeout = 0 ;
2017-11-17 15:29:32 -08:00
sci - > sc_timer_task = current ;
2009-04-06 19:01:37 -07:00
/* start sync. */
sci - > sc_task = current ;
wake_up ( & sci - > sc_wait_task ) ; /* for nilfs_segctor_start_thread() */
2020-08-11 18:35:49 -07:00
nilfs_info ( sci - > sc_super ,
" segctord starting. Construction interval = %lu seconds, CP frequency < %lu seconds " ,
sci - > sc_interval / HZ , sci - > sc_mjcp_freq / HZ ) ;
2009-04-06 19:01:37 -07:00
2023-12-19 18:09:18 +09:00
set_freezable ( ) ;
2009-04-06 19:01:37 -07:00
spin_lock ( & sci - > sc_state_lock ) ;
loop :
for ( ; ; ) {
int mode ;
if ( sci - > sc_state & NILFS_SEGCTOR_QUIT )
goto end_thread ;
if ( timeout | | sci - > sc_seq_request ! = sci - > sc_seq_done )
mode = SC_LSEG_SR ;
2016-05-23 16:23:42 -07:00
else if ( sci - > sc_flush_request )
2009-04-06 19:01:37 -07:00
mode = nilfs_segctor_flush_mode ( sci ) ;
2016-05-23 16:23:42 -07:00
else
break ;
2009-04-06 19:01:37 -07:00
spin_unlock ( & sci - > sc_state_lock ) ;
nilfs_segctor_thread_construct ( sci , mode ) ;
spin_lock ( & sci - > sc_state_lock ) ;
timeout = 0 ;
}
if ( freezing ( current ) ) {
spin_unlock ( & sci - > sc_state_lock ) ;
2011-11-21 12:32:22 -08:00
try_to_freeze ( ) ;
2009-04-06 19:01:37 -07:00
spin_lock ( & sci - > sc_state_lock ) ;
} else {
DEFINE_WAIT ( wait ) ;
int should_sleep = 1 ;
prepare_to_wait ( & sci - > sc_wait_daemon , & wait ,
TASK_INTERRUPTIBLE ) ;
if ( sci - > sc_seq_request ! = sci - > sc_seq_done )
should_sleep = 0 ;
else if ( sci - > sc_flush_request )
should_sleep = 0 ;
else if ( sci - > sc_state & NILFS_SEGCTOR_COMMIT )
should_sleep = time_before ( jiffies ,
2010-04-10 23:25:39 +08:00
sci - > sc_timer . expires ) ;
2009-04-06 19:01:37 -07:00
if ( should_sleep ) {
spin_unlock ( & sci - > sc_state_lock ) ;
schedule ( ) ;
spin_lock ( & sci - > sc_state_lock ) ;
}
finish_wait ( & sci - > sc_wait_daemon , & wait ) ;
timeout = ( ( sci - > sc_state & NILFS_SEGCTOR_COMMIT ) & &
2010-04-10 23:25:39 +08:00
time_after_eq ( jiffies , sci - > sc_timer . expires ) ) ;
2009-12-09 00:57:52 +09:00
if ( nilfs_sb_dirty ( nilfs ) & & nilfs_sb_need_update ( nilfs ) )
2009-07-23 01:33:49 +09:00
set_nilfs_discontinued ( nilfs ) ;
2009-04-06 19:01:37 -07:00
}
goto loop ;
end_thread :
/* end sync. */
sci - > sc_task = NULL ;
wake_up ( & sci - > sc_wait_task ) ; /* for nilfs_segctor_kill_thread() */
2023-03-28 02:53:18 +09:00
spin_unlock ( & sci - > sc_state_lock ) ;
2009-04-06 19:01:37 -07:00
return 0 ;
}
static int nilfs_segctor_start_thread ( struct nilfs_sc_info * sci )
{
struct task_struct * t ;
t = kthread_run ( nilfs_segctor_thread , sci , " segctord " ) ;
if ( IS_ERR ( t ) ) {
int err = PTR_ERR ( t ) ;
