| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Commit 951555856b88 ("Btrfs: send, don't bug on inconsistent snapshots")
removed some BUG_ON() statements (replacing them with returning errors
to user space and logging error messages) when a snapshot is in an
inconsistent state due to failures to update a delayed inode item (ENOMEM
or ENOSPC) after adding/updating/deleting references, xattrs or file
extent items.
However there is a case, when no errors happen, where a file extent item
can be modified without having the corresponding inode item updated. This
case happens during balance under very specific timings, when relocation
is in the stage where it updates data pointers and a leaf that contains
file extent items is COWed. When that happens file extent items get their
disk_bytenr field updated to a new value that reflects the post relocation
logical address of the extent, without updating their respective inode
items (as there is nothing that needs to be updated on them). This is
performed at relocation.c:replace_file_extents() through
relocation.c:btrfs_reloc_cow_block().
So make an incremental send deal with this case and don't do any processing
for a file extent item that got its disk_bytenr field updated by relocation,
since the extent's data is the same as the one pointed by the file extent
item in the parent snapshot.
After the recent commit mentioned above this case resulted in EIO errors
returned to user space (and an error message logged to dmesg/syslog) when
doing an incremental send, while before it, it resulted in hitting a
BUG_ON leading to the following trace:
[ 952.206705] ------------[ cut here ]------------
[ 952.206714] kernel BUG at ../fs/btrfs/send.c:5653!
[ 952.206719] Internal error: Oops - BUG: 0 [#1] SMP
[ 952.209854] Modules linked in: st dm_mod nls_utf8 isofs fuse nf_log_ipv6 xt_pkttype xt_physdev br_netfilter nf_log_ipv4 nf_log_common xt_LOG xt_limit ebtable_filter ebtables af_packet bridge stp llc ip6t_REJECT xt_tcpudp nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_raw ipt_REJECT iptable_raw xt_CT iptable_filter ip6table_mangle nf_conntrack_netbios_ns nf_conntrack_broadcast nf_conntrack_ipv4 nf_defrag_ipv4 ip_tables xt_conntrack nf_conntrack ip6table_filter ip6_tables x_tables xfs libcrc32c nls_iso8859_1 nls_cp437 vfat fat joydev aes_ce_blk ablk_helper cryptd snd_intel8x0 aes_ce_cipher snd_ac97_codec ac97_bus snd_pcm ghash_ce sha2_ce sha1_ce snd_timer snd virtio_net soundcore btrfs xor sr_mod cdrom hid_generic usbhid raid6_pq virtio_blk virtio_scsi bochs_drm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm virtio_mmio xhci_pci xhci_hcd usbcore usb_common virtio_pci virtio_ring virtio drm sg efivarfs
[ 952.228333] Supported: Yes
[ 952.228908] CPU: 0 PID: 12779 Comm: snapperd Not tainted 4.4.14-50-default #1
[ 952.230329] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015
[ 952.231683] task: ffff800058e94100 ti: ffff8000d866c000 task.ti: ffff8000d866c000
[ 952.233279] PC is at changed_cb+0x9f4/0xa48 [btrfs]
[ 952.234375] LR is at changed_cb+0x58/0xa48 [btrfs]
[ 952.236552] pc : [<ffff7ffffc39de7c>] lr : [<ffff7ffffc39d4e0>] pstate: 80000145
[ 952.238049] sp : ffff8000d866fa20
[ 952.238732] x29: ffff8000d866fa20 x28: 0000000000000019
[ 952.239840] x27: 00000000000028d5 x26: 00000000000024a2
[ 952.241008] x25: 0000000000000002 x24: ffff8000e66e92f0
[ 952.242131] x23: ffff8000b8c76800 x22: ffff800092879140
[ 952.243238] x21: 0000000000000002 x20: ffff8000d866fb78
[ 952.244348] x19: ffff8000b8f8c200 x18: 0000000000002710
[ 952.245607] x17: 0000ffff90d42480 x16: ffff800000237dc0
[ 952.246719] x15: 0000ffff90de7510 x14: ab000c000a2faf08
[ 952.247835] x13: 0000000000577c2b x12: ab000c000b696665
[ 952.248981] x11: 2e65726f632f6966 x10: 652d34366d72612f
[ 952.250101] x9 : 32627572672f746f x8 : ab000c00092f1671
[ 952.251352] x7 : 8000000000577c2b x6 : ffff800053eadf45
[ 952.252468] x5 : 0000000000000000 x4 : ffff80005e169494
[ 952.253582] x3 : 0000000000000004 x2 : ffff8000d866fb78
[ 952.254695] x1 : 000000000003e2a3 x0 : 000000000003e2a4
[ 952.255803]
[ 952.256150] Process snapperd (pid: 12779, stack limit = 0xffff8000d866c020)
[ 952.257516] Stack: (0xffff8000d866fa20 to 0xffff8000d8670000)
[ 952.258654] fa20: ffff8000d866fae0 ffff7ffffc308fc0 ffff800092879140 ffff8000e66e92f0
[ 952.260219] fa40: 0000000000000035 ffff800055de6000 ffff8000b8c76800 ffff8000d866fb78
[ 952.261745] fa60: 0000000000000002 00000000000024a2 00000000000028d5 0000000000000019
[ 952.263269] fa80: ffff8000d866fae0 ffff7ffffc3090f0 ffff8000d866fae0 ffff7ffffc309128
