From: David Sterba <dsterba@suse.cz>
To: Qu Wenruo <wqu@suse.de>
Cc: Nikolay Borisov <nborisov@suse.com>,
linux-btrfs@vger.kernel.org, Josef Bacik <josef@toxicpanda.com>
Subject: Re: [PATCH] btrfs: extent_io: Handle memory allocation failure in __clear_extent_bit()
Date: Thu, 18 Apr 2019 13:38:53 +0200 [thread overview]
Message-ID: <20190418113853.GJ20156@twin.jikos.cz> (raw)
In-Reply-To: <f96176af-6e8a-4257-e49a-4ca2604e7226@suse.de>
On Thu, Apr 18, 2019 at 03:30:20PM +0800, Qu Wenruo wrote:
>
>
> On 2019/4/18 下午3:24, Nikolay Borisov wrote:
> >
> >
> > On 18.04.19 г. 10:21 ч., Qu Wenruo wrote:
> >> There is a BUG_ON() in __clear_extent_bit() for memory allocation
> >> failure.
> >>
> >> While comment of __clear_extent_bit() says it can return error, but we
> >> always return 0.
> >>
> >> Some __clear_extent_bit() callers just ignore the return value, while
> >> some still expect error.
> >>
> >> Let's return proper error for this memory allocation anyway, to remove
> >> that BUG_ON() as a first step, so at least we can continue test.
> >
> > I remember Josef did some changes into this code and said that prealloc
> > shouldn't fail because this will cause mayhem down the road i.e. proper
> > error handling is missing. If anything I think it should be added first
> > and then remove the BUG_ONs.
>
> That's true, we could have some strange lockup due to
> lock_extent_bits(), as if some clear_extent_bits() failed due to ENOMEM
> and caller just ignore the error, we could have a lockup.
Not only lockup but unhandled failed extent range locking totally breaks
assumptions that the following code makes and this would lead to
unpredictable corruptions. Just count how many lock_extent_bits calls
are there. And any caller of __set_extent_bit. There are so many that
the BUG_ON is the measure of last resort to prevent worse problems.
> I'll try to pre-allocate certain amount of extent_state as the last
> chance of redemption.
This only lowers the chances to hit the allocation error but there's
always a case when certain amount + 1 would be needed.
> Anyway, such BUG_ON() right after kmalloc() is really a blockage for
> error injection test.
Maybe, but the code is not yet in the state to inject memory allocation
faiulres to that particular path (ie. the state changes).
next prev parent reply other threads:[~2019-04-18 11:37 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-18 7:21 [PATCH] btrfs: extent_io: Handle memory allocation failure in __clear_extent_bit() Qu Wenruo
2019-04-18 7:24 ` Nikolay Borisov
2019-04-18 7:30 ` Qu Wenruo
2019-04-18 11:38 ` David Sterba [this message]
2019-04-18 11:51 ` Qu Wenruo
2019-04-18 11:54 ` Qu Wenruo
2019-04-18 12:27 ` Nikolay Borisov
2019-04-18 12:44 ` Qu Wenruo
2019-04-22 5:44 ` Qu Wenruo
2019-04-18 14:10 ` Josef Bacik
2019-04-18 14:15 ` Qu Wenruo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190418113853.GJ20156@twin.jikos.cz \
--to=dsterba@suse.cz \
--cc=josef@toxicpanda.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=nborisov@suse.com \
--cc=wqu@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox