[1/2] btrfs: convert block group refcount to refcount_t

Message ID	20200701202219.11984-1-josef@toxicpanda.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=5Fjf=AM=vger.kernel.org=linux-btrfs-owner@kernel.org> From: Josef Bacik <josef@toxicpanda.com> To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH 1/2] btrfs: convert block group refcount to refcount_t Date: Wed, 1 Jul 2020 16:22:18 -0400 Message-Id: <20200701202219.11984-1-josef@toxicpanda.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-btrfs-owner@vger.kernel.org Precedence: bulk
Series	[1/2] btrfs: convert block group refcount to refcount_t \| expand [1/2] btrfs: convert block group refcount to refcount_t [2/2] btrfs: fix block group UAF bug with nocow

Message ID

20200701202219.11984-1-josef@toxicpanda.com (mailing list archive)

State

New, archived

Headers

From: Josef Bacik <josef@toxicpanda.com>
To: linux-btrfs@vger.kernel.org, kernel-team@fb.com
Subject: [PATCH 1/2] btrfs: convert block group refcount to refcount_t
Date: Wed,  1 Jul 2020 16:22:18 -0400
Message-Id: <20200701202219.11984-1-josef@toxicpanda.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-btrfs-owner@vger.kernel.org
Precedence: bulk

Series

[1/2] btrfs: convert block group refcount to refcount_t | expand

Commit Message

Josef Bacik July 1, 2020, 8:22 p.m. UTC

I was experimenting with some new allocator changes and I noticed that I
was getting a UAF with the block groups.  In order to help figure this
out I converted the block group to use the refcount_t infrastructure.
This is a generally good idea anyway, so kill the atomic and use
refcount_t so we can get the benefit of loud complaints when refcounting
goes wrong.

Signed-off-by: Josef Bacik <josef@toxicpanda.com>
---
 fs/btrfs/block-group.c | 8 ++++----
 fs/btrfs/block-group.h | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

Comments

kernel test robot July 2, 2020, 1:25 a.m. UTC | #1

Hi Josef,

I love your patch! Yet something to improve:

[auto build test ERROR on kdave/for-next]
[also build test ERROR on v5.8-rc3 next-20200701]
[cannot apply to btrfs/next]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use  as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Josef-Bacik/btrfs-convert-block-group-refcount-to-refcount_t/20200702-042305
base:   https://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux.git for-next
config: nds32-allmodconfig (attached as .config)
compiler: nds32le-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=nds32 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

   In file included from fs/btrfs/free-space-cache.c:14:
   fs/btrfs/ctree.h:2216:8: warning: type qualifiers ignored on function return type [-Wignored-qualifiers]
    2216 | size_t __const btrfs_get_num_csums(void);
         |        ^~~~~~~
   fs/btrfs/free-space-cache.c: In function 'btrfs_return_cluster_to_free_space':
>> fs/btrfs/free-space-cache.c:2930:13: error: passing argument 1 of 'atomic_inc' from incompatible pointer type [-Werror=incompatible-pointer-types]
    2930 |  atomic_inc(&block_group->count);
         |             ^~~~~~~~~~~~~~~~~~~
         |             |
         |             refcount_t * {aka struct refcount_struct *}
   In file included from include/linux/atomic.h:74,
                    from include/asm-generic/bitops/lock.h:5,
                    from include/asm-generic/bitops.h:32,
                    from ./arch/nds32/include/generated/asm/bitops.h:1,
                    from include/linux/bitops.h:29,
                    from include/linux/kernel.h:12,
                    from include/asm-generic/bug.h:19,
                    from ./arch/nds32/include/generated/asm/bug.h:1,
                    from include/linux/bug.h:5,
                    from include/linux/mmdebug.h:5,
                    from include/linux/mm.h:9,
                    from include/linux/pagemap.h:8,
                    from fs/btrfs/free-space-cache.c:6:
   include/linux/atomic-fallback.h:266:22: note: expected 'atomic_t *' {aka 'struct <anonymous> *'} but argument is of type 'refcount_t *' {aka 'struct refcount_struct *'}
     266 | atomic_inc(atomic_t *v)
         |            ~~~~~~~~~~^
   fs/btrfs/free-space-cache.c: In function 'btrfs_find_space_cluster':
   fs/btrfs/free-space-cache.c:3361:14: error: passing argument 1 of 'atomic_inc' from incompatible pointer type [-Werror=incompatible-pointer-types]
    3361 |   atomic_inc(&block_group->count);
         |              ^~~~~~~~~~~~~~~~~~~
         |              |
         |              refcount_t * {aka struct refcount_struct *}
   In file included from include/linux/atomic.h:74,
                    from include/asm-generic/bitops/lock.h:5,
                    from include/asm-generic/bitops.h:32,
                    from ./arch/nds32/include/generated/asm/bitops.h:1,
                    from include/linux/bitops.h:29,
                    from include/linux/kernel.h:12,
                    from include/asm-generic/bug.h:19,
                    from ./arch/nds32/include/generated/asm/bug.h:1,
                    from include/linux/bug.h:5,
                    from include/linux/mmdebug.h:5,
                    from include/linux/mm.h:9,
                    from include/linux/pagemap.h:8,
                    from fs/btrfs/free-space-cache.c:6:
   include/linux/atomic-fallback.h:266:22: note: expected 'atomic_t *' {aka 'struct <anonymous> *'} but argument is of type 'refcount_t *' {aka 'struct refcount_struct *'}
     266 | atomic_inc(atomic_t *v)
         |            ~~~~~~~~~~^
   cc1: some warnings being treated as errors

