From: Ritesh Harjani <riteshh@linux.ibm.com>
To: Qu Wenruo <quwenruo.btrfs@gmx.com>
Cc: Qu Wenruo <wqu@suse.com>, linux-btrfs@vger.kernel.org
Subject: Re: [Patch v2 41/42] btrfs: fix the use-after-free bug in writeback subpage helper
Date: Wed, 26 May 2021 10:59:02 +0530 [thread overview]
Message-ID: <20210526052902.qsaodegp6emjg5bl@riteshh-domain> (raw)
In-Reply-To: <20210525130227.ldhbj4x7sryr63bk@riteshh-domain>
On 21/05/25 06:32PM, Ritesh Harjani wrote:
> On 21/05/25 07:41PM, Qu Wenruo wrote:
> >
> >
> > On 2021/5/25 下午6:20, Ritesh Harjani wrote:
> > [...]
> > > > >
> > > > > - 9d57e61bf723 ("of/pci: Add IORESOURCE_MEM_64 to resource flags for 64-
> > > > > bit memory addresses")
> > > > > Will screw up at least my ARM board, which is using device tree for
> > > > > its PCIE node.
> > > > > Have to revert it.
> > > > >
> > > > > - 764c7c9a464b ("btrfs: zoned: fix parallel compressed writes")
> > > > > Will screw up compressed write with striped RAID profile.
> > > > > Fix sent to the mail list:
> > > > >
> > > > > https://patchwork.kernel.org/project/linux-btrfs/patch/20210525055243.85166-1-wqu@suse.com/
> > > > >
> > > > >
> > > > > - Known btrfs mkfs bug
> > > > > Fix sent to the mail list:
> > > > >
> > > > > https://patchwork.kernel.org/project/linux-btrfs/patch/20210517095516.129287-1-wqu@suse.com/
> > > > >
> > > > >
> > > > > - btrfs/215 false alert
> > > > > Fix sent to the mail list:
> > > > >
> > > > > https://patchwork.kernel.org/project/linux-btrfs/patch/20210517092922.119788-1-wqu@suse.com/
> > > >
> > > > Please wait for while.
> > > >
> > > > I just checked my latest result, the branch doesn't pass my local test
> > > > for subpage case.
> > > >
> > > > I'll fix it first, sorry for the problem.
> > >
> > > Ok, yes (it's failing for me in some test case).
> > > Sure, will until your confirmation.
> >
> > Got the reason. The patch "btrfs: allow submit_extent_page() to do bio
> > split for subpage" got a conflict when got rebased, due to zone code change.
> >
> > The conflict wasn't big, but to be extra safe, I manually re-craft the
> > patch from the scratch, to find out what's wrong.
> >
> > During that re-crafting, I forgot to delete two lines, prevent
> > btrfs_add_bio_page() from splitting bio properly, and submit empty bio,
> > thus causing an ASSERT() in submit_extent_page().
> >
> > The bug can be reliably reproduced by btrfs/060, thus that one can be a
> > quick test to make sure the problem is gone.
> >
> > BTW, for older subpage branch, the latest one without problem is at HEAD
> > 2af4eb21b234c6ddbc37568529219d33038f7f7c, which I also tested on a
> > Power8 VM, it passes "-g auto" with only 18 known failures.
> >
> > I believe it's now safe to re-test.
>
> Thanks. I will give your latest subpage github branch a run then :)
Hi Qu,
I am still running the tests, but I observed this warning msg with btrfs/062.
Sorry, did I miss any patches to take?
