From patchwork Tue Apr 10 11:35:21 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Changwei Ge <ge.changwei@h3c.com>
X-Patchwork-Id: 10332851
Return-Path: <ocfs2-devel-bounces@oss.oracle.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	4462A60365 for <patchwork-ocfs2-devel@patchwork.kernel.org>;
	Tue, 10 Apr 2018 11:36:59 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3462528C57
	for <patchwork-ocfs2-devel@patchwork.kernel.org>;
	Tue, 10 Apr 2018 11:36:59 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 2922D28DAF; Tue, 10 Apr 2018 11:36:59 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00, MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
Received: from aserp2120.oracle.com (aserp2120.oracle.com [141.146.126.78])
	(using TLSv1.2 with cipher AES256-SHA256 (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 0F8A628C57
	for <patchwork-ocfs2-devel@patchwork.kernel.org>;
	Tue, 10 Apr 2018 11:36:57 +0000 (UTC)
Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1])
	by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id
	w3ABaL4e013773; Tue, 10 Apr 2018 11:36:21 GMT
Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234])
	by aserp2120.oracle.com with ESMTP id 2h6ny39sda-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Tue, 10 Apr 2018 11:36:21 +0000
Received: from oss.oracle.com (oss-old-reserved.oracle.com [137.254.22.2])
	by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w3ABaGC0002705
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Tue, 10 Apr 2018 11:36:17 GMT
Received: from localhost ([127.0.0.1] helo=lb-oss.oracle.com)
	by oss.oracle.com with esmtp (Exim 4.63)
	(envelope-from <ocfs2-devel-bounces@oss.oracle.com>)
	id 1f5rZQ-0002Z1-Pl; Tue, 10 Apr 2018 04:36:16 -0700
Received: from aserv0021.oracle.com ([141.146.126.233])
	by oss.oracle.com with esmtp (Exim 4.63)
	(envelope-from <ge.changwei@h3c.com>) id 1f5rYb-0002Se-6O
	for ocfs2-devel@oss.oracle.com; Tue, 10 Apr 2018 04:35:25 -0700
Received: from userp2030.oracle.com (userp2030.oracle.com [156.151.31.89])
	by aserv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w3ABZOJr014567
	(version=TLSv1/SSLv3 cipher=AES256-SHA256 bits=256 verify=FAIL);
	Tue, 10 Apr 2018 11:35:25 GMT
Received: from pps.filterd (userp2030.oracle.com [127.0.0.1])
	by userp2030.oracle.com (8.16.0.22/8.16.0.22) with SMTP id
	w3ABW0n7023534; Tue, 10 Apr 2018 11:35:24 GMT
Received: from h3cmg01-ex.h3c.com (smtp.h3c.com [60.191.123.56])
	by userp2030.oracle.com with ESMTP id 2h8ts1j2c0-1;
	Tue, 10 Apr 2018 11:35:23 +0000
Received: from BJHUB02-EX.srv.huawei-3com.com (unknown [10.63.20.170]) by
	h3cmg01-ex.h3c.com with smtp
	id 2e7f_021e_9b5594e1_552c_4d25_9f6b_78fb4579b0b5;
	Tue, 10 Apr 2018 19:34:21 +0800
Received: from localhost.localdomain (10.125.136.231) by rndsmtp.h3c.com
	(10.63.20.175) with Microsoft SMTP Server id 14.3.248.2;
	Tue, 10 Apr 2018 19:34:07 +0800
From: Changwei Ge <ge.changwei@h3c.com>
To: <mark@fasheh.com>, <jiangqi903@gmail.com>, <junxiao.bi@oracle.com>,
	<jlbec@evilplan.org>
Date: Tue, 10 Apr 2018 19:35:21 +0800
Message-ID: <1523360121-10761-1-git-send-email-ge.changwei@h3c.com>
X-Mailer: git-send-email 2.7.4
MIME-Version: 1.0
X-Originating-IP: [10.125.136.231]
X-CLX-Shades: MLX
X-CLX-Response: 1TFkXGxwTEQpMehcaEQpZTRdnZnIRCllJFxpxGhAadwYbHhNxGRoQGncGGBo
	GGhEKWV4XaG55EQpJRhdFWEtJRk91WlhFTl9JXkNFRBl1T0sRCkNOF0xfeVpAcHkHGkJteExHHW
	xfWlpcG3N/TV1hfBlwXHxAEQpYXBcfBBoEGxkYB0gaSR4ZHxkeBRsaBBsaGgQeEgQbEBseGh8aE
	QpeWRd5a0FzchEKTVwXHxgaEQpMWhdoaUJNeREKTU4XaBEKQ1oXHBoEGxMbBBsYGQQfHBEKQl4X
	GxEKRFgXGBEKRF4XHhEKREkXGREKQkYXZxNtYBtbZUIffn0RCkJcFxoRCkJFF24ZWExeYQFwUkx
	hEQpCThdkQnxaRURBYh1kUBEKQkwXb35dTRgFXWYaUnsRCkJsF2RhT0tgQkgSeB1nEQpCQBdkQm
	hZYU9/SU1iHxEKWlgXGBEKcGgXbEBLXxtabnh9Yx0QGRoRCnBoF25QWEFbU3hfZRlcEBkaEQpwa
	BdpBUV4EnAaYkFiZhAZGhEKcGgXb01GZ2NHWB9OUGIQGRoRCnBoF2NZWWEcfW4fWWIBEBkaEQpw
	bBdtThtvUwFHUkgdcxAZGhEKbX4XGhEKWE0XSxEg
X-PDR: PASS
X-Source-IP: 60.191.123.56
X-ServerName: smtp.h3c.com
X-Proofpoint-SPF-Result: pass
X-Proofpoint-SPF-Record: v=spf1 ip4:60.191.123.56 ip4:60.191.123.50
	ip4:221.12.31.13 ip4:221.12.31.56
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8858
	signatures=668698
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0
	priorityscore=0 malwarescore=0
	suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=169
	lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999
	adultscore=0
	classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.0.1-1711220000
	definitions=main-1804100115
X-Spam: Clean
Cc: ocfs2-devel@oss.oracle.com
Subject: [Ocfs2-devel] [PATCH] ocfs2: don't put and assign null to bh
	allocated outside
X-BeenThere: ocfs2-devel@oss.oracle.com
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <ocfs2-devel.oss.oracle.com>
List-Unsubscribe: <https://oss.oracle.com/mailman/listinfo/ocfs2-devel>,
	<mailto:ocfs2-devel-request@oss.oracle.com?subject=unsubscribe>
List-Archive: <http://oss.oracle.com/pipermail/ocfs2-devel>
List-Post: <mailto:ocfs2-devel@oss.oracle.com>
List-Help: <mailto:ocfs2-devel-request@oss.oracle.com?subject=help>
List-Subscribe: <https://oss.oracle.com/mailman/listinfo/ocfs2-devel>,
	<mailto:ocfs2-devel-request@oss.oracle.com?subject=subscribe>
Sender: ocfs2-devel-bounces@oss.oracle.com
Errors-To: ocfs2-devel-bounces@oss.oracle.com
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8858
	signatures=668698
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0
	suspectscore=0 malwarescore=0
	phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999
	adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.0.1-1711220000 definitions=main-1804100116
X-Virus-Scanned: ClamAV using ClamSMTP