2020-08-11 18:35:49 -07:00
nilfs_err ( sci - > sc_super , " error %d creating segctord thread " ,
err ) ;
2009-04-06 19:01:37 -07:00
return err ;
}
wait_event ( sci - > sc_wait_task , sci - > sc_task ! = NULL ) ;
return 0 ;
}
static void nilfs_segctor_kill_thread ( struct nilfs_sc_info * sci )
2010-10-14 13:52:00 +09:00
__acquires ( & sci - > sc_state_lock )
__releases ( & sci - > sc_state_lock )
2009-04-06 19:01:37 -07:00
{
sci - > sc_state | = NILFS_SEGCTOR_QUIT ;
while ( sci - > sc_task ) {
wake_up ( & sci - > sc_wait_daemon ) ;
spin_unlock ( & sci - > sc_state_lock ) ;
wait_event ( sci - > sc_wait_task , sci - > sc_task = = NULL ) ;
spin_lock ( & sci - > sc_state_lock ) ;
}
}
/*
* Setup & clean - up functions
*/
2011-03-09 11:05:08 +09:00
static struct nilfs_sc_info * nilfs_segctor_new ( struct super_block * sb ,
2010-08-14 13:07:15 +09:00
struct nilfs_root * root )
2009-04-06 19:01:37 -07:00
{
2011-03-09 11:05:08 +09:00
struct the_nilfs * nilfs = sb - > s_fs_info ;
2009-04-06 19:01:37 -07:00
struct nilfs_sc_info * sci ;
sci = kzalloc ( sizeof ( * sci ) , GFP_KERNEL ) ;
if ( ! sci )
return NULL ;
2011-03-09 11:05:08 +09:00
sci - > sc_super = sb ;
2009-04-06 19:01:37 -07:00
2010-08-14 13:07:15 +09:00
nilfs_get_root ( root ) ;
sci - > sc_root = root ;
2009-04-06 19:01:37 -07:00
init_waitqueue_head ( & sci - > sc_wait_request ) ;
init_waitqueue_head ( & sci - > sc_wait_daemon ) ;
init_waitqueue_head ( & sci - > sc_wait_task ) ;
spin_lock_init ( & sci - > sc_state_lock ) ;
INIT_LIST_HEAD ( & sci - > sc_dirty_files ) ;
INIT_LIST_HEAD ( & sci - > sc_segbufs ) ;
2009-11-29 23:03:04 +09:00
INIT_LIST_HEAD ( & sci - > sc_write_logs ) ;
2009-04-06 19:01:37 -07:00
INIT_LIST_HEAD ( & sci - > sc_gc_inodes ) ;
2015-02-05 12:25:20 -08:00
INIT_LIST_HEAD ( & sci - > sc_iput_queue ) ;
INIT_WORK ( & sci - > sc_iput_work , nilfs_iput_work_func ) ;
2017-11-17 15:29:32 -08:00
timer_setup ( & sci - > sc_timer , nilfs_construction_timeout , 0 ) ;
2009-04-06 19:01:37 -07:00
sci - > sc_interval = HZ * NILFS_SC_DEFAULT_TIMEOUT ;
sci - > sc_mjcp_freq = HZ * NILFS_SC_DEFAULT_SR_FREQ ;
sci - > sc_watermark = NILFS_SC_DEFAULT_WATERMARK ;
2011-03-09 11:05:07 +09:00
if ( nilfs - > ns_interval )
2011-06-10 00:33:06 +09:00
sci - > sc_interval = HZ * nilfs - > ns_interval ;
2011-03-09 11:05:07 +09:00
if ( nilfs - > ns_watermark )
sci - > sc_watermark = nilfs - > ns_watermark ;
2009-04-06 19:01:37 -07:00
return sci ;
}
static void nilfs_segctor_write_out ( struct nilfs_sc_info * sci )
{
int ret , retrycount = NILFS_SC_CLEANUP_RETRY ;
2016-05-23 16:23:48 -07:00
/*
* The segctord thread was stopped and its timer was removed .
* But some tasks remain .