I am testing your below branch
https://github.com/adam900710/linux/commits/subpage
btrfs/062
<...>
[ 1466.928035] BTRFS info (device vdc): has skinny extents
[ 1466.928103] BTRFS warning (device vdc): read-write for sector size 4096 with page size 65536 is experimental
[ 1466.936997] BTRFS info (device vdc): checking UUID tree
[ 1467.295249] BTRFS info (device vdc): balance: start -d -m -s
[ 1469.177204] ------------[ cut here ]------------
[ 1469.177402] WARNING: CPU: 5 PID: 319 at fs/btrfs/extent_map.c:306 unpin_extent_cache+0x78/0x140
[ 1469.177597] Modules linked in:
[ 1469.177655] CPU: 5 PID: 319 Comm: kworker/u16:5 Not tainted 5.13.0-rc2-00382-g1d349b93923f #34
[ 1469.177773] Workqueue: btrfs-endio-write btrfs_work_helper
[ 1469.177845] NIP: c000000000a334c8 LR: c000000000a334b4 CTR: 0000000000000000
[ 1469.177943] REGS: c00000000d7e7750 TRAP: 0700 Not tainted (5.13.0-rc2-00382-g1d349b93923f)
[ 1469.178054] MSR: 800000000282b033 <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE> CR: 84002448 XER: 20000000
[ 1469.178187] CFAR: c000000000a3303c IRQMASK: 0
[ 1469.178187] GPR00: c000000000a334b4 c00000000d7e79f0 c000000001c5dc00 c00000002b15f968
[ 1469.178187] GPR04: 0000000000070000 000000000001a000 0000000000000001 0000000000000001
[ 1469.178187] GPR08: 0000000000000002 0000000000000002 0000000000000001 ffffffffffffffff
[ 1469.178187] GPR12: 0000000000002200 c00000003ffe8a00 c000000000213568 c00000000a1f1240
[ 1469.178187] GPR16: c00000002b934000 c000000026f4a2c0 c00000000d7e7ac8 0000000000000001
[ 1469.178187] GPR20: 0000000000000000 c000000026f49ec8 0000000000000024 c000000022bda000
[ 1469.178187] GPR24: 0000000000000020 000000000001a000 c000000026f49e08 000000000000000d
[ 1469.178187] GPR28: 000000000007b000 c000000026f49e88 c000000026f49e68 c00000002b15f968
[ 1469.179053] NIP [c000000000a334c8] unpin_extent_cache+0x78/0x140
[ 1469.179137] LR [c000000000a334b4] unpin_extent_cache+0x64/0x140
[ 1469.179220] Call Trace:
[ 1469.179254] [c00000000d7e79f0] [c000000000a334b4] unpin_extent_cache+0x64/0x140 (unreliable)
[ 1469.179371] [c00000000d7e7a50] [c000000000a23d28] btrfs_finish_ordered_io+0x528/0xbd0
[ 1469.179473] [c00000000d7e7ba0] [c000000000a64360] btrfs_work_helper+0x260/0x8e0
[ 1469.179572] [c00000000d7e7c40] [c000000000206954] process_one_work+0x434/0x7d0
[ 1469.179687] [c00000000d7e7d10] [c000000000206ff4] worker_thread+0x304/0x570
[ 1469.179771] [c00000000d7e7da0] [c00000000021371c] kthread+0x1bc/0x1d0
[ 1469.179855] [c00000000d7e7e10] [c00000000000d6ec] ret_from_kernel_thread+0x5c/0x70
[ 1469.179956] Instruction dump:
[ 1469.180007] 4887a5d1 60000000 7f84e378 7fc3f378 38c00001 e8a10028 4bfff949 7c7f1b79
[ 1469.180114] 41820010 e89f0018 7fa4e000 419e000c <0fe00000> 41820088 fb7f0060 395f0068
[ 1469.180222] irq event stamp: 1458062