[ 952.264797] faa0: ffff800092879140 ffff8000e66e92f0 0000000000000035 ffff800055de6000
[ 952.268261] fac0: ffff8000b8c76800 ffff8000d866fb78 0000000000000002 0000000000001000
[ 952.269822] fae0: ffff8000d866fbc0 ffff7ffffc39ecfc ffff8000b8f8c200 ffff8000b8f8c368
[ 952.271368] fb00: ffff8000b8f8c378 ffff800055de6000 0000000000000001 ffff8000ecb17500
[ 952.272893] fb20: ffff8000b8c76800 ffff800092879140 ffff800062b6d000 ffff80007a9e2470
[ 952.274420] fb40: ffff8000b8f8c208 0000000005784000 ffff8000580a8000 ffff8000b8f8c200
[ 952.276088] fb60: ffff7ffffc39d488 00000002b8f8c368 0000000000000000 000000000003e2a4
[ 952.280275] fb80: 000000000000006c ffff7ffffc39ec00 000000000003e2a4 000000000000006c
[ 952.283219] fba0: ffff8000b8f8c300 0000000000000100 0000000000000001 ffff8000ecb17500
[ 952.286166] fbc0: ffff8000d866fcd0 ffff7ffffc3643c0 ffff8000f8842700 0000ffff8ffe9278
[ 952.289136] fbe0: 0000000040489426 ffff800055de6000 0000ffff8ffe9278 0000000040489426
[ 952.292083] fc00: 000000000000011d 000000000000001d ffff80007a9e4598 ffff80007a9e43e8
[ 952.294959] fc20: ffff8000b8c7693f 0000000000003b24 0000000000000019 ffff8000b8f8c218
[ 952.301161] fc40: 00000001d866fc70 ffff8000b8c76800 0000000000000128 ffffffffffffff84
[ 952.305749] fc60: ffff800058e941ff 0000000000003a58 ffff8000d866fcb0 ffff8000000f7390
[ 952.308875] fc80: 000000000000012a 0000000000010290 ffff8000d866fc00 000000000000007b
[ 952.311915] fca0: 0000000000010290 ffff800046c1b100 74732d7366727462 000001006d616572
[ 952.314937] fcc0: ffff8000fffc4100 cb88537fdc8ba60e ffff8000d866fe10 ffff8000002499e8
[ 952.318008] fce0: 0000000040489426 ffff8000f8842700 0000ffff8ffe9278 ffff80007a9e4598
[ 952.321321] fd00: 0000ffff8ffe9278 0000000040489426 000000000000011d 000000000000001d
[ 952.324280] fd20: ffff80000072c000 ffff8000d866c000 ffff8000d866fda0 ffff8000000e997c
[ 952.327156] fd40: ffff8000fffc4180 00000000000031ed ffff8000fffc4180 ffff800046c1b7d4
[ 952.329895] fd60: 0000000000000140 0000ffff907ea170 000000000000011d 00000000000000dc
[ 952.334641] fd80: ffff80000072c000 ffff8000d866c000 0000000000000000 0000000000000002
[ 952.338002] fda0: ffff8000d866fdd0 ffff8000000ebacc ffff800046c1b080 ffff800046c1b7d4
[ 952.340724] fdc0: ffff8000d866fdf0 ffff8000000db67c 0000000000000040 ffff800000e69198
[ 952.343415] fde0: 0000ffff8ffea790 00000000000031ed ffff8000d866fe20 ffff800000254000
[ 952.346101] fe00: 000000000000001d 0000000000000004 ffff8000d866fe90 ffff800000249d3c
[ 952.348980] fe20: ffff8000f8842700 0000000000000000 ffff8000f8842701 0000000000000008
[ 952.351696] fe40: ffff8000d866fe70 0000000000000008 ffff8000d866fe90 ffff800000249cf8
[ 952.354387] fe60: ffff8000f8842700 0000ffff8ffe9170 ffff8000f8842701 0000000000000008
[ 952.357083] fe80: 0000ffff8ffe9278 ffff80008ff85500 0000ffff8ffe90c0 ffff800000085c84
[ 952.359800] fea0: 0000000000000000 0000ffff8ffe9170 ffffffffffffffff 0000ffff90d473bc
[ 952.365351] fec0: 0000000000000000 0000000000000015 0000000000000008 0000000040489426
[ 952.369550] fee0: 0000ffff8ffe9278 0000ffff907ea790 0000ffff907ea170 0000ffff907ea790
[ 952.372416] ff00: 0000ffff907ea170 0000000000000000 000000000000001d 0000000000000004
[ 952.375223] ff20: 0000ffff90a32220 00000000003d0f00 0000ffff907ea0a0 0000ffff8ffe8f30
[ 952.378099] ff40: 0000ffff9100f554 0000ffff91147000 0000ffff91117bc0 0000ffff90d473b0
[ 952.381115] ff60: 0000ffff9100f620 0000ffff880069b0 0000ffff8ffe9170 0000ffff8ffe91a0
[ 952.384003] ff80: 0000ffff8ffe9160 0000ffff8ffe9140 0000ffff88006990 0000ffff8ffe9278
[ 952.386860] ffa0: 0000ffff88008a60 0000ffff8ffe9480 0000ffff88014ca0 0000ffff8ffe90c0
[ 952.389654] ffc0: 0000ffff910be8e8 0000ffff8ffe90c0 0000ffff90d473bc 0000000000000000
[ 952.410986] ffe0: 0000000000000008 000000000000001d 6e2079747265706f 72616d223d656d61
[ 952.415497] Call trace:
[ 952.417403] [<ffff7ffffc39de7c>] changed_cb+0x9f4/0xa48 [btrfs]
[ 952.420023] [<ffff7ffffc308fc0>] btrfs_compare_trees+0x500/0x6b0 [btrfs]
[ 952.422759] [<ffff7ffffc39ecfc>] btrfs_ioctl_send+0xb4c/0xe10 [btrfs]
[ 952.425601] [<ffff7ffffc3643c0>] btrfs_ioctl+0x374/0x29a4 [btrfs]
[ 952.428031] [<ffff8000002499e8>] do_vfs_ioctl+0x33c/0x600
[ 952.430360] [<ffff800000249d3c>] SyS_ioctl+0x90/0xa4
[ 952.432552] [<ffff800000085c84>] el0_svc_naked+0x38/0x3c
[ 952.434803] Code: 2a1503e0 17fffdac b9404282 17ffff28 (d4210000)
[ 952.437457] ---[ end trace 9afd7090c466cf15 ]---
Signed-off-by: Filipe Manana <[email protected]>
|
|
This reverts commit 5d8eb6fe517583f9c6d5b94faf2254a0207a45c9.