ocfs2_read_blocks() and ocfs2_read_blocks_sync() are both used to read
several blocks from disk. Currently, the input argument *bhs* can be
NULL or NOT. It depends on the caller's behavior. If the function fails
in reading blocks from disk, the corresponding bh will be assigned to
NULL and put.

Obviously, above process for non-NULL input bh is not appropriate.
Because the caller doesn't even know its bhs are put and re-assigned.

If buffer head is managed by caller, ocfs2_read_blocks and
ocfs2_read_blocks_sync()  should not evaluate it to NULL. It will
cause caller accessing illegal memory, thus crash.

Also, we should put bhs which have succeeded in reading before current
read failure.

Signed-off-by: Changwei Ge <ge.changwei@h3c.com>
---
 fs/ocfs2/buffer_head_io.c | 77 ++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 59 insertions(+), 18 deletions(-)

diff --git a/fs/ocfs2/buffer_head_io.c b/fs/ocfs2/buffer_head_io.c
index d9ebe11..7ae4147 100644
--- a/fs/ocfs2/buffer_head_io.c
+++ b/fs/ocfs2/buffer_head_io.c
@@ -99,25 +99,34 @@ int ocfs2_write_block(struct ocfs2_super *osb, struct buffer_head *bh,
 	return ret;
 }
 
+/* Caller must provide a bhs[] with all NULL or non-NULL entries, so it
+ * will be easier to handle read failure.
+ */
 int ocfs2_read_blocks_sync(struct ocfs2_super *osb, u64 block,
 			   unsigned int nr, struct buffer_head *bhs[])
 {
 	int status = 0;
 	unsigned int i;
 	struct buffer_head *bh;
+	int new_bh = 0;
 
 	trace_ocfs2_read_blocks_sync((unsigned long long)block, nr);
 
 	if (!nr)
 		goto bail;
 
+	/* Don't put buffer head and re-assign it to NULL if it is allocated
+	 * outside since the call can't be aware of this alternation!
+	 */
+	new_bh = (bhs[0] == NULL);
+
 	for (i = 0 ; i < nr ; i++) {
 		if (bhs[i] == NULL) {
 			bhs[i] = sb_getblk(osb->sb, block++);
 			if (bhs[i] == NULL) {
 				status = -ENOMEM;
 				mlog_errno(status);
-				goto bail;
+				break;
 			}
 		}
 		bh = bhs[i];
@@ -158,9 +167,26 @@ int ocfs2_read_blocks_sync(struct ocfs2_super *osb, u64 block,
 		submit_bh(REQ_OP_READ, 0, bh);
 	}
 