[ 1469.180271] hardirqs last enabled at (1458061): [<c0000000012ad654>] _raw_spin_unlock_irq+0x44/0x80
[ 1469.180411] hardirqs last disabled at (1458062): [<c0000000012a1cfc>] __schedule+0x31c/0xce0
[ 1469.180524] softirqs last enabled at (1457908): [<c0000000012ae818>] __do_softirq+0x5e8/0x680
[ 1469.180661] softirqs last disabled at (1457899): [<c0000000001dc56c>] irq_exit+0x15c/0x1e0
[ 1469.180760] ---[ end trace f937e1c0f5a3b8fa ]---
[ 1469.537482] BTRFS info (device vdc): relocating block group 298844160 flags data|raid1
[ 1470.963925] BTRFS info (device vdc): found 343 extents, stage: move data extents
[ 1471.332749] BTRFS info (device vdc): found 341 extents, stage: update data pointers
[ 1471.656937] BTRFS info (device vdc): relocating block group 30408704 flags metadata|raid1
[ 1472.015159] BTRFS info (device vdc): found 84 extents, stage: move data extents
[ 1472.355357] BTRFS info (device vdc): relocating block group 22020096 flags system|raid1
[ 1472.689631] BTRFS info (device vdc): found 1 extents, stage: move data extents
[ 1473.052977] BTRFS info (device vdc): balance: ended with status: 0
-ritesh
next prev parent reply other threads:[~2021-05-26 5:29 UTC|newest]
Thread overview: 117+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-27 23:03 [Patch v2 00/42] btrfs: add data write support for subpage Qu Wenruo
2021-04-27 23:03 ` [Patch v2 01/42] btrfs: scrub: fix subpage scrub repair error caused by hardcoded PAGE_SIZE Qu Wenruo
2021-05-13 22:57 ` David Sterba
2021-05-13 23:32 ` Qu Wenruo
2021-04-27 23:03 ` [Patch v2 02/42] btrfs: make free space cache size consistent across different PAGE_SIZE Qu Wenruo
2021-04-27 23:03 ` [Patch v2 03/42] btrfs: remove the unused parameter @len for btrfs_bio_fits_in_stripe() Qu Wenruo
2021-05-13 22:58 ` David Sterba
2021-05-13 23:07 ` David Sterba
2021-04-27 23:03 ` [Patch v2 04/42] btrfs: allow btrfs_bio_fits_in_stripe() to accept bio without any page Qu Wenruo
2021-04-27 23:03 ` [Patch v2 05/42] btrfs: refactor submit_extent_page() to make bio and its flag tracing easier Qu Wenruo
2021-05-13 23:03 ` David Sterba
2021-05-21 11:06 ` Johannes Thumshirn
2021-05-21 11:26 ` Qu Wenruo
2021-05-21 13:30 ` David Sterba
2021-04-27 23:03 ` [Patch v2 06/42] btrfs: make subpage metadata write path to call its own endio functions Qu Wenruo
2021-04-27 23:03 ` [Patch v2 07/42] btrfs: pass btrfs_inode into btrfs_writepage_endio_finish_ordered() Qu Wenruo
2021-05-13 23:06 ` David Sterba
2021-05-13 23:35 ` Qu Wenruo
2021-05-21 14:27 ` Josef Bacik
2021-05-21 20:22 ` David Sterba
2021-05-22 0:24 ` Qu Wenruo
2021-05-23 7:40 ` Qu Wenruo
2021-05-23 13:43 ` Josef Bacik
2021-05-23 13:50 ` Qu Wenruo
2021-05-23 14:08 ` Josef Bacik
2021-04-27 23:03 ` [Patch v2 08/42] btrfs: make Private2 lifespan more consistent Qu Wenruo
2021-04-27 23:03 ` [Patch v2 09/42] btrfs: refactor how we finish ordered extent io for endio functions Qu Wenruo
