From patchwork Mon May 30 13:35:21 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Chris Mason <chris.mason@oracle.com>
X-Patchwork-Id: 829972
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by demeter2.kernel.org (8.14.4/8.14.3) with ESMTP id p4UDZgWD007506
	for <patchwork-linux-btrfs@patchwork.kernel.org>;
	Mon, 30 May 2011 13:35:42 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751695Ab1E3Nfj (ORCPT
	<rfc822;patchwork-linux-btrfs@patchwork.kernel.org>);
	Mon, 30 May 2011 09:35:39 -0400
Received: from rcsinet10.oracle.com ([148.87.113.121]:37812 "EHLO
	rcsinet10.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751105Ab1E3Nfj (ORCPT
	<rfc822;linux-btrfs@vger.kernel.org>);
	Mon, 30 May 2011 09:35:39 -0400
Received: from acsinet22.oracle.com (acsinet22.oracle.com [141.146.126.238])
	by rcsinet10.oracle.com (Switch-3.4.2/Switch-3.4.2) with ESMTP id
	p4UDZXg9005096
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Mon, 30 May 2011 13:35:35 GMT
Received: from acsmt357.oracle.com (acsmt357.oracle.com [141.146.40.157])
	by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id
	p4UDZWfY003296
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Mon, 30 May 2011 13:35:33 GMT
Received: from abhmt005.oracle.com (abhmt005.oracle.com [141.146.116.14])
	by acsmt357.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id
	p4UDZRHs029434; Mon, 30 May 2011 08:35:27 -0500
Received: from localhost (/221.245.165.18)
	by default (Oracle Beehive Gateway v4.0)
	with ESMTP ; Mon, 30 May 2011 06:35:27 -0700
From: Chris Mason <chris.mason@oracle.com>
To: Andrea Gelmini <andrea.gelmini@gmail.com>
Cc: linux-btrfs <linux-btrfs@vger.kernel.org>,
	"Josef Bacik" <josef@redhat.com>
Subject: Re: Problem with latest for-linus branch
In-reply-to: <BANLkTimDsRC6yNJ0R5kbBdtTyBAmcf0FfA@mail.gmail.com>
References: <BANLkTikmYx+K9crXYFeBmsJm+qUq9_W+gQ@mail.gmail.com>
	<1306620858-sup-7865@shiny>
	<BANLkTi=FPw7RwkPW0zpD05YRtt19NrZ-5A@mail.gmail.com>
	<1306751696-sup-7618@shiny>
	<BANLkTimDsRC6yNJ0R5kbBdtTyBAmcf0FfA@mail.gmail.com>
Date: Mon, 30 May 2011 09:35:21 -0400
Message-Id: <1306762449-sup-979@shiny>
User-Agent: Sup/git
X-Source-IP: acsinet22.oracle.com [141.146.126.238]
X-Auth-Type: Internal IP
X-CT-RefId: str=0001.0A090203.4DE39D27.00BA:SCFMA922111,ss=1,fgs=0
Sender: linux-btrfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-btrfs.vger.kernel.org>
X-Mailing-List: linux-btrfs@vger.kernel.org
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by
	milter-greylist-4.2.6 (demeter2.kernel.org [140.211.167.43]);
	Mon, 30 May 2011 13:35:42 +0000 (UTC)

Excerpts from Andrea Gelmini's message of 2011-05-30 07:59:30 -0400:
> 2011/5/30 Chris Mason <chris.mason@oracle.com>:
> > These are perfect, thank you.  We're failing to write out the inode
> > cache.  Since you're on a 32 bit machine, I'm guessing that we failed to
> > kmap something properly.
> 
> Thanks a lot for detailed info.
> I recompiled, and get this:
> gelma@dell:~$ gdb /lib/modules/3.0.0-rc1/kernel/fs/btrfs/*
> GNU gdb (Ubuntu/Linaro 7.2-1ubuntu11) 7.2
> Copyright (C) 2010 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "i686-linux-gnu".
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>...
> Reading symbols from /lib/modules/3.0.0-rc1/kernel/fs/btrfs/btrfs.ko...done.
> (gdb) list *__btrfs_write_out_cache+0x43a
> 0x5fada is in __btrfs_write_out_cache (fs/btrfs/free-space-cache.c:676).
> 671                struct btrfs_free_space *e;
> 672    
> 673                e = rb_entry(node, struct btrfs_free_space, offset_index);
> 674                entries++;
> 675    
> 676                entry->offset = cpu_to_le64(e->offset);
> 677                entry->bytes = cpu_to_le64(e->bytes);
> 678                if (e->bitmap) {
> 679                    entry->type = BTRFS_FREE_SPACE_BITMAP;
> 680                    list_add_tail(&e->list, &bitmap_list);
> (gdb)

Ok, so I think we're blowing past the end of the page we've kmap'd.  But
I don't think that can happen without something like the patch below
triggering:

Josef, what do you think?
---
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/fs/btrfs/free-space-cache.c b/fs/btrfs/free-space-cache.c
index 70d4579..a95b72e 100644
--- a/fs/btrfs/free-space-cache.c
+++ b/fs/btrfs/free-space-cache.c
@@ -596,6 +596,11 @@ int __btrfs_write_out_cache(struct btrfs_root *root, struct inode *inode,
 	 */
 	first_page_offset = (sizeof(u32) * num_pages) + sizeof(u64);
 
+	if (first_page_offset + sizeof(struct btrfs_free_space_entry) >= PAGE_CACHE_SIZE) {
+		printk(KERN_CRIT "bad first page offset %lu\n", first_page_offset);
+		BUG();
+	}
+
 	/* Get the cluster for this block_group if it exists */
 	if (block_group && !list_empty(&block_group->cluster_list))
 		cluster = list_entry(block_group->cluster_list.next,