vim +/atomic_inc +2930 fs/btrfs/free-space-cache.c

fa9c0d795f7b57c Chris Mason  2009-04-03  2901  
fa9c0d795f7b57c Chris Mason  2009-04-03  2902  /*
fa9c0d795f7b57c Chris Mason  2009-04-03  2903   * given a cluster, put all of its extents back into the free space
fa9c0d795f7b57c Chris Mason  2009-04-03  2904   * cache.  If a block group is passed, this function will only free
fa9c0d795f7b57c Chris Mason  2009-04-03  2905   * a cluster that belongs to the passed block group.
fa9c0d795f7b57c Chris Mason  2009-04-03  2906   *
fa9c0d795f7b57c Chris Mason  2009-04-03  2907   * Otherwise, it'll get a reference on the block group pointed to by the
fa9c0d795f7b57c Chris Mason  2009-04-03  2908   * cluster and remove the cluster from it.
fa9c0d795f7b57c Chris Mason  2009-04-03  2909   */
fa9c0d795f7b57c Chris Mason  2009-04-03  2910  int btrfs_return_cluster_to_free_space(
32da5386d9a4fd5 David Sterba 2019-10-29  2911  			       struct btrfs_block_group *block_group,
fa9c0d795f7b57c Chris Mason  2009-04-03  2912  			       struct btrfs_free_cluster *cluster)
fa9c0d795f7b57c Chris Mason  2009-04-03  2913  {
34d52cb6c50b5a4 Li Zefan     2011-03-29  2914  	struct btrfs_free_space_ctl *ctl;
fa9c0d795f7b57c Chris Mason  2009-04-03  2915  	int ret;
fa9c0d795f7b57c Chris Mason  2009-04-03  2916  
fa9c0d795f7b57c Chris Mason  2009-04-03  2917  	/* first, get a safe pointer to the block group */
fa9c0d795f7b57c Chris Mason  2009-04-03  2918  	spin_lock(&cluster->lock);
fa9c0d795f7b57c Chris Mason  2009-04-03  2919  	if (!block_group) {
fa9c0d795f7b57c Chris Mason  2009-04-03  2920  		block_group = cluster->block_group;
fa9c0d795f7b57c Chris Mason  2009-04-03  2921  		if (!block_group) {
fa9c0d795f7b57c Chris Mason  2009-04-03  2922  			spin_unlock(&cluster->lock);
fa9c0d795f7b57c Chris Mason  2009-04-03  2923  			return 0;
fa9c0d795f7b57c Chris Mason  2009-04-03  2924  		}
fa9c0d795f7b57c Chris Mason  2009-04-03  2925  	} else if (cluster->block_group != block_group) {
fa9c0d795f7b57c Chris Mason  2009-04-03  2926  		/* someone else has already freed it don't redo their work */
fa9c0d795f7b57c Chris Mason  2009-04-03  2927  		spin_unlock(&cluster->lock);
fa9c0d795f7b57c Chris Mason  2009-04-03  2928  		return 0;
fa9c0d795f7b57c Chris Mason  2009-04-03  2929  	}
fa9c0d795f7b57c Chris Mason  2009-04-03 @2930  	atomic_inc(&block_group->count);
fa9c0d795f7b57c Chris Mason  2009-04-03  2931  	spin_unlock(&cluster->lock);
fa9c0d795f7b57c Chris Mason  2009-04-03  2932  
34d52cb6c50b5a4 Li Zefan     2011-03-29  2933  	ctl = block_group->free_space_ctl;
34d52cb6c50b5a4 Li Zefan     2011-03-29  2934  
fa9c0d795f7b57c Chris Mason  2009-04-03  2935  	/* now return any extents the cluster had on it */
34d52cb6c50b5a4 Li Zefan     2011-03-29  2936  	spin_lock(&ctl->tree_lock);
fa9c0d795f7b57c Chris Mason  2009-04-03  2937  	ret = __btrfs_return_cluster_to_free_space(block_group, cluster);
34d52cb6c50b5a4 Li Zefan     2011-03-29  2938  	spin_unlock(&ctl->tree_lock);
fa9c0d795f7b57c Chris Mason  2009-04-03  2939  
6e80d4f8c422d3b Dennis Zhou  2019-12-13  2940  	btrfs_discard_queue_work(&block_group->fs_info->discard_ctl, block_group);
6e80d4f8c422d3b Dennis Zhou  2019-12-13  2941  
fa9c0d795f7b57c Chris Mason  2009-04-03  2942  	/* finally drop our ref */
fa9c0d795f7b57c Chris Mason  2009-04-03  2943  	btrfs_put_block_group(block_group);
fa9c0d795f7b57c Chris Mason  2009-04-03  2944  	return ret;
fa9c0d795f7b57c Chris Mason  2009-04-03  2945  }
fa9c0d795f7b57c Chris Mason  2009-04-03  2946  