2021-05-13 23:11 ` David Sterba
2021-04-27 23:03 ` [Patch v2 10/42] btrfs: update the comments in btrfs_invalidatepage() Qu Wenruo
2021-04-27 23:03 ` [Patch v2 11/42] btrfs: introduce btrfs_lookup_first_ordered_range() Qu Wenruo
2021-05-13 23:13 ` David Sterba
2021-04-27 23:03 ` [Patch v2 12/42] btrfs: refactor btrfs_invalidatepage() Qu Wenruo
2021-04-27 23:03 ` [Patch v2 13/42] btrfs: rename PagePrivate2 to PageOrdered inside btrfs Qu Wenruo
2021-04-27 23:03 ` [Patch v2 14/42] btrfs: pass bytenr directly to __process_pages_contig() Qu Wenruo
2021-04-27 23:03 ` [Patch v2 15/42] btrfs: refactor the page status update into process_one_page() Qu Wenruo
2021-04-27 23:03 ` [Patch v2 16/42] btrfs: provide btrfs_page_clamp_*() helpers Qu Wenruo
2021-04-27 23:03 ` [Patch v2 17/42] btrfs: only require sector size alignment for end_bio_extent_writepage() Qu Wenruo
2021-04-27 23:03 ` [Patch v2 18/42] btrfs: make btrfs_dirty_pages() to be subpage compatible Qu Wenruo
2021-04-27 23:03 ` [Patch v2 19/42] btrfs: make __process_pages_contig() to handle subpage dirty/error/writeback status Qu Wenruo
2021-04-27 23:03 ` [Patch v2 20/42] btrfs: make end_bio_extent_writepage() to be subpage compatible Qu Wenruo
2021-04-27 23:03 ` [Patch v2 21/42] btrfs: make process_one_page() to handle subpage locking Qu Wenruo
2021-04-27 23:03 ` [Patch v2 22/42] btrfs: introduce helpers for subpage ordered status Qu Wenruo
2021-04-27 23:03 ` [Patch v2 23/42] btrfs: make page Ordered bit to be subpage compatible Qu Wenruo
2021-04-27 23:03 ` [Patch v2 24/42] btrfs: update locked page dirty/writeback/error bits in __process_pages_contig Qu Wenruo
2021-04-27 23:03 ` [Patch v2 25/42] btrfs: prevent extent_clear_unlock_delalloc() to unlock page not locked by __process_pages_contig() Qu Wenruo
2021-04-27 23:03 ` [Patch v2 26/42] btrfs: make btrfs_set_range_writeback() subpage compatible Qu Wenruo
2021-04-27 23:03 ` [Patch v2 27/42] btrfs: make __extent_writepage_io() only submit dirty range for subpage Qu Wenruo
2021-04-27 23:03 ` [Patch v2 28/42] btrfs: make btrfs_truncate_block() to be subpage compatible Qu Wenruo
2021-04-27 23:03 ` [Patch v2 29/42] btrfs: make btrfs_page_mkwrite() " Qu Wenruo
2021-04-27 23:03 ` [Patch v2 30/42] btrfs: reflink: make copy_inline_to_page() " Qu Wenruo
2021-04-27 23:03 ` [Patch v2 31/42] btrfs: fix the filemap_range_has_page() call in btrfs_punch_hole_lock_range() Qu Wenruo
2021-04-27 23:03 ` [Patch v2 32/42] btrfs: don't clear page extent mapped if we're not invalidating the full page Qu Wenruo
2021-04-27 23:03 ` [Patch v2 33/42] btrfs: extract relocation page read and dirty part into its own function Qu Wenruo
2021-04-27 23:03 ` [Patch v2 34/42] btrfs: make relocate_one_page() to handle subpage case Qu Wenruo
