From patchwork Fri Jul 21 17:29:08 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 9857445 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 890AD600F5 for ; Fri, 21 Jul 2017 17:30:50 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6F99028684 for ; Fri, 21 Jul 2017 17:30:50 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 64852286A2; Fri, 21 Jul 2017 17:30:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C6DD128684 for ; Fri, 21 Jul 2017 17:30:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754679AbdGUR3l (ORCPT ); Fri, 21 Jul 2017 13:29:41 -0400 Received: from mail-qt0-f194.google.com ([209.85.216.194]:38068 "EHLO mail-qt0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754387AbdGUR3N (ORCPT ); Fri, 21 Jul 2017 13:29:13 -0400 Received: by mail-qt0-f194.google.com with SMTP id 14so59517qtn.5 for ; Fri, 21 Jul 2017 10:29:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=qUDVijcQcw2dQITcs8K+vRcslArk10lGXMDK61pcrxI=; b=KVD5anACTMW90cjml6C3W9TSnfOLDuiFlrXhu3RYGlAkvSJBr9CZ/d0gtCS1lKprxp kTinYzuncselnTYu0FN9yu00aNrsYdLUuz9GJLNx54aRkA/A4aVNTT9Rk/Ehn6+SCjtV ahjYotesI6g52MWRXZn/L9GQd+uWkLhkuh6LV6+horL4EtwRlUhjrsu/C1IOMNs9yrZf PvoIBpmXt8r5eUpgjF1BS9HxJ2JxyUUXIg5ftJ+dvbF44dQ28oP7+LV6nHnZtv5IV9E9 B6z1BHijaR8mIQ+HZ6L7tq4FWZCRBXSTPkB75Ubf1GGr7AGxOwVm8nDli8+myHefFWnm JuFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=qUDVijcQcw2dQITcs8K+vRcslArk10lGXMDK61pcrxI=; b=l8MuGesCykGJ99gAbxxxRCaWOJ68nwyHSAYVCiaa8IMz8C6jkXV7c+2EAWJ9zFdiyq 4uBUxsgR1IclXhLGZQcTkwAKrwTYYDmdGBpW8zJm8dMwk+uK8K4p1/CVVOw8OT13tkWw Jp+fjqFXxQtfFIXqsPJEHYsuvOoN9QqcIszeiS5Uh02916WOx+8zpLu3DOOnVgxDTfwP ksb3mHHM9hP7N4oKdyaHFVJs5WfhyLUB5U3GUHz3Dwqhp80UkYbf9eQguiTz8zal96we hE+O8lEYOF48JcxWlJz8bvqUxGTZs4Z5+GqtwTwYrUAOAWr47IJCr9WpIRI8plVYmaiX ztuw== X-Gm-Message-State: AIVw1128WfF9vpyoA5RbxtYc2VCxdXrjheLx3oIOdfURv6DHeF3vEstE ATgxwShiOMskQY7j6NHQKA== X-Received: by 10.237.43.38 with SMTP id p35mr1616198qtd.123.1500658152558; Fri, 21 Jul 2017 10:29:12 -0700 (PDT) Received: from localhost ([2606:a000:4381:1201:225:22ff:feb3:e51a]) by smtp.gmail.com with ESMTPSA id s184sm3575608qkc.80.2017.07.21.10.29.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Jul 2017 10:29:11 -0700 (PDT) From: josef@toxicpanda.com X-Google-Original-From: jbacik@fb.com To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Josef Bacik Subject: [PATCH 2/3] btrfs: fix readdir deadlock with pagefault Date: Fri, 21 Jul 2017 13:29:08 -0400 Message-Id: <1500658149-20410-2-git-send-email-jbacik@fb.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1500658149-20410-1-git-send-email-jbacik@fb.com> References: <1500658149-20410-1-git-send-email-jbacik@fb.com> Sender: linux-btrfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Josef Bacik Readdir does dir_emit while under the btree lock. dir_emit can trigger the page fault which means we can deadlock. Fix this by allocating a buffer on opening a directory and copying the readdir into this buffer and doing dir_emit from outside of the tree lock. Signed-off-by: Josef Bacik --- fs/btrfs/inode.c | 110 +++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 83 insertions(+), 27 deletions(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 9a4413a..61396e3 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -5877,6 +5877,56 @@ unsigned char btrfs_filetype_table[] = { DT_UNKNOWN, DT_REG, DT_DIR, DT_CHR, DT_BLK, DT_FIFO, DT_SOCK, DT_LNK }; +/* + * All this infrastructure exists because dir_emit can fault, and we are holding + * the tree lock when doing readdir. For now just allocate a buffer and copy + * our information into that, and then dir_emit from the buffer. This is + * similar to what NFS does, only we don't keep the buffer around in pagecache + * because I'm afraid I'll fuck that up. Long term we need to make filldir do + * copy_to_user_inatomic so we don't have to worry about page faulting under the + * tree lock. + */ +static int btrfs_opendir(struct inode *inode, struct file *file) +{ + struct page *page; + + page = alloc_page(GFP_KERNEL); + if (!page) + return -ENOMEM; + file->private_data = page; + return 0; +} + +static int btrfs_closedir(struct inode *inode, struct file *file) +{ + if (file->private_data) { + __free_page((struct page *)file->private_data); + file->private_data = NULL; + } + return 0; +} + +struct dir_entry { + u64 ino; + u64 offset; + unsigned type; + int name_len; +}; + +static int btrfs_filldir(void *addr, int entries, struct dir_context *ctx) +{ + while (entries--) { + struct dir_entry *entry = addr; + char *name = (char *)(entry + 1); + ctx->pos = entry->offset; + if (!dir_emit(ctx, name, entry->name_len, entry->ino, + entry->type)) + return 1; + ctx->pos++; + } + return 0; +} + static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) { struct inode *inode = file_inode(file); @@ -5886,16 +5936,17 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) struct btrfs_key key; struct btrfs_key found_key; struct btrfs_path *path; + struct page *page = file->private_data; + void *addr, *start_addr; struct list_head ins_list; struct list_head del_list; int ret; struct extent_buffer *leaf; int slot; - unsigned char d_type; - int over = 0; - char tmp_name[32]; char *name_ptr; int name_len; + int entries = 0; + int total_len = 0; bool put = false; struct btrfs_key location; @@ -5906,6 +5957,7 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) if (!path) return -ENOMEM; + start_addr = addr = kmap(page); path->reada = READA_FORWARD; INIT_LIST_HEAD(&ins_list); @@ -5921,6 +5973,7 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) goto err; while (1) { + struct dir_entry *entry; leaf = path->nodes[0]; slot = path->slots[0]; if (slot >= btrfs_header_nritems(leaf)) { @@ -5942,41 +5995,42 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) goto next; if (btrfs_should_delete_dir_index(&del_list, found_key.offset)) goto next; - - ctx->pos = found_key.offset; - di = btrfs_item_ptr(leaf, slot, struct btrfs_dir_item); if (verify_dir_item(fs_info, leaf, slot, di)) goto next; name_len = btrfs_dir_name_len(leaf, di); - if (name_len <= sizeof(tmp_name)) { - name_ptr = tmp_name; - } else { - name_ptr = kmalloc(name_len, GFP_KERNEL); - if (!name_ptr) { - ret = -ENOMEM; - goto err; - } + if ((total_len + sizeof(struct dir_entry) + name_len) >= + PAGE_SIZE) { + btrfs_release_path(path); + ret = btrfs_filldir(start_addr, entries, ctx); + if (ret) + goto nopos; + addr = start_addr; + entries = 0; + total_len = 0; } + + entry = addr; + entry->name_len = name_len; + name_ptr = (char *)(entry + 1); read_extent_buffer(leaf, name_ptr, (unsigned long)(di + 1), name_len); - - d_type = btrfs_filetype_table[btrfs_dir_type(leaf, di)]; + entry->type = btrfs_filetype_table[btrfs_dir_type(leaf, di)]; btrfs_dir_item_key_to_cpu(leaf, di, &location); - - over = !dir_emit(ctx, name_ptr, name_len, location.objectid, - d_type); - - if (name_ptr != tmp_name) - kfree(name_ptr); - - if (over) - goto nopos; - ctx->pos++; + entry->ino = location.objectid; + entry->offset = found_key.offset; + entries++; + addr += sizeof(struct dir_entry) + name_len; + total_len += sizeof(struct dir_entry) + name_len; next: path->slots[0]++; } + btrfs_release_path(path); + + ret = btrfs_filldir(start_addr, entries, ctx); + if (ret) + goto nopos; ret = btrfs_readdir_delayed_dir_index(ctx, &ins_list); if (ret) @@ -6006,6 +6060,7 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) nopos: ret = 0; err: + kunmap(page); if (put) btrfs_readdir_put_delayed_items(inode, &ins_list, &del_list); btrfs_free_path(path); @@ -10777,11 +10832,12 @@ static const struct file_operations btrfs_dir_file_operations = { .llseek = generic_file_llseek, .read = generic_read_dir, .iterate_shared = btrfs_real_readdir, + .open = btrfs_opendir, .unlocked_ioctl = btrfs_ioctl, #ifdef CONFIG_COMPAT .compat_ioctl = btrfs_compat_ioctl, #endif - .release = btrfs_release_file, + .release = btrfs_closedir, .fsync = btrfs_sync_file, };