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

kernel test robot July 2, 2020, 5:22 a.m. UTC | #2

Hi Josef,

I love your patch! Perhaps something to improve:

[auto build test WARNING on kdave/for-next]
[also build test WARNING on v5.8-rc3 next-20200701]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use  as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Josef-Bacik/btrfs-convert-block-group-refcount-to-refcount_t/20200702-042305
base:   https://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux.git for-next
config: i386-randconfig-a003-20200701 (attached as .config)
compiler: gcc-4.9 (Ubuntu 4.9.3-13ubuntu2) 4.9.3
reproduce (this is a W=1 build):
        # save the attached .config to linux build tree
        make W=1 ARCH=i386 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All warnings (new ones prefixed by >>):

   In file included from fs/btrfs/free-space-cache.c:14:0:
   fs/btrfs/ctree.h:2216:16: warning: type qualifiers ignored on function return type [-Wignored-qualifiers]
    size_t __const btrfs_get_num_csums(void);
                   ^
   fs/btrfs/free-space-cache.c: In function 'btrfs_return_cluster_to_free_space':
>> fs/btrfs/free-space-cache.c:2930:13: warning: passing argument 1 of 'atomic_inc' from incompatible pointer type
     atomic_inc(&block_group->count);
                ^
   In file included from arch/x86/include/asm/atomic.h:265:0,
                    from include/linux/atomic.h:7,
                    from include/linux/jump_label.h:249,
                    from include/linux/static_key.h:1,
                    from arch/x86/include/asm/nospec-branch.h:6,
                    from arch/x86/include/asm/paravirt_types.h:46,
                    from arch/x86/include/asm/ptrace.h:94,
                    from arch/x86/include/asm/math_emu.h:5,
                    from arch/x86/include/asm/processor.h:13,
                    from arch/x86/include/asm/cpufeature.h:5,
                    from arch/x86/include/asm/thread_info.h:53,
                    from include/linux/thread_info.h:38,
                    from arch/x86/include/asm/preempt.h:7,
                    from include/linux/preempt.h:78,
                    from include/linux/spinlock.h:51,
                    from include/linux/mmzone.h:8,
                    from include/linux/gfp.h:6,
                    from include/linux/mm.h:10,
                    from include/linux/pagemap.h:8,
                    from fs/btrfs/free-space-cache.c:6:
   include/asm-generic/atomic-instrumented.h:237:1: note: expected 'struct atomic_t *' but argument is of type 'struct refcount_t *'
    atomic_inc(atomic_t *v)
    ^
   fs/btrfs/free-space-cache.c: In function 'btrfs_find_space_cluster':
   fs/btrfs/free-space-cache.c:3361:14: warning: passing argument 1 of 'atomic_inc' from incompatible pointer type
      atomic_inc(&block_group->count);
                 ^
   In file included from arch/x86/include/asm/atomic.h:265:0,
                    from include/linux/atomic.h:7,
                    from include/linux/jump_label.h:249,
                    from include/linux/static_key.h:1,
                    from arch/x86/include/asm/nospec-branch.h:6,
                    from arch/x86/include/asm/paravirt_types.h:46,
                    from arch/x86/include/asm/ptrace.h:94,
                    from arch/x86/include/asm/math_emu.h:5,
                    from arch/x86/include/asm/processor.h:13,
                    from arch/x86/include/asm/cpufeature.h:5,
                    from arch/x86/include/asm/thread_info.h:53,
                    from include/linux/thread_info.h:38,
                    from arch/x86/include/asm/preempt.h:7,
                    from include/linux/preempt.h:78,
                    from include/linux/spinlock.h:51,
                    from include/linux/mmzone.h:8,
                    from include/linux/gfp.h:6,
                    from include/linux/mm.h:10,
                    from include/linux/pagemap.h:8,
                    from fs/btrfs/free-space-cache.c:6:
   include/asm-generic/atomic-instrumented.h:237:1: note: expected 'struct atomic_t *' but argument is of type 'struct refcount_t *'
    atomic_inc(atomic_t *v)
    ^