*/
2009-04-06 19:01:37 -07:00
do {
struct nilfs_transaction_info ti ;
2011-03-09 11:05:08 +09:00
nilfs_transaction_lock ( sci - > sc_super , & ti , 0 ) ;
2010-01-26 15:20:15 +09:00
ret = nilfs_segctor_construct ( sci , SC_LSEG_SR ) ;
2011-03-09 11:05:08 +09:00
nilfs_transaction_unlock ( sci - > sc_super ) ;
2009-04-06 19:01:37 -07:00
2015-02-05 12:25:20 -08:00
flush_work ( & sci - > sc_iput_work ) ;
2023-04-27 10:15:26 +09:00
} while ( ret & & ret ! = - EROFS & & retrycount - - > 0 ) ;
2009-04-06 19:01:37 -07:00
}
/**
* nilfs_segctor_destroy - destroy the segment constructor .
* @ sci : nilfs_sc_info
*
* nilfs_segctor_destroy ( ) kills the segctord thread and frees
* the nilfs_sc_info struct .
* Caller must hold the segment semaphore .
*/
static void nilfs_segctor_destroy ( struct nilfs_sc_info * sci )
{
2011-03-09 11:05:08 +09:00
struct the_nilfs * nilfs = sci - > sc_super - > s_fs_info ;
2009-04-06 19:01:37 -07:00
int flag ;
2011-03-09 11:05:07 +09:00
up_write ( & nilfs - > ns_segctor_sem ) ;
2009-04-06 19:01:37 -07:00
spin_lock ( & sci - > sc_state_lock ) ;
nilfs_segctor_kill_thread ( sci ) ;
flag = ( ( sci - > sc_state & NILFS_SEGCTOR_COMMIT ) | | sci - > sc_flush_request
| | sci - > sc_seq_request ! = sci - > sc_seq_done ) ;
spin_unlock ( & sci - > sc_state_lock ) ;
2015-02-05 12:25:20 -08:00
if ( flush_work ( & sci - > sc_iput_work ) )
flag = true ;
2010-01-31 12:39:50 +09:00
if ( flag | | ! nilfs_segctor_confirm ( sci ) )
2009-04-06 19:01:37 -07:00
nilfs_segctor_write_out ( sci ) ;
if ( ! list_empty ( & sci - > sc_dirty_files ) ) {
2020-08-11 18:35:49 -07:00
nilfs_warn ( sci - > sc_super ,
" disposed unprocessed dirty file(s) when stopping log writer " ) ;
2011-03-09 11:05:07 +09:00
nilfs_dispose_list ( nilfs , & sci - > sc_dirty_files , 1 ) ;
2009-04-06 19:01:37 -07:00
}
2015-02-05 12:25:20 -08:00
if ( ! list_empty ( & sci - > sc_iput_queue ) ) {
2020-08-11 18:35:49 -07:00
nilfs_warn ( sci - > sc_super ,
" disposed unprocessed inode(s) in iput queue when stopping log writer " ) ;
2015-02-05 12:25:20 -08:00
nilfs_dispose_list ( nilfs , & sci - > sc_iput_queue , 1 ) ;
}
2009-04-06 19:01:55 -07:00
WARN_ON ( ! list_empty ( & sci - > sc_segbufs ) ) ;
2009-11-29 23:03:04 +09:00
WARN_ON ( ! list_empty ( & sci - > sc_write_logs ) ) ;
2009-04-06 19:01:37 -07:00
2010-08-14 13:07:15 +09:00
nilfs_put_root ( sci - > sc_root ) ;
2011-03-09 11:05:07 +09:00
down_write ( & nilfs - > ns_segctor_sem ) ;
2009-04-06 19:01:37 -07:00
2022-12-20 13:45:19 -05:00
timer_shutdown_sync ( & sci - > sc_timer ) ;
2009-04-06 19:01:37 -07:00
kfree ( sci ) ;
}
/**
2011-03-09 11:05:08 +09:00
* nilfs_attach_log_writer - attach log writer
* @ sb : super block instance
2010-08-14 13:07:15 +09:00
* @ root : root object of the current filesystem tree
2009-04-06 19:01:37 -07:00
*
2011-03-09 11:05:08 +09:00
* This allocates a log writer object , initializes it , and starts the
* log writer .
2009-04-06 19:01:37 -07:00
*
* Return Value : On success , 0 is returned . On error , one of the following
* negative error code is returned .
*
* % - ENOMEM - Insufficient memory available .