When we remove devices, we free the device structures. Delaying
btfs_remove_chunk() ends up hitting a use-after-free on them.
Signed-off-by: Chris Mason <[email protected]>
|
|
When we're not able to get enough space through splitting leaf,
we'd create a new sibling leaf instead, and it's possible that we return
a zero-nritem sibling leaf and mark it dirty before it's in a consistent
state. With CONFIG_BTRFS_FS_CHECK_INTEGRITY=y, the integrity check of
check_leaf will report panic due to this zero-nritem non-root leaf.
This removes the unnecessary btrfs_mark_buffer_dirty.
Reported-by: Filipe Manana <[email protected]>
Signed-off-by: Liu Bo <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
Really there's lots of things that can go wrong here, kill all the
BUG_ON()'s and replace the logic ones with ASSERT()'s and return EIO
instead.
Signed-off-by: Josef Bacik <[email protected]>
[ switched to btrfs_err, errors go to common label ]
Reviewed-by: Liu Bo <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
The addition of btrfs_no_printk() caused a build failure when
CONFIG_PRINTK is disabled:
fs/btrfs/send.c: In function 'send_rename':
fs/btrfs/ctree.h:3367:2: error: implicit declaration of function 'btrfs_no_printk' [-Werror=implicit-function-declaration]
This moves the helper outside of that #ifdef so it is always
defined, and changes the existing #ifdef to refer to that
helper as well for consistency.
Fixes: 47c57058ff2c ("btrfs: btrfs_debug should consume fs_info when DEBUG is not defined")
Signed-off-by: Arnd Bergmann <[email protected]>
Reviewed-by: David Sterba <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
This is an additional patch to
"Btrfs: memset to avoid stale content in btree node block".
This uses memset to initialize the unused space in a leaf to avoid
potential stale content, which may be incurred by pushing items
between sibling leaves.
Signed-off-by: Liu Bo <[email protected]>
Reviewed-by: David Sterba <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
Code cleanup. parent_start is initialized multiple times when it is
not necessary to do so.
Signed-off-by: Goldwyn Rodrigues <[email protected]>
Reviewed-by: David Sterba <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
Fixes: 7cf5b97650f2 ("btrfs: qgroup: Cleanup old inaccurate facilities")
Signed-off-by: Goldwyn Rodrigues <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
Code cleanup. count is already (unsgined long)-1. That is the reason
run_all was set. Do not reassign it (unsigned long)-1.
Signed-off-by: Goldwyn Rodrigues <[email protected]>
Reviewed-by: David Sterba <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
btrfs_show_devname() is using the device_list_mutex, sometimes
a call to blkdev_put() leads vfs calling into this func. So
call blkdev_put() outside of device_list_mutex, as of now.
[ 983.284212] ======================================================
[ 983.290401] [ INFO: possible circular locking dependency detected ]
[ 983.296677] 4.8.0-rc5-ceph-00023-g1b39cec2 #1 Not tainted
[ 983.302081] -------------------------------------------------------
[ 983.308357] umount/21720 is trying to acquire lock:
[ 983.313243] (&bdev->bd_mutex){+.+.+.}, at: [<ffffffff9128ec51>] blkdev_put+0x31/0x150
[ 983.321264]
[ 983.321264] but task is already holding lock:
[ 983.327101] (&fs_devs->device_list_mutex){+.+...}, at: [<ffffffffc033d6f6>] __btrfs_close_devices+0x46/0x200 [btrfs]
[ 983.337839]
[ 983.337839] which lock already depends on the new lock.
[ 983.337839]
[ 983.346024]
[ 983.346024] the existing dependency chain (in reverse order) is:
[ 983.353512]
-> #4 (&fs_devs->device_list_mutex){+.+...}:
[ 983.359096] [<ffffffff910dfd0c>] lock_acquire+0x1bc/0x1f0
[ 983.365143] [<ffffffff91823125>] mutex_lock_nested+0x65/0x350
[ 983.371521] [<ffffffffc02d8116>] btrfs_show_devname+0x36/0x1f0 [btrfs]
[ 983.378710] [<ffffffff9129523e>] show_vfsmnt+0x4e/0x150
[ 983.384593] [<ffffffff9126ffc7>] m_show+0x17/0x20
[ 983.389957] [<ffffffff91276405>] seq_read+0x2b5/0x3b0
[ 983.395669] [<ffffffff9124c808>] __vfs_read+0x28/0x100
[ 983.401464] [<ffffffff9124eb3b>] vfs_read+0xab/0x150
[ 983.407080] [<ffffffff9124ec32>] SyS_read+0x52/0xb0
[ 983.412609] [<ffffffff91825fc0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[ 983.419617]
-> #3 (namespace_sem){++++++}:
[ 983.424024] [<ffffffff910dfd0c>] lock_acquire+0x1bc/0x1f0
[ 983.430074] [<ffffffff918239e9>] down_write+0x49/0x80
[ 983.435785] [<ffffffff91272457>] lock_mount+0x67/0x1c0
[ 983.441582] [<ffffffff91272ab2>] do_add_mount+0x32/0xf0
[ 983.447458] [<ffffffff9127363a>] finish_automount+0x5a/0xc0
[ 983.453682] [<ffffffff91259513>] follow_managed+0x1b3/0x2a0
[ 983.459912] [<ffffffff9125b750>] lookup_fast+0x300/0x350
[ 983.465875] [<ffffffff9125d6e7>] path_openat+0x3a7/0xaa0
[ 983.471846] [<ffffffff9125ef75>] do_filp_open+0x85/0xe0
[ 983.477731] [<ffffffff9124c41c>] do_sys_open+0x14c/0x1f0
[ 983.483702] [<ffffffff9124c4de>] SyS_open+0x1e/0x20
[ 983.489240] [<ffffffff91825fc0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[ 983.496254]
-> #2 (&sb->s_type->i_mutex_key#3){+.+.+.}:
[ 983.501798] [<ffffffff910dfd0c>] lock_acquire+0x1bc/0x1f0
[ 983.507855] [<ffffffff918239e9>] down_write+0x49/0x80
[ 983.513558] [<ffffffff91366237>] start_creating+0x87/0x100
[ 983.519703] [<ffffffff91366647>] debugfs_create_dir+0x17/0x100
[ 983.526195] [<ffffffff911df153>] bdi_register+0x93/0x210
[ 983.532165] [<ffffffff911df313>] bdi_register_owner+0x43/0x70
[ 983.538570] [<ffffffff914080fb>] device_add_disk+0x1fb/0x450
[ 983.544888] [<ffffffff91580226>] loop_add+0x1e6/0x290
[ 983.550596] [<ffffffff91fec358>] loop_init+0x10b/0x14f
[ 983.556394] [<ffffffff91002207>] do_one_initcall+0xa7/0x180
[ 983.562618] [<ffffffff91f932e0>] kernel_init_freeable+0x1cc/0x266
[ 983.569370] [<ffffffff918174be>] kernel_init+0xe/0x100
[ 983.575166] [<ffffffff9182620f>] ret_from_fork+0x1f/0x40
[ 983.581131]
-> #1 (loop_index_mutex){+.+.+.}:
[ 983.585801] [<ffffffff910dfd0c>] lock_acquire+0x1bc/0x1f0
[ 983.591858] [<ffffffff91823125>] mutex_lock_nested+0x65/0x350
[ 983.598256] [<ffffffff9157ed3f>] lo_open+0x1f/0x60
[ 983.603704] [<ffffffff9128eec3>] __blkdev_get+0x123/0x400
[ 983.609757] [<ffffffff9128f4ea>] blkdev_get+0x34a/0x350
[ 983.615639] [<ffffffff9128f554>] blkdev_open+0x64/0x80
[ 983.621428] [<ffffffff9124aff6>] do_dentry_open+0x1c6/0x2d0
[ 983.627651] [<ffffffff9124c029>] vfs_open+0x69/0x80
[ 983.633181] [<ffffffff9125db74>] path_openat+0x834/0xaa0
[ 983.639152] [<ffffffff9125ef75>] do_filp_open+0x85/0xe0
[ 983.645035] [<ffffffff9124c41c>] do_sys_open+0x14c/0x1f0
[ 983.650999] [<ffffffff9124c4de>] SyS_open+0x1e/0x20
[ 983.656535] [<ffffffff91825fc0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[ 983.663541]
-> #0 (&bdev->bd_mutex){+.+.+.}:
[ 983.668107] [<ffffffff910def43>] __lock_acquire+0x1003/0x17b0
[ 983.674510] [<ffffffff910dfd0c>] lock_acquire+0x1bc/0x1f0
[ 983.680561] [<ffffffff91823125>] mutex_lock_nested+0x65/0x350
[ 983.686967] [<ffffffff9128ec51>] blkdev_put+0x31/0x150
[ 983.692761] [<ffffffffc033481f>] btrfs_close_bdev+0x4f/0x60 [btrfs]
[ 983.699699] [<ffffffffc033d77b>] __btrfs_close_devices+0xcb/0x200 [btrfs]
[ 983.707178] [<ffffffffc033d8db>] btrfs_close_devices+0x2b/0xa0 [btrfs]
[ 983.714380] [<ffffffffc03081c5>] close_ctree+0x265/0x340 [btrfs]
[ 983.721061] [<ffffffffc02d7959>] btrfs_put_super+0x19/0x20 [btrfs]
[ 983.727908] [<ffffffff91250e2f>] generic_shutdown_super+0x6f/0x100
[ 983.734744] [<ffffffff91250f56>] kill_anon_super+0x16/0x30
[ 983.740888] [<ffffffffc02da97e>] btrfs_kill_super+0x1e/0x130 [btrfs]
[ 983.747909] [<ffffffff91250fe9>] deactivate_locked_super+0x49/0x80
[ 983.754745] [<ffffffff912515fd>] deactivate_super+0x5d/0x70
[ 983.760977] [<ffffffff91270a1c>] cleanup_mnt+0x5c/0x80
[ 983.766773] [<ffffffff91270a92>] __cleanup_mnt+0x12/0x20
[ 983.772738] [<ffffffff910aa2fe>] task_work_run+0x7e/0xc0
[ 983.778708] [<ffffffff91081b5a>] exit_to_usermode_loop+0x7e/0xb4
[ 983.785373] [<ffffffff910039eb>] syscall_return_slowpath+0xbb/0xd0
[ 983.792212] [<ffffffff9182605c>] entry_SYSCALL_64_fastpath+0xbf/0xc1
[ 983.799225]
[ 983.799225] other info that might help us debug this:
[ 983.799225]
[ 983.807291] Chain exists of:
&bdev->bd_mutex --> namespace_sem --> &fs_devs->device_list_mutex
[ 983.816521] Possible unsafe locking scenario:
[ 983.816521]
[ 983.822489] CPU0 CPU1
[ 983.827043] ---- ----
[ 983.831599] lock(&fs_devs->device_list_mutex);
[ 983.836289] lock(namespace_sem);
[ 983.842268] lock(&fs_devs->device_list_mutex);
[ 983.849478] lock(&bdev->bd_mutex);
[ 983.853127]
[ 983.853127] *** DEADLOCK ***
[ 983.853127]
[ 983.859113] 3 locks held by umount/21720:
[ 983.863145] #0: (&type->s_umount_key#35){++++..}, at: [<ffffffff912515f5>] deactivate_super+0x55/0x70
[ 983.872713] #1: (uuid_mutex){+.+.+.}, at: [<ffffffffc033d8d3>] btrfs_close_devices+0x23/0xa0 [btrfs]
[ 983.882206] #2: (&fs_devs->device_list_mutex){+.+...}, at: [<ffffffffc033d6f6>] __btrfs_close_devices+0x46/0x200 [btrfs]
[ 983.893422]
[ 983.893422] stack backtrace:
[ 983.897824] CPU: 6 PID: 21720 Comm: umount Not tainted 4.8.0-rc5-ceph-00023-g1b39cec2 #1
[ 983.905958] Hardware name: Supermicro SYS-5018R-WR/X10SRW-F, BIOS 1.0c 09/07/2015
[ 983.913492] 0000000000000000 ffff8c8a53c17a38 ffffffff91429521 ffffffff9260f4f0
[ 983.921018] ffffffff92642760 ffff8c8a53c17a88 ffffffff911b2b04 0000000000000050
[ 983.928542] ffffffff9237d620 ffff8c8a5294aee0 ffff8c8a5294aeb8 ffff8c8a5294aee0
[ 983.936072] Call Trace:
[ 983.938545] [<ffffffff91429521>] dump_stack+0x85/0xc4
[ 983.943715] [<ffffffff911b2b04>] print_circular_bug+0x1fb/0x20c
[ 983.949748] [<ffffffff910def43>] __lock_acquire+0x1003/0x17b0
[ 983.955613] [<ffffffff910dfd0c>] lock_acquire+0x1bc/0x1f0
[ 983.961123] [<ffffffff9128ec51>] ? blkdev_put+0x31/0x150
[ 983.966550] [<ffffffff91823125>] mutex_lock_nested+0x65/0x350
[ 983.972407] [<ffffffff9128ec51>] ? blkdev_put+0x31/0x150
[ 983.977832] [<ffffffff9128ec51>] blkdev_put+0x31/0x150
[ 983.983101] [<ffffffffc033481f>] btrfs_close_bdev+0x4f/0x60 [btrfs]
[ 983.989500] [<ffffffffc033d77b>] __btrfs_close_devices+0xcb/0x200 [btrfs]
[ 983.996415] [<ffffffffc033d8db>] btrfs_close_devices+0x2b/0xa0 [btrfs]
[ 984.003068] [<ffffffffc03081c5>] close_ctree+0x265/0x340 [btrfs]
[ 984.009189] [<ffffffff9126cc5e>] ? evict_inodes+0x15e/0x170
[ 984.014881] [<ffffffffc02d7959>] btrfs_put_super+0x19/0x20 [btrfs]
[ 984.021176] [<ffffffff91250e2f>] generic_shutdown_super+0x6f/0x100
[ 984.027476] [<ffffffff91250f56>] kill_anon_super+0x16/0x30
[ 984.033082] [<ffffffffc02da97e>] btrfs_kill_super+0x1e/0x130 [btrfs]
[ 984.039548] [<ffffffff91250fe9>] deactivate_locked_super+0x49/0x80
[ 984.045839] [<ffffffff912515fd>] deactivate_super+0x5d/0x70
[ 984.051525] [<ffffffff91270a1c>] cleanup_mnt+0x5c/0x80
[ 984.056774] [<ffffffff91270a92>] __cleanup_mnt+0x12/0x20
[ 984.062201] [<ffffffff910aa2fe>] task_work_run+0x7e/0xc0
[ 984.067625] [<ffffffff91081b5a>] exit_to_usermode_loop+0x7e/0xb4
[ 984.073747] [<ffffffff910039eb>] syscall_return_slowpath+0xbb/0xd0
[ 984.080038] [<ffffffff9182605c>] entry_SYSCALL_64_fastpath+0xbf/0xc1
Reported-by: Ilya Dryomov <[email protected]>
Signed-off-by: Anand Jain <[email protected]>
Reviewed-by: David Sterba <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
The extent buffer 'next' needs to be free'd conditionally.
Signed-off-by: Liu Bo <[email protected]>
Reviewed-by: David Sterba <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
We can hit unused variable warnings when btrfs_debug and friends are
just aliases for no_printk. This is due to the fs_info not getting
consumed by the function call, which can happen if convenenience
variables are used. This patch adds a new btrfs_no_printk static inline
that consumes the convenience variable and does nothing else. It
silences the unused variable warning and has no impact on the generated
code:
$ size fs/btrfs/extent_io.o*
text data bss dec hex filename
44072 152 32 44256 ace0 fs/btrfs/extent_io.o.btrfs_no_printk
44072 152 32 44256 ace0 fs/btrfs/extent_io.o.no_printk
Fixes: 27a0dd61a5 (Btrfs: make btrfs_debug match pr_debug handling related to DEBUG)
Signed-off-by: Jeff Mahoney <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
This was basically an open-coded, less flexible dynamic printk. We can
just use btrfs_debug instead.
Signed-off-by: Jeff Mahoney <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
For many printks, we want to know which file system issued the message.
This patch converts most pr_* calls to use the btrfs_* versions instead.
In some cases, this means adding plumbing to allow call sites access to
an fs_info pointer.
fs/btrfs/check-integrity.c is left alone for another day.
Signed-off-by: Jeff Mahoney <[email protected]>
Reviewed-by: David Sterba <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
This patch converts printk(KERN_* style messages to use the pr_* versions.
One side effect is that anything that was KERN_DEBUG is now automatically
a dynamic debug message.