vim +/atomic_inc +2930 fs/btrfs/free-space-cache.c

fa9c0d795f7b57 Chris Mason  2009-04-03  2901  
fa9c0d795f7b57 Chris Mason  2009-04-03  2902  /*
fa9c0d795f7b57 Chris Mason  2009-04-03  2903   * given a cluster, put all of its extents back into the free space
fa9c0d795f7b57 Chris Mason  2009-04-03  2904   * cache.  If a block group is passed, this function will only free
fa9c0d795f7b57 Chris Mason  2009-04-03  2905   * a cluster that belongs to the passed block group.
fa9c0d795f7b57 Chris Mason  2009-04-03  2906   *
fa9c0d795f7b57 Chris Mason  2009-04-03  2907   * Otherwise, it'll get a reference on the block group pointed to by the
fa9c0d795f7b57 Chris Mason  2009-04-03  2908   * cluster and remove the cluster from it.
fa9c0d795f7b57 Chris Mason  2009-04-03  2909   */
fa9c0d795f7b57 Chris Mason  2009-04-03  2910  int btrfs_return_cluster_to_free_space(
32da5386d9a4fd David Sterba 2019-10-29  2911  			       struct btrfs_block_group *block_group,
fa9c0d795f7b57 Chris Mason  2009-04-03  2912  			       struct btrfs_free_cluster *cluster)
fa9c0d795f7b57 Chris Mason  2009-04-03  2913  {
34d52cb6c50b5a Li Zefan     2011-03-29  2914  	struct btrfs_free_space_ctl *ctl;
fa9c0d795f7b57 Chris Mason  2009-04-03  2915  	int ret;
fa9c0d795f7b57 Chris Mason  2009-04-03  2916  
fa9c0d795f7b57 Chris Mason  2009-04-03  2917  	/* first, get a safe pointer to the block group */
fa9c0d795f7b57 Chris Mason  2009-04-03  2918  	spin_lock(&cluster->lock);
fa9c0d795f7b57 Chris Mason  2009-04-03  2919  	if (!block_group) {
fa9c0d795f7b57 Chris Mason  2009-04-03  2920  		block_group = cluster->block_group;
fa9c0d795f7b57 Chris Mason  2009-04-03  2921  		if (!block_group) {
fa9c0d795f7b57 Chris Mason  2009-04-03  2922  			spin_unlock(&cluster->lock);
fa9c0d795f7b57 Chris Mason  2009-04-03  2923  			return 0;
fa9c0d795f7b57 Chris Mason  2009-04-03  2924  		}
fa9c0d795f7b57 Chris Mason  2009-04-03  2925  	} else if (cluster->block_group != block_group) {
fa9c0d795f7b57 Chris Mason  2009-04-03  2926  		/* someone else has already freed it don't redo their work */
fa9c0d795f7b57 Chris Mason  2009-04-03  2927  		spin_unlock(&cluster->lock);