*/
2011-03-09 11:05:08 +09:00
int nilfs_attach_log_writer ( struct super_block * sb , struct nilfs_root * root )
2009-04-06 19:01:37 -07:00
{
2011-03-09 11:05:08 +09:00
struct the_nilfs * nilfs = sb - > s_fs_info ;
2009-04-06 19:01:37 -07:00
int err ;
2011-03-09 11:05:08 +09:00
if ( nilfs - > ns_writer ) {
2010-01-31 19:46:40 +09:00
/*
2022-11-04 23:29:59 +09:00
* This happens if the filesystem is made read - only by
* __nilfs_error or nilfs_remount and then remounted
* read / write . In these cases , reuse the existing
* writer .
2010-01-31 19:46:40 +09:00
*/
2022-11-04 23:29:59 +09:00
return 0 ;
2010-01-31 19:46:40 +09:00
}
2011-03-09 11:05:08 +09:00
nilfs - > ns_writer = nilfs_segctor_new ( sb , root ) ;
2011-03-09 11:05:08 +09:00
if ( ! nilfs - > ns_writer )
2009-04-06 19:01:37 -07:00
return - ENOMEM ;
2020-06-10 18:41:35 -07:00
inode_attach_wb ( nilfs - > ns_bdev - > bd_inode , NULL ) ;
2011-03-09 11:05:08 +09:00
err = nilfs_segctor_start_thread ( nilfs - > ns_writer ) ;
2022-10-07 17:52:26 +09:00
if ( unlikely ( err ) )
nilfs_detach_log_writer ( sb ) ;
2009-04-06 19:01:37 -07:00
return err ;
}
/**
2011-03-09 11:05:08 +09:00
* nilfs_detach_log_writer - destroy log writer
* @ sb : super block instance
2009-04-06 19:01:37 -07:00
*
2011-03-09 11:05:08 +09:00
* This kills log writer daemon , frees the log writer object , and
* destroys list of dirty files .
2009-04-06 19:01:37 -07:00
*/
2011-03-09 11:05:08 +09:00
void nilfs_detach_log_writer ( struct super_block * sb )
2009-04-06 19:01:37 -07:00
{
2011-03-09 11:05:08 +09:00
struct the_nilfs * nilfs = sb - > s_fs_info ;
2009-04-06 19:01:37 -07:00
LIST_HEAD ( garbage_list ) ;
down_write ( & nilfs - > ns_segctor_sem ) ;
2011-03-09 11:05:08 +09:00
if ( nilfs - > ns_writer ) {
nilfs_segctor_destroy ( nilfs - > ns_writer ) ;
nilfs - > ns_writer = NULL ;
2009-04-06 19:01:37 -07:00
}
nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput
During unmount process of nilfs2, nothing holds nilfs_root structure after
nilfs2 detaches its writer in nilfs_detach_log_writer(). Previously,
nilfs_evict_inode() could cause use-after-free read for nilfs_root if
inodes are left in "garbage_list" and released by nilfs_dispose_list at
the end of nilfs_detach_log_writer(), and this bug was fixed by commit
9b5a04ac3ad9 ("nilfs2: fix use-after-free bug of nilfs_root in
nilfs_evict_inode()").
However, it turned out that there is another possibility of UAF in the
call path where mark_inode_dirty_sync() is called from iput():
nilfs_detach_log_writer()
nilfs_dispose_list()
iput()
mark_inode_dirty_sync()
__mark_inode_dirty()
nilfs_dirty_inode()
__nilfs_mark_inode_dirty()
nilfs_load_inode_block() --> causes UAF of nilfs_root struct
This can happen after commit 0ae45f63d4ef ("vfs: add support for a
lazytime mount option"), which changed iput() to call
mark_inode_dirty_sync() on its final reference if i_state has I_DIRTY_TIME
flag and i_nlink is non-zero.
This issue appears after commit 28a65b49eb53 ("nilfs2: do not write dirty
data after degenerating to read-only") when using the syzbot reproducer,
but the issue has potentially existed before.
Fix this issue by adding a "purging flag" to the nilfs structure, setting
that flag while disposing the "garbage_list" and checking it in
__nilfs_mark_inode_dirty().
Unlike commit 9b5a04ac3ad9 ("nilfs2: fix use-after-free bug of nilfs_root
in nilfs_evict_inode()"), this patch does not rely on ns_writer to
determine whether to skip operations, so as not to break recovery on
mount. The nilfs_salvage_orphan_logs routine dirties the buffer of
salvaged data before attaching the log writer, so changing
__nilfs_mark_inode_dirty() to skip the operation when ns_writer is NULL
will cause recovery write to fail. The purpose of using the cleanup-only
flag is to allow for narrowing of such conditions.