Signed-off-by: Jeff Mahoney <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
CodingStyle chapter 2:
"[...] never break user-visible strings such as printk messages,
because that breaks the ability to grep for them."
This patch unsplits user-visible strings.
Signed-off-by: Jeff Mahoney <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
btrfs_rm_device frees the block device but then re-opens it using
the saved device name. A race exists between the close and the
re-open that allows the block size to be changed. The result
is getting stuck forever in the reclaim loop in __getblk_slow.
This patch moves the superblock cleanup before closing the block
device, which is also consistent with other callers. We also don't
need a private copy of dev_name as the whole routine operates under
the uuid_mutex.
Signed-off-by: Jeff Mahoney <[email protected]>
Reviewed-by: David Sterba <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
In a corrupted btrfs image, we can come across this BUG_ON and
get an unreponsive system, but if we return errors instead,
its caller can handle everything gracefully by aborting the current
transaction.
Signed-off-by: Liu Bo <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
We don't track the reloc roots in any sort of normal way, so the only way the
root/commit_root nodes get free'd is if the relocation finishes successfully and
the reloc root is deleted. Fix this by free'ing them in free_reloc_roots.
Thanks,
Signed-off-by: Josef Bacik <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
Remove unneeded variables and assignments.
Signed-off-by: Masahiro Yamada <[email protected]>
Reviewed-by: David Sterba <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
We need to check items in a node to make sure that we're reading
a valid one, otherwise we could get various crashes while processing
delayed_refs.
Signed-off-by: Liu Bo <[email protected]>
Reviewed-by: David Sterba <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
Somehow we missed btrfs_print_tree when last time we
updated error handling for read_extent_block().
This keeps us from getting a NULL pointer panic when
btrfs_print_tree's read_extent_block() fails.
Signed-off-by: Liu Bo <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
Since we could get errors from the concurrent aborted transaction,
the check of this BUG_ON in start_transaction is not true any more.
Say, while flushing free space cache inode's dirty pages,
btrfs_finish_ordered_io
-> btrfs_join_transaction_nolock
(the transaction has been aborted.)
-> BUG_ON(type == TRANS_JOIN_NOLOCK);
Signed-off-by: Liu Bo <[email protected]>
Reviewed-by: Josef Bacik <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
During updating btree, we could push items between sibling
nodes/leaves, for leaves data sections starts reversely from
the end of the block while for nodes we only have key pairs
which are stored one by one from the start of the block.
So we could do try to push key pairs from one node to the next
node right in the tree, and after that, we update the node's
nritems to reflect the correct end while leaving the stale
content in the node. One may intentionally corrupt the fs
image and access the stale content by bumping the nritems and
causes various crashes.
This takes the in-memory @nritems as the correct one and
gets to memset the unused part of a btree node.
Signed-off-by: Liu Bo <[email protected]>
Reviewed-by: David Sterba <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
When relocating tree blocks, we firstly get block information from
back references in the extent tree, we then search fs tree to try to
find all parents of a block.
However, if fs tree is corrupted, eg. if there're some missing
items, we could come across these WARN_ONs and BUG_ONs.
This makes us print some error messages and return gracefully
from balance.
Signed-off-by: Liu Bo <[email protected]>
Reviewed-by: Josef Bacik <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
No reason to bug on in here, fs corruption could easily cause these things to
happen.
Signed-off-by: Josef Bacik <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
Nobody uses this, it makes no sense to do partial reads of extent buffers.
Signed-off-by: Josef Bacik <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
We have a lot of random ints in btrfs_fs_info that can be put into flags. This
is mostly equivalent with the exception of how we deal with quota going on or
off, now instead we set a flag when we are turning it on or off and deal with
that appropriately, rather than just having a pending state that the current
quota_enabled gets set to. Thanks,
Signed-off-by: Josef Bacik <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
dedupe and subpage size patchset
Extend btrfs_set_extent_delalloc() and extent_clear_unlock_delalloc()
parameters for both in-band dedupe and subpage sector size patchset.
This should reduce conflict of both patchset and the effort to rebase
them.
Cc: Chandan Rajendra <[email protected]>
Cc: David Sterba <[email protected]>
Signed-off-by: Qu Wenruo <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
We can re-use the dynamic debugging descriptor to make use of the dynamic
debugging mechanism but still use our own printk interface.
Defining the DEBUG macro works as it did before. When it's defined,
all of the messages default to print. We can also enable all debug
messages at boot or module-load time using the 'dyndbg' and
'btrfs.dyndbg' options.
Signed-off-by: Jeff Mahoney <[email protected]>
Reviewed-by: David Sterba <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
Variable 'gen' in reada_for_search() is not used since commit 58dc4ce43251
("btrfs: remove unused parameter from readahead_tree_block"). This patch
simply removes this variable.
Signed-off-by: Luis Henriques <[email protected]>
Reviewed-by: David Sterba <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
Variable 'blocksize' in reada_walk_down() is not used since commit
d3e46fea1b1e ("btrfs: sink blocksize parameter to readahead_tree_block").
This patch simply removes this variable.
Signed-off-by: Luis Henriques <[email protected]>
Reviewed-by: David Sterba <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
Currently, btrfs_relocate_chunk() is removing relocated BG by itself. But
the work can be done by btrfs_delete_unused_bgs() (and it's better since it
trim the BG). Let's dedupe the code.
While btrfs_delete_unused_bgs() is already hitting the relocated BG, it
skip the BG since the BG has "ro" flag set (to keep balancing BG intact).
On the other hand, btrfs cannot drop "ro" flag here to prevent additional
writes. So this patch make use of "removed" flag.
btrfs_delete_unused_bgs() now detect the flag to distinguish whether a
read-only BG is relocating or not.
Signed-off-by: Naohiro Aota <[email protected]>
Reviewed-by: Josef Bacik <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
Currently we allow inconsistence about mixed flag
(BTRFS_BLOCK_GROUP_METADATA | BTRFS_BLOCK_GROUP_DATA).