fa9c0d795f7b57 Chris Mason  2009-04-03  2928  		return 0;
fa9c0d795f7b57 Chris Mason  2009-04-03  2929  	}
fa9c0d795f7b57 Chris Mason  2009-04-03 @2930  	atomic_inc(&block_group->count);
fa9c0d795f7b57 Chris Mason  2009-04-03  2931  	spin_unlock(&cluster->lock);
fa9c0d795f7b57 Chris Mason  2009-04-03  2932  
34d52cb6c50b5a Li Zefan     2011-03-29  2933  	ctl = block_group->free_space_ctl;
34d52cb6c50b5a Li Zefan     2011-03-29  2934  
fa9c0d795f7b57 Chris Mason  2009-04-03  2935  	/* now return any extents the cluster had on it */
34d52cb6c50b5a Li Zefan     2011-03-29  2936  	spin_lock(&ctl->tree_lock);
fa9c0d795f7b57 Chris Mason  2009-04-03  2937  	ret = __btrfs_return_cluster_to_free_space(block_group, cluster);
34d52cb6c50b5a Li Zefan     2011-03-29  2938  	spin_unlock(&ctl->tree_lock);
fa9c0d795f7b57 Chris Mason  2009-04-03  2939  
6e80d4f8c422d3 Dennis Zhou  2019-12-13  2940  	btrfs_discard_queue_work(&block_group->fs_info->discard_ctl, block_group);
6e80d4f8c422d3 Dennis Zhou  2019-12-13  2941  
fa9c0d795f7b57 Chris Mason  2009-04-03  2942  	/* finally drop our ref */
fa9c0d795f7b57 Chris Mason  2009-04-03  2943  	btrfs_put_block_group(block_group);
fa9c0d795f7b57 Chris Mason  2009-04-03  2944  	return ret;
fa9c0d795f7b57 Chris Mason  2009-04-03  2945  }
fa9c0d795f7b57 Chris Mason  2009-04-03  2946  

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Filipe Manana July 2, 2020, 11:24 a.m. UTC | #3

On Wed, Jul 1, 2020 at 9:24 PM Josef Bacik <josef@toxicpanda.com> wrote:
>
> I was experimenting with some new allocator changes and I noticed that I
> was getting a UAF with the block groups.  In order to help figure this
> out I converted the block group to use the refcount_t infrastructure.
> This is a generally good idea anyway, so kill the atomic and use
> refcount_t so we can get the benefit of loud complaints when refcounting
> goes wrong.
>
> Signed-off-by: Josef Bacik <josef@toxicpanda.com>

Reviewed-by: Filipe Manana <fdmanana@suse.com>

Looks good and the patch compiles and works just fine here on the
latest misc-next.
Thanks.