Link: https://lkml.kernel.org/r/20230728191318.33047-1-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+74db8b3087f293d3a13a@syzkaller.appspotmail.com
Closes: https://lkml.kernel.org/r/000000000000b4e906060113fd63@google.com
Fixes: 0ae45f63d4ef ("vfs: add support for a lazytime mount option")
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org> # 4.0+
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2023-07-29 04:13:18 +09:00
set_nilfs_purging ( nilfs ) ;
2009-04-06 19:01:37 -07:00
/* Force to free the list of dirty files */
2011-03-09 11:05:07 +09:00
spin_lock ( & nilfs - > ns_inode_lock ) ;
if ( ! list_empty ( & nilfs - > ns_dirty_files ) ) {
list_splice_init ( & nilfs - > ns_dirty_files , & garbage_list ) ;
2020-08-11 18:35:49 -07:00
nilfs_warn ( sb ,
" disposed unprocessed dirty file(s) when detaching log writer " ) ;
2009-04-06 19:01:37 -07:00
}
2011-03-09 11:05:07 +09:00
spin_unlock ( & nilfs - > ns_inode_lock ) ;
2009-04-06 19:01:37 -07:00
up_write ( & nilfs - > ns_segctor_sem ) ;
2011-03-09 11:05:07 +09:00
nilfs_dispose_list ( nilfs , & garbage_list , 1 ) ;
nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput
During unmount process of nilfs2, nothing holds nilfs_root structure after
nilfs2 detaches its writer in nilfs_detach_log_writer(). Previously,
nilfs_evict_inode() could cause use-after-free read for nilfs_root if
inodes are left in "garbage_list" and released by nilfs_dispose_list at
the end of nilfs_detach_log_writer(), and this bug was fixed by commit
9b5a04ac3ad9 ("nilfs2: fix use-after-free bug of nilfs_root in
nilfs_evict_inode()").
However, it turned out that there is another possibility of UAF in the
call path where mark_inode_dirty_sync() is called from iput():
nilfs_detach_log_writer()
nilfs_dispose_list()
iput()
mark_inode_dirty_sync()
__mark_inode_dirty()
nilfs_dirty_inode()
__nilfs_mark_inode_dirty()
nilfs_load_inode_block() --> causes UAF of nilfs_root struct
This can happen after commit 0ae45f63d4ef ("vfs: add support for a
lazytime mount option"), which changed iput() to call
mark_inode_dirty_sync() on its final reference if i_state has I_DIRTY_TIME
flag and i_nlink is non-zero.
This issue appears after commit 28a65b49eb53 ("nilfs2: do not write dirty
data after degenerating to read-only") when using the syzbot reproducer,
but the issue has potentially existed before.
Fix this issue by adding a "purging flag" to the nilfs structure, setting
that flag while disposing the "garbage_list" and checking it in
__nilfs_mark_inode_dirty().
Unlike commit 9b5a04ac3ad9 ("nilfs2: fix use-after-free bug of nilfs_root
in nilfs_evict_inode()"), this patch does not rely on ns_writer to
determine whether to skip operations, so as not to break recovery on
mount. The nilfs_salvage_orphan_logs routine dirties the buffer of
salvaged data before attaching the log writer, so changing
__nilfs_mark_inode_dirty() to skip the operation when ns_writer is NULL
will cause recovery write to fail. The purpose of using the cleanup-only
flag is to allow for narrowing of such conditions.
Link: https://lkml.kernel.org/r/20230728191318.33047-1-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+74db8b3087f293d3a13a@syzkaller.appspotmail.com
Closes: https://lkml.kernel.org/r/000000000000b4e906060113fd63@google.com
Fixes: 0ae45f63d4ef ("vfs: add support for a lazytime mount option")
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org> # 4.0+
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2023-07-29 04:13:18 +09:00
clear_nilfs_purging ( nilfs ) ;
2009-04-06 19:01:37 -07:00
}