2021-04-27 23:03 ` [Patch v2 35/42] btrfs: fix wild subpage writeback which does not have ordered extent Qu Wenruo
2021-04-27 23:03 ` [Patch v2 36/42] btrfs: disable inline extent creation for subpage Qu Wenruo
2021-05-04 4:28 ` Qu Wenruo
2021-04-27 23:03 ` [Patch v2 37/42] btrfs: skip validation for subpage read repair Qu Wenruo
2021-04-27 23:03 ` [Patch v2 38/42] btrfs: allow submit_extent_page() to do bio split for subpage Qu Wenruo
2021-04-27 23:03 ` [Patch v2 39/42] btrfs: reject raid5/6 fs " Qu Wenruo
2021-04-28 14:22 ` Neal Gompa
2021-04-28 23:11 ` Qu Wenruo
2021-05-12 22:04 ` David Sterba
2021-04-27 23:03 ` [Patch v2 40/42] btrfs: fix a crash caused by race between prepare_pages() and btrfs_releasepage() Qu Wenruo
2021-04-28 10:56 ` Filipe Manana
2021-04-27 23:03 ` [Patch v2 41/42] btrfs: fix the use-after-free bug in writeback subpage helper Qu Wenruo
2021-05-06 23:46 ` Qu Wenruo
2021-05-07 4:57 ` Ritesh Harjani
2021-05-07 5:14 ` Qu Wenruo
2021-05-10 8:38 ` Qu Wenruo
2021-05-10 12:29 ` Ritesh Harjani
2021-05-10 13:10 ` Qu Wenruo
2021-05-11 10:48 ` Ritesh Harjani
2021-05-11 11:15 ` Qu Wenruo
2021-05-12 1:49 ` Qu Wenruo
2021-05-12 7:09 ` Ritesh Harjani
2021-05-13 16:33 ` Ritesh Harjani
2021-05-13 21:36 ` Ritesh Harjani
2021-05-13 23:41 ` Qu Wenruo
2021-05-14 15:08 ` Ritesh Harjani
2021-05-14 17:53 ` Ritesh Harjani
2021-05-14 22:22 ` Qu Wenruo
2021-05-15 9:59 ` Ritesh Harjani
2021-05-15 10:15 ` Qu Wenruo
2021-05-25 4:43 ` Ritesh Harjani
2021-05-25 5:52 ` Qu Wenruo
2021-05-25 6:14 ` Qu Wenruo
2021-05-25 9:23 ` Ritesh Harjani
2021-05-25 9:45 ` Qu Wenruo
2021-05-25 9:49 ` Qu Wenruo
2021-05-25 10:20 ` Ritesh Harjani
2021-05-25 11:41 ` Qu Wenruo
2021-05-25 13:02 ` Ritesh Harjani
2021-05-26 5:29 ` Ritesh Harjani [this message]
2021-05-26 5:58 ` Qu Wenruo
2021-05-26 13:45 ` Ritesh Harjani
2021-05-28 8:26 ` Qu Wenruo
2021-05-28 8:59 ` Ritesh Harjani
2021-05-28 10:25 ` Qu Wenruo
2021-05-30 1:50 ` Qu Wenruo
2021-04-27 23:03 ` [Patch v2 42/42] btrfs: allow read-write for 4K sectorsize on 64K page size systems Qu Wenruo
2021-05-12 22:18 ` [Patch v2 00/42] btrfs: add data write support for subpage David Sterba
2021-05-12 23:48 ` Qu Wenruo
2021-05-13 2:21 ` Qu Wenruo
2021-05-13 22:54 ` David Sterba
2021-05-14 1:41 ` Qu Wenruo
2021-05-14 2:26 ` riteshh
2021-05-14 10:28 ` riteshh
2021-05-14 11:28 ` David Sterba
2021-05-14 14:38 ` riteshh
2021-05-14 11:30 ` David Sterba
2021-05-14 22:25 ` David Sterba
2021-05-14 22:45 ` Qu Wenruo
2021-05-14 23:05 ` David Sterba
2021-05-14 23:17 ` Qu Wenruo
2021-05-17 13:22 ` David Sterba
2021-05-17 23:20 ` Qu Wenruo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210526052902.qsaodegp6emjg5bl@riteshh-domain \
--to=riteshh@linux.ibm.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=quwenruo.btrfs@gmx.com \
--cc=wqu@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).