> ---
>  fs/btrfs/block-group.c | 8 ++++----
>  fs/btrfs/block-group.h | 2 +-
>  2 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/fs/btrfs/block-group.c b/fs/btrfs/block-group.c
> index 09b796a081dd..7c0075413b08 100644
> --- a/fs/btrfs/block-group.c
> +++ b/fs/btrfs/block-group.c
> @@ -118,12 +118,12 @@ u64 btrfs_get_alloc_profile(struct btrfs_fs_info *fs_info, u64 orig_flags)
>
>  void btrfs_get_block_group(struct btrfs_block_group *cache)
>  {
> -       atomic_inc(&cache->count);
> +       refcount_inc(&cache->count);
>  }
>
>  void btrfs_put_block_group(struct btrfs_block_group *cache)
>  {
> -       if (atomic_dec_and_test(&cache->count)) {
> +       if (refcount_dec_and_test(&cache->count)) {
>                 WARN_ON(cache->pinned > 0);
>                 WARN_ON(cache->reserved > 0);
>
> @@ -1805,7 +1805,7 @@ static struct btrfs_block_group *btrfs_create_block_group_cache(
>
>         cache->discard_index = BTRFS_DISCARD_INDEX_UNUSED;
>
> -       atomic_set(&cache->count, 1);
> +       refcount_set(&cache->count, 1);
>         spin_lock_init(&cache->lock);
>         init_rwsem(&cache->data_rwsem);
>         INIT_LIST_HEAD(&cache->list);
> @@ -3427,7 +3427,7 @@ int btrfs_free_block_groups(struct btrfs_fs_info *info)
>                 ASSERT(list_empty(&block_group->dirty_list));
>                 ASSERT(list_empty(&block_group->io_list));
>                 ASSERT(list_empty(&block_group->bg_list));
> -               ASSERT(atomic_read(&block_group->count) == 1);
> +               ASSERT(refcount_read(&block_group->count) == 1);
>                 btrfs_put_block_group(block_group);
>
>                 spin_lock(&info->block_group_cache_lock);
> diff --git a/fs/btrfs/block-group.h b/fs/btrfs/block-group.h
> index b6ee70a039c7..705e48050163 100644
> --- a/fs/btrfs/block-group.h
> +++ b/fs/btrfs/block-group.h
> @@ -115,7 +115,7 @@ struct btrfs_block_group {
>         struct list_head list;
>
>         /* Usage count */
> -       atomic_t count;
> +       refcount_t count;
>
>         /*
>          * List of struct btrfs_free_clusters for this block group.
> --
> 2.24.1
>

David Sterba July 3, 2020, 12:54 p.m. UTC | #4

On Wed, Jul 01, 2020 at 04:22:18PM -0400, Josef Bacik wrote:
> I was experimenting with some new allocator changes and I noticed that I
> was getting a UAF with the block groups.  In order to help figure this
> out I converted the block group to use the refcount_t infrastructure.
> This is a generally good idea anyway, so kill the atomic and use
> refcount_t so we can get the benefit of loud complaints when refcounting
> goes wrong.

I don't mind adding some background or motivation of the patch but the
technical part and explanation should be still there and after reading
this paragraph I'm still mssing it.