We'd get ENOSPC if block group has mixed flag and btrfs doesn't.
If that happens, we have one space_info with mixed flag and another
space_info only with BTRFS_BLOCK_GROUP_METADATA, and
global_block_rsv.space_info points to the latter one, but all bytes
from block_group contributes to the mixed space_info, thus all the
allocation will fail with ENOSPC.
This adds a check for the above case.
Reported-by: Vegard Nossum <[email protected]>
Signed-off-by: Liu Bo <[email protected]>
[ updated message ]
Reviewed-by: David Sterba <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
So we can read a btree block via readahead or intentional read,
and we can end up with a memory leak when something happens as
follows,
1) readahead starts to read block A but does not wait for read
completion,
2) btree_readpage_end_io_hook finds that block A is corrupted,
and it needs to clear all block A's pages' uptodate bit.
3) meanwhile an intentional read kicks in and checks block A's
pages' uptodate to decide which page needs to be read.
4) when some pages have the uptodate bit during 3)'s check so
3) doesn't count them for eb->io_pages, but they are later
cleared by 2) so we has to readpage on the page, we get
the wrong eb->io_pages which results in a memory leak of
this block.
This fixes the problem by firstly getting all pages's locking and
then checking pages' uptodate bit.
t1(readahead) t2(readahead endio) t3(the following read)
read_extent_buffer_pages end_bio_extent_readpage
for pg in eb: for page 0,1,2 in eb:
if pg is uptodate: btree_readpage_end_io_hook(pg)
num_reads++ if uptodate:
eb->io_pages = num_reads SetPageUptodate(pg) _______________
for pg in eb: for page 3 in eb: read_extent_buffer_pages
if pg is NOT uptodate: btree_readpage_end_io_hook(pg) for pg in eb:
__extent_read_full_page(pg) sanity check reports something wrong if pg is uptodate:
clear_extent_buffer_uptodate(eb) num_reads++
for pg in eb: eb->io_pages = num_reads
ClearPageUptodate(page) _______________
for pg in eb:
if pg is NOT uptodate:
__extent_read_full_page(pg)
So t3's eb->io_pages is not consistent with the number of pages it's reading,
and during endio(), atomic_dec_and_test(&eb->io_pages) will get a negative
number so that we're not able to free the eb.
Signed-off-by: Liu Bo <[email protected]>
Reviewed-by: David Sterba <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
This BUG() has been triggered by a fuzz testing image, which contains
an invalid chunk type, ie. a single stripe chunk has the raid6 type.
Btrfs can handle this gracefully by returning -EIO, so besides using
btrfs_warn to give us more debugging information rather than a single
BUG(), we can return error properly.
Signed-off-by: Liu Bo <[email protected]>
Reviewed-by: David Sterba <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
Only in the case of different root_id or different object_id, check_shared
identified extent as the shared. However, If a extent was referred by
different offset of same file, it should also be identified as shared.
In addition, check_shared's loop scale is at least n^3, so if a extent
has too many references, even causes soft hang up.
First, add all delayed_ref to the ref_tree and calculate the unqiue_refs,
if the unique_refs is greater than one, return BACKREF_FOUND_SHARED.
Then individually add the on-disk reference(inline/keyed) to the ref_tree
and calculate the unique_refs of the ref_tree to check if the unique_refs
is greater than one.Because once there are two references to return
SHARED, so the time complexity is close to the constant.
Reported-by: Tsutomu Itoh <[email protected]>
Signed-off-by: Lu Fengqi <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
Reviewed-by: Eric Sandeen <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
btrfs provides a helpful demonstration of how to export
a global variable via debugfs; however, it is unique among
other debugfs files in that it is world-writable, which causes
some concern to people who are not familiar with its purpose.
Fix it so that it is only user-writable.
Signed-off-by: Eric Sandeen <[email protected]>
Reviewed-by: David Sterba <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
While processing delayed refs, we may update block group's statistics
and attach it to cur_trans->dirty_bgs, and later writing dirty block
groups will process the list, which happens during
btrfs_commit_transaction().
For whatever reason, the transaction is aborted and dirty_bgs
is not processed in cleanup_transaction(), we end up with memory leak
of these dirty block group cache.
Since btrfs_start_dirty_block_groups() doesn't make it go to the commit
critical section, this also adds the cleanup work inside it.
Signed-off-by: Liu Bo <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
Pull tracefs fixes from Steven Rostedt:
"Al Viro has been looking at the tracefs code, and has pointed out some
issues. This contains one fix by me and one by Al. I'm sure that
he'll come up with more but for now I tested these patches and they
don't appear to have any negative impact on tracing"
* tag 'trace-v4.8-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
fix memory leaks in tracing_buffers_splice_read()
tracing: Move mutex to protect against resetting of seq data
|
|
When building XFS with -Werror, it now fails with:
include/linux/pagemap.h: In function 'fault_in_multipages_readable':
include/linux/pagemap.h:602:16: error: variable 'c' set but not used [-Werror=unused-but-set-variable]
volatile char c;
^
This is a regression caused by commit e23d4159b109 ("fix
fault_in_multipages_...() on architectures with no-op access_ok()").
Fix it by re-adding the "(void)c" trick taht was previously used to make
the compiler think the variable is used.
Signed-off-by: Dave Chinner <[email protected]>
Cc: Al Viro <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
The NUMA balancing logic uses an arch-specific PROT_NONE page table flag
defined by pte_protnone() or pmd_protnone() to mark PTEs or huge page
PMDs respectively as requiring balancing upon a subsequent page fault.
User-defined PROT_NONE memory regions which also have this flag set will
not normally invoke the NUMA balancing code as do_page_fault() will send
a segfault to the process before handle_mm_fault() is even called.
