[v2] Btrfs: fix regression in btrfs_page_mkwrite() from vm_fault_t conversion
diff mbox

Message ID 20180625170341.101319-1-clm@fb.com
State New
Headers show

Commit Message

Chris Mason June 25, 2018, 5:03 p.m. UTC
The vm_fault_t conversion commit introduced a ret2 variable for tracking
the integer return values from internal btrfs functions.  It was
sometimes returning VM_FAULT_LOCKED for pages that were actually invalid
and had been removed from the radix.  Something like this:

    ret2 = btrfs_delalloc_reserve_space() // returns zero on success

    lock_page(page)
    if (page->mapping != inode->i_mapping)
	goto out_unlock;

...

out_unlock:
    if (!ret2) {
	    ...
	    return VM_FAULT_LOCKED;
    }

This ends up triggering this WARNING in btrfs_destroy_inode()
    WARN_ON(BTRFS_I(inode)->block_rsv.size);

xfstests generic/095 was able to reliably reproduce the errors.

Since out_unlock: is only used for errors, this fix moves it below the
if (!ret2) check we use to return VM_FAULT_LOCKED for success.

Fixes: a528a2415087 (btrfs: change return type of btrfs_page_mkwrite to vm_fault_t)
Signed-off-by: Chris Mason <clm@fb.com>
---

 Changes since v1: don't set the vmfault_t 'ret' to zero, just move our
 goto taret around around instead.

 fs/btrfs/inode.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

David Sterba June 26, 2018, 5:17 p.m. UTC | #1
On Mon, Jun 25, 2018 at 10:03:41AM -0700, Chris Mason wrote:
> The vm_fault_t conversion commit introduced a ret2 variable for tracking
> the integer return values from internal btrfs functions.  It was
> sometimes returning VM_FAULT_LOCKED for pages that were actually invalid
> and had been removed from the radix.  Something like this:
> 
>     ret2 = btrfs_delalloc_reserve_space() // returns zero on success
> 
>     lock_page(page)
>     if (page->mapping != inode->i_mapping)
> 	goto out_unlock;
> 
> ...
> 
> out_unlock:
>     if (!ret2) {
> 	    ...
> 	    return VM_FAULT_LOCKED;
>     }
> 
> This ends up triggering this WARNING in btrfs_destroy_inode()
>     WARN_ON(BTRFS_I(inode)->block_rsv.size);
> 
> xfstests generic/095 was able to reliably reproduce the errors.
> 
> Since out_unlock: is only used for errors, this fix moves it below the
> if (!ret2) check we use to return VM_FAULT_LOCKED for success.
> 
> Fixes: a528a2415087 (btrfs: change return type of btrfs_page_mkwrite to vm_fault_t)
> Signed-off-by: Chris Mason <clm@fb.com>

Reviewed-by: David Sterba <dsterba@suse.com>

also passed the tests here standalone and with the fixup worker fixes.
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch
diff mbox

diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 193f933..63f713a 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -9036,13 +9036,14 @@  vm_fault_t btrfs_page_mkwrite(struct vm_fault *vmf)
 
 	unlock_extent_cached(io_tree, page_start, page_end, &cached_state);
 
-out_unlock:
 	if (!ret2) {
 		btrfs_delalloc_release_extents(BTRFS_I(inode), PAGE_SIZE, true);
 		sb_end_pagefault(inode->i_sb);
 		extent_changeset_free(data_reserved);
 		return VM_FAULT_LOCKED;
 	}
+
+out_unlock:
 	unlock_page(page);
 out:
 	btrfs_delalloc_release_extents(BTRFS_I(inode), PAGE_SIZE, (ret != 0));