> Signed-off-by: Josef Bacik <josef@toxicpanda.com>
> ---
>  fs/btrfs/block-group.c | 8 ++++----
>  fs/btrfs/block-group.h | 2 +-
>  2 files changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/fs/btrfs/block-group.c b/fs/btrfs/block-group.c
> index 09b796a081dd..7c0075413b08 100644
> --- a/fs/btrfs/block-group.c
> +++ b/fs/btrfs/block-group.c
> @@ -118,12 +118,12 @@ u64 btrfs_get_alloc_profile(struct btrfs_fs_info *fs_info, u64 orig_flags)
>  
>  void btrfs_get_block_group(struct btrfs_block_group *cache)
>  {
> -	atomic_inc(&cache->count);
> +	refcount_inc(&cache->count);
>  }
>  
>  void btrfs_put_block_group(struct btrfs_block_group *cache)
>  {
> -	if (atomic_dec_and_test(&cache->count)) {
> +	if (refcount_dec_and_test(&cache->count)) {
>  		WARN_ON(cache->pinned > 0);
>  		WARN_ON(cache->reserved > 0);
>  
> @@ -1805,7 +1805,7 @@ static struct btrfs_block_group *btrfs_create_block_group_cache(
>  
>  	cache->discard_index = BTRFS_DISCARD_INDEX_UNUSED;
>  
> -	atomic_set(&cache->count, 1);
> +	refcount_set(&cache->count, 1);
>  	spin_lock_init(&cache->lock);
>  	init_rwsem(&cache->data_rwsem);
>  	INIT_LIST_HEAD(&cache->list);
> @@ -3427,7 +3427,7 @@ int btrfs_free_block_groups(struct btrfs_fs_info *info)
>  		ASSERT(list_empty(&block_group->dirty_list));
>  		ASSERT(list_empty(&block_group->io_list));
>  		ASSERT(list_empty(&block_group->bg_list));
> -		ASSERT(atomic_read(&block_group->count) == 1);
> +		ASSERT(refcount_read(&block_group->count) == 1);
>  		btrfs_put_block_group(block_group);
>  
>  		spin_lock(&info->block_group_cache_lock);
> diff --git a/fs/btrfs/block-group.h b/fs/btrfs/block-group.h
> index b6ee70a039c7..705e48050163 100644
> --- a/fs/btrfs/block-group.h
> +++ b/fs/btrfs/block-group.h
> @@ -115,7 +115,7 @@ struct btrfs_block_group {
>  	struct list_head list;
>  
>  	/* Usage count */
> -	atomic_t count;
> +	refcount_t count;

Originally the comment says 'usage', which is a bit different from
refcounts. The atomics will allow 1->0 and 0->1, which might be valid
pattern and reflects the 'usage counter' semantics. The refcounts catch
the 0->1 increment as bug and complain. This is what we want and that's
why you switch that.

So I suggest to drop the comment and rename it to 'refs' that we use
for refcounts elsewhere.

diff --git a/fs/btrfs/block-group.c b/fs/btrfs/block-group.c
index 09b796a081dd..7c0075413b08 100644
--- a/fs/btrfs/block-group.c
+++ b/fs/btrfs/block-group.c
@@ -118,12 +118,12 @@  u64 btrfs_get_alloc_profile(struct btrfs_fs_info *fs_info, u64 orig_flags)
 
 void btrfs_get_block_group(struct btrfs_block_group *cache)
 {
-	atomic_inc(&cache->count);
+	refcount_inc(&cache->count);
 }
 
 void btrfs_put_block_group(struct btrfs_block_group *cache)
 {
-	if (atomic_dec_and_test(&cache->count)) {
+	if (refcount_dec_and_test(&cache->count)) {
 		WARN_ON(cache->pinned > 0);
 		WARN_ON(cache->reserved > 0);
 
@@ -1805,7 +1805,7 @@  static struct btrfs_block_group *btrfs_create_block_group_cache(
 
 	cache->discard_index = BTRFS_DISCARD_INDEX_UNUSED;
 
-	atomic_set(&cache->count, 1);
+	refcount_set(&cache->count, 1);
 	spin_lock_init(&cache->lock);
 	init_rwsem(&cache->data_rwsem);
 	INIT_LIST_HEAD(&cache->list);
@@ -3427,7 +3427,7 @@  int btrfs_free_block_groups(struct btrfs_fs_info *info)
 		ASSERT(list_empty(&block_group->dirty_list));
 		ASSERT(list_empty(&block_group->io_list));
 		ASSERT(list_empty(&block_group->bg_list));
-		ASSERT(atomic_read(&block_group->count) == 1);
+		ASSERT(refcount_read(&block_group->count) == 1);
 		btrfs_put_block_group(block_group);
 
 		spin_lock(&info->block_group_cache_lock);
diff --git a/fs/btrfs/block-group.h b/fs/btrfs/block-group.h
index b6ee70a039c7..705e48050163 100644
--- a/fs/btrfs/block-group.h
+++ b/fs/btrfs/block-group.h
@@ -115,7 +115,7 @@  struct btrfs_block_group {
 	struct list_head list;
 
 	/* Usage count */
-	atomic_t count;
+	refcount_t count;
 
 	/*
 	 * List of struct btrfs_free_clusters for this block group.

[1/2] btrfs: convert block group refcount to refcount_t

Commit Message

Comments

Patch