Message ID | 20200820054349.5525-4-chandanrlinux@gmail.com (mailing list archive) |
---|---|
State | Deferred, archived |
Headers | show |
Series | Bail out if transaction can cause extent count to overflow | expand |
On Thu, Aug 20, 2020 at 11:13:42AM +0530, Chandan Babu R wrote: > Deleting a file range from the middle of an existing extent can cause > the per-inode extent count to increase by 1. This commit checks for > extent count overflow in such cases. > > Signed-off-by: Chandan Babu R <chandanrlinux@gmail.com> > --- > fs/xfs/libxfs/xfs_inode_fork.h | 6 ++++++ > fs/xfs/xfs_bmap_item.c | 4 ++++ > fs/xfs/xfs_bmap_util.c | 5 +++++ > 3 files changed, 15 insertions(+) > > diff --git a/fs/xfs/libxfs/xfs_inode_fork.h b/fs/xfs/libxfs/xfs_inode_fork.h > index 7fc2b129a2e7..2642e4847ee0 100644 > --- a/fs/xfs/libxfs/xfs_inode_fork.h > +++ b/fs/xfs/libxfs/xfs_inode_fork.h > @@ -39,6 +39,12 @@ struct xfs_ifork { > * extent to a fork and there's no possibility of splitting an existing mapping. > */ > #define XFS_IEXT_ADD_NOSPLIT_CNT (1) > +/* > + * Removing an extent from the middle of an existing extent can cause the extent > + * count to increase by 1. > + * i.e. | Old extent | Hole | Old extent | > + */ > +#define XFS_IEXT_REMOVE_CNT (1) The first thought that popped into my head after reading the subject line was "UH-oh, is this going to result in undeletable files when the extent counts hit max and the user tries to rm?" Then I realized that "when deleting an extent" actually refers to punching holes in the middle of files, not truncating them. So I think at the very least the subject line should be changed to say that we're talking about hole punching, not general file deletion; and the constant probably ought to be called XFS_IEXT_PUNCH_CNT to make that clearer. Aside from that the logic seems ok to me. (Also PS I'm not reviewing these patches in order...) --D > > /* > * Fork handling. > diff --git a/fs/xfs/xfs_bmap_item.c b/fs/xfs/xfs_bmap_item.c > index ec3691372e7c..b9c35fb10de4 100644 > --- a/fs/xfs/xfs_bmap_item.c > +++ b/fs/xfs/xfs_bmap_item.c > @@ -519,6 +519,10 @@ xfs_bui_item_recover( > } > xfs_trans_ijoin(tp, ip, 0); > > + error = xfs_iext_count_may_overflow(ip, whichfork, XFS_IEXT_REMOVE_CNT); > + if (error) > + goto err_inode; > + > count = bmap->me_len; > error = xfs_trans_log_finish_bmap_update(tp, budp, type, ip, whichfork, > bmap->me_startoff, bmap->me_startblock, &count, state); > diff --git a/fs/xfs/xfs_bmap_util.c b/fs/xfs/xfs_bmap_util.c > index 7b76a48b0885..59d4da38aadf 100644 > --- a/fs/xfs/xfs_bmap_util.c > +++ b/fs/xfs/xfs_bmap_util.c > @@ -891,6 +891,11 @@ xfs_unmap_extent( > > xfs_trans_ijoin(tp, ip, 0); > > + error = xfs_iext_count_may_overflow(ip, XFS_DATA_FORK, > + XFS_IEXT_REMOVE_CNT); > + if (error) > + goto out_trans_cancel; > + > error = xfs_bunmapi(tp, ip, startoffset_fsb, len_fsb, 0, 2, done); > if (error) > goto out_trans_cancel; > -- > 2.28.0 >
On Monday 31 August 2020 10:04:51 PM IST Darrick J. Wong wrote: > On Thu, Aug 20, 2020 at 11:13:42AM +0530, Chandan Babu R wrote: > > Deleting a file range from the middle of an existing extent can cause > > the per-inode extent count to increase by 1. This commit checks for > > extent count overflow in such cases. > > > > Signed-off-by: Chandan Babu R <chandanrlinux@gmail.com> > > --- > > fs/xfs/libxfs/xfs_inode_fork.h | 6 ++++++ > > fs/xfs/xfs_bmap_item.c | 4 ++++ > > fs/xfs/xfs_bmap_util.c | 5 +++++ > > 3 files changed, 15 insertions(+) > > > > diff --git a/fs/xfs/libxfs/xfs_inode_fork.h b/fs/xfs/libxfs/xfs_inode_fork.h > > index 7fc2b129a2e7..2642e4847ee0 100644 > > --- a/fs/xfs/libxfs/xfs_inode_fork.h > > +++ b/fs/xfs/libxfs/xfs_inode_fork.h > > @@ -39,6 +39,12 @@ struct xfs_ifork { > > * extent to a fork and there's no possibility of splitting an existing mapping. > > */ > > #define XFS_IEXT_ADD_NOSPLIT_CNT (1) > > +/* > > + * Removing an extent from the middle of an existing extent can cause the extent > > + * count to increase by 1. > > + * i.e. | Old extent | Hole | Old extent | > > + */ > > +#define XFS_IEXT_REMOVE_CNT (1) > > The first thought that popped into my head after reading the subject > line was "UH-oh, is this going to result in undeletable files when the > extent counts hit max and the user tries to rm?" > > Then I realized that "when deleting an extent" actually refers to > punching holes in the middle of files, not truncating them. > > So I think at the very least the subject line should be changed to > say that we're talking about hole punching, not general file deletion; > and the constant probably ought to be called XFS_IEXT_PUNCH_CNT to make > that clearer. > Sure, I will change the commit message and the name of the constant. > Aside from that the logic seems ok to me. > > (Also PS I'm not reviewing these patches in order...) > > --D > > > > > /* > > * Fork handling. > > diff --git a/fs/xfs/xfs_bmap_item.c b/fs/xfs/xfs_bmap_item.c > > index ec3691372e7c..b9c35fb10de4 100644 > > --- a/fs/xfs/xfs_bmap_item.c > > +++ b/fs/xfs/xfs_bmap_item.c > > @@ -519,6 +519,10 @@ xfs_bui_item_recover( > > } > > xfs_trans_ijoin(tp, ip, 0); > > > > + error = xfs_iext_count_may_overflow(ip, whichfork, XFS_IEXT_REMOVE_CNT); > > + if (error) > > + goto err_inode; > > + > > count = bmap->me_len; > > error = xfs_trans_log_finish_bmap_update(tp, budp, type, ip, whichfork, > > bmap->me_startoff, bmap->me_startblock, &count, state); > > diff --git a/fs/xfs/xfs_bmap_util.c b/fs/xfs/xfs_bmap_util.c > > index 7b76a48b0885..59d4da38aadf 100644 > > --- a/fs/xfs/xfs_bmap_util.c > > +++ b/fs/xfs/xfs_bmap_util.c > > @@ -891,6 +891,11 @@ xfs_unmap_extent( > > > > xfs_trans_ijoin(tp, ip, 0); > > > > + error = xfs_iext_count_may_overflow(ip, XFS_DATA_FORK, > > + XFS_IEXT_REMOVE_CNT); > > + if (error) > > + goto out_trans_cancel; > > + > > error = xfs_bunmapi(tp, ip, startoffset_fsb, len_fsb, 0, 2, done); > > if (error) > > goto out_trans_cancel; >
diff --git a/fs/xfs/libxfs/xfs_inode_fork.h b/fs/xfs/libxfs/xfs_inode_fork.h index 7fc2b129a2e7..2642e4847ee0 100644 --- a/fs/xfs/libxfs/xfs_inode_fork.h +++ b/fs/xfs/libxfs/xfs_inode_fork.h @@ -39,6 +39,12 @@ struct xfs_ifork { * extent to a fork and there's no possibility of splitting an existing mapping. */ #define XFS_IEXT_ADD_NOSPLIT_CNT (1) +/* + * Removing an extent from the middle of an existing extent can cause the extent + * count to increase by 1. + * i.e. | Old extent | Hole | Old extent | + */ +#define XFS_IEXT_REMOVE_CNT (1) /* * Fork handling. diff --git a/fs/xfs/xfs_bmap_item.c b/fs/xfs/xfs_bmap_item.c index ec3691372e7c..b9c35fb10de4 100644 --- a/fs/xfs/xfs_bmap_item.c +++ b/fs/xfs/xfs_bmap_item.c @@ -519,6 +519,10 @@ xfs_bui_item_recover( } xfs_trans_ijoin(tp, ip, 0); + error = xfs_iext_count_may_overflow(ip, whichfork, XFS_IEXT_REMOVE_CNT); + if (error) + goto err_inode; + count = bmap->me_len; error = xfs_trans_log_finish_bmap_update(tp, budp, type, ip, whichfork, bmap->me_startoff, bmap->me_startblock, &count, state); diff --git a/fs/xfs/xfs_bmap_util.c b/fs/xfs/xfs_bmap_util.c index 7b76a48b0885..59d4da38aadf 100644 --- a/fs/xfs/xfs_bmap_util.c +++ b/fs/xfs/xfs_bmap_util.c @@ -891,6 +891,11 @@ xfs_unmap_extent( xfs_trans_ijoin(tp, ip, 0); + error = xfs_iext_count_may_overflow(ip, XFS_DATA_FORK, + XFS_IEXT_REMOVE_CNT); + if (error) + goto out_trans_cancel; + error = xfs_bunmapi(tp, ip, startoffset_fsb, len_fsb, 0, 2, done); if (error) goto out_trans_cancel;
Deleting a file range from the middle of an existing extent can cause the per-inode extent count to increase by 1. This commit checks for extent count overflow in such cases. Signed-off-by: Chandan Babu R <chandanrlinux@gmail.com> --- fs/xfs/libxfs/xfs_inode_fork.h | 6 ++++++ fs/xfs/xfs_bmap_item.c | 4 ++++ fs/xfs/xfs_bmap_util.c | 5 +++++ 3 files changed, 15 insertions(+)