+read_failure:
 	for (i = nr; i > 0; i--) {
 		bh = bhs[i - 1];
 
+		if (unlikely(status)) {
+			if (new_bh && !bh) {
+				/* If middle bh fails, let previous bh
+				 * finish its read and then put it to
+				 * aovoid bh leak
+				 */
+				if (!buffer_jbd(bh))
+					wait_on_buffer(bh);
+				put_bh(bh);
+				bhs[i - 1] = NULL;
+			} else if (buffer_uptodate(bh)) {
+				clear_buffer_uptodate(bh);
+			}
+			continue;
+		}
+
 		/* No need to wait on the buffer if it's managed by JBD. */
 		if (!buffer_jbd(bh))
 			wait_on_buffer(bh);
@@ -170,8 +196,7 @@ int ocfs2_read_blocks_sync(struct ocfs2_super *osb, u64 block,
 			 * so we can safely record this and loop back
 			 * to cleanup the other buffers. */
 			status = -EIO;
-			put_bh(bh);
-			bhs[i - 1] = NULL;
+			goto read_failure;
 		}
 	}
 
@@ -179,6 +204,9 @@ int ocfs2_read_blocks_sync(struct ocfs2_super *osb, u64 block,
 	return status;
 }
 
+/* Caller must provide a bhs[] with all NULL or non-NULL entries, so it
+ * will be easier to handle read failure.
+ */
 int ocfs2_read_blocks(struct ocfs2_caching_info *ci, u64 block, int nr,
 		      struct buffer_head *bhs[], int flags,
 		      int (*validate)(struct super_block *sb,
@@ -188,6 +216,7 @@ int ocfs2_read_blocks(struct ocfs2_caching_info *ci, u64 block, int nr,
 	int i, ignore_cache = 0;
 	struct buffer_head *bh;
 	struct super_block *sb = ocfs2_metadata_cache_get_super(ci);
+	int new_bh = 0;
 
 	trace_ocfs2_read_blocks_begin(ci, (unsigned long long)block, nr, flags);
 
@@ -213,6 +242,11 @@ int ocfs2_read_blocks(struct ocfs2_caching_info *ci, u64 block, int nr,
 		goto bail;
 	}
 
+	/* Don't put buffer head and re-assign it to NULL if it is allocated
+	 * outside since the call can't be aware of this alternation!
+	 */
+	new_bh = (bhs[0] == NULL);
+
 	ocfs2_metadata_cache_io_lock(ci);
 	for (i = 0 ; i < nr ; i++) {
 		if (bhs[i] == NULL) {
@@ -221,7 +255,8 @@ int ocfs2_read_blocks(struct ocfs2_caching_info *ci, u64 block, int nr,
 				ocfs2_metadata_cache_io_unlock(ci);
 				status = -ENOMEM;
 				mlog_errno(status);
-				goto bail;
+				/* Don't forget to put previous bh! */
+				break;
 			}
 		}
 		bh = bhs[i];
@@ -316,16 +351,27 @@ int ocfs2_read_blocks(struct ocfs2_caching_info *ci, u64 block, int nr,
 		}
 	}
 
-	status = 0;
-
+read_failure:
 	for (i = (nr - 1); i >= 0; i--) {
 		bh = bhs[i];
 
 		if (!(flags & OCFS2_BH_READAHEAD)) {
-			if (status) {
-				/* Clear the rest of the buffers on error */
-				put_bh(bh);
-				bhs[i] = NULL;
+			if (unlikely(status)) {
+				/* Clear the buffers on error including those
+				 * ever succeeded in reading
+				 */
+				if (new_bh && !bh) {
+					/* If middle bh fails, let previous bh
+					 * finish its read and then put it to
+					 * aovoid bh leak
+					 */
+					if (!buffer_jbd(bh))
+						wait_on_buffer(bh);
+					put_bh(bh);
+					bhs[i] = NULL;
+				} else if (buffer_uptodate(bh)) {
+					clear_buffer_uptodate(bh);
+				}
 				continue;
 			}
 			/* We know this can't have changed as we hold the
@@ -342,9 +388,7 @@ int ocfs2_read_blocks(struct ocfs2_caching_info *ci, u64 block, int nr,
 				 * for this bh as it's not marked locally
 				 * uptodate. */
 				status = -EIO;
-				put_bh(bh);
-				bhs[i] = NULL;
-				continue;
+				goto read_failure;
 			}
 
 			if (buffer_needs_validate(bh)) {
@@ -354,11 +398,8 @@ int ocfs2_read_blocks(struct ocfs2_caching_info *ci, u64 block, int nr,
 				BUG_ON(buffer_jbd(bh));
 				clear_buffer_needs_validate(bh);
 				status = validate(sb, bh);
-				if (status) {
-					put_bh(bh);
-					bhs[i] = NULL;
-					continue;
-				}
+				if (status)
+					goto read_failure;
 			}
 		}