However if access_remote_vm() is invoked to access a PROT_NONE region of
memory, handle_mm_fault() is called via faultin_page() and
__get_user_pages() without any access checks being performed, meaning
the NUMA balancing logic is incorrectly invoked on a non-NUMA memory
region.
A simple means of triggering this problem is to access PROT_NONE mmap'd
memory using /proc/self/mem which reliably results in the NUMA handling
functions being invoked when CONFIG_NUMA_BALANCING is set.
This issue was reported in bugzilla (issue 99101) which includes some
simple repro code.
There are BUG_ON() checks in do_numa_page() and do_huge_pmd_numa_page()
added at commit c0e7cad to avoid accidentally provoking strange
behaviour by attempting to apply NUMA balancing to pages that are in
fact PROT_NONE. The BUG_ON()'s are consistently triggered by the repro.
This patch moves the PROT_NONE check into mm/memory.c rather than
invoking BUG_ON() as faulting in these pages via faultin_page() is a
valid reason for reaching the NUMA check with the PROT_NONE page table
flag set and is therefore not always a bug.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=99101
Reported-by: Trevor Saunders <[email protected]>
Signed-off-by: Lorenzo Stoakes <[email protected]>
Acked-by: Rik van Riel <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Mel Gorman <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
Pull MIPS fixes from Ralf Baechle:
"A round of 4.8 fixes:
MIPS generic code:
- Add a missing ".set pop" in an early commit
- Fix memory regions reaching top of physical
- MAAR: Fix address alignment
- vDSO: Fix Malta EVA mapping to vDSO page structs
- uprobes: fix incorrect uprobe brk handling
- uprobes: select HAVE_REGS_AND_STACK_ACCESS_API
- Avoid a BUG warning during PR_SET_FP_MODE prctl
- SMP: Fix possibility of deadlock when bringing CPUs online
- R6: Remove compact branch policy Kconfig entries
- Fix size calc when avoiding IPIs for small icache flushes
- Fix pre-r6 emulation FPU initialisation
- Fix delay slot emulation count in debugfs
ATH79:
- Fix test for error return of clk_register_fixed_factor.
Octeon:
- Fix kernel header to work for VDSO build.
- Fix initialization of platform device probing.
paravirt:
- Fix undefined reference to smp_bootstrap"
* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
MIPS: Fix delay slot emulation count in debugfs
MIPS: SMP: Fix possibility of deadlock when bringing CPUs online
MIPS: Fix pre-r6 emulation FPU initialisation
MIPS: vDSO: Fix Malta EVA mapping to vDSO page structs
MIPS: Select HAVE_REGS_AND_STACK_ACCESS_API
MIPS: Octeon: Fix platform bus probing
MIPS: Octeon: mangle-port: fix build failure with VDSO code
MIPS: Avoid a BUG warning during prctl(PR_SET_FP_MODE, ...)
MIPS: c-r4k: Fix size calc when avoiding IPIs for small icache flushes
MIPS: Add a missing ".set pop" in an early commit
MIPS: paravirt: Fix undefined reference to smp_bootstrap
MIPS: Remove compact branch policy Kconfig entries
MIPS: MAAR: Fix address alignment
MIPS: Fix memory regions reaching top of physical
MIPS: uprobes: fix incorrect uprobe brk handling
MIPS: ath79: Fix test for error return of clk_register_fixed_factor().
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
Pull one more powerpc fix from Michael Ellerman:
"powernv/pci: Fix m64 checks for SR-IOV and window alignment from
Russell Currey"
* tag 'powerpc-4.8-7' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
powerpc/powernv/pci: Fix m64 checks for SR-IOV and window alignment
|
|
The fixes to the radix tree test suite show that the multi-order case is
broken. The basic reason is that the radix tree code uses tagged
pointers with the "internal" bit in the low bits, and calculating the
pointer indices was supposed to mask off those bits. But gcc will
notice that we then use the index to re-create the pointer, and will
avoid doing the arithmetic and use the tagged pointer directly.
This cleans the code up, using the existing is_sibling_entry() helper to
validate the sibling pointer range (instead of open-coding it), and
using entry_to_node() to mask off the low tag bit from the pointer. And
once you do that, you might as well just use the now cleaned-up pointer
directly.
[ Side note: the multi-order code isn't actually ever used in the kernel
right now, and the only reason I didn't just delete all that code is
that Kirill Shutemov piped up and said:
"Well, my ext4-with-huge-pages patchset[1] uses multi-order entries.
It also converts shmem-with-huge-pages and hugetlb to them.
I'm okay with converting it to other mechanism, but I need
something. (I looked into Konstantin's RFC patchset[2]. It looks
okay, but I don't feel myself qualified to review it as I don't
know much about radix-tree internals.)"
[1] http://lkml.kernel.org/r/[email protected]
[2] http://lkml.kernel.org/r/147230727479.9957.1087787722571077339.stgit@zurg ]
Reported-by: Matthew Wilcox <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Ross Zwisler <[email protected]>
Cc: Johannes Weiner <[email protected]>
Cc: Kirill A. Shutemov <[email protected]>
Cc: Konstantin Khlebnikov <[email protected]>
Cc: Cedric Blancher <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
When we replace a multiorder entry, check that all indices reflect the
new value.
Also, compile the test suite with -O2, which shows other problems with
the code due to some dodgy pointer operations in the radix tree code.
Signed-off-by: Matthew Wilcox <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
Cc: [email protected]
Signed-off-by: Al Viro <[email protected]>
|
|
The iter->seq can be reset outside the protection of the mutex. So can
reading of user data. Move the mutex up to the beginning of the function.
Fixes: d7350c3f45694 ("tracing/core: make the read callbacks reentrants")
Cc: [email protected] # 2.6.30+
Reported-by: Al Viro <[email protected]>
Signed-off-by: Steven Rostedt <[email protected]>
|