From: David Sterba <dsterba@suse.cz>
To: Qu Wenruo <quwenruo.btrfs@gmx.com>
Cc: David Sterba <dsterba@suse.com>, linux-btrfs@vger.kernel.org
Subject: Re: [PATCH 00/14] More error handling and BUG_ON cleanups
Date: Fri, 9 Feb 2024 03:03:17 +0100 [thread overview]
Message-ID: <20240209020317.GY355@twin.jikos.cz> (raw)
In-Reply-To: <80792cd4-d06e-4cb4-8db0-c40d2b551aa3@gmx.com>
On Thu, Feb 08, 2024 at 08:20:55PM +1030, Qu Wenruo wrote:
> > btrfs: handle invalid extent item reference found in
> > find_first_extent_item()
>
> For bad extent item offsets, I'm totally fine with the current -EUCLEAN
> even it doesn't have any error message.
> As tree-checker has already verified the extent items, thus it's way
> much harder to get runtime corruption to create a -1 key.offset.
Yeah, this is the same as for the previous patchset, tree-checker
catches things early and the new error handling makes sure any
improbable error will not propagate further.
Regarding the messages, I'll add them in the futre, currently I'm
analyzing all cases we might need and prototyping the error/warning
message macros. I've been going over BUG_ONs only but we have too many
random WARN_ONs too, this should be better converted to warnings or
assertions with clear purpose and use case.
> > btrfs: handle invalid root reference found in may_destroy_subvol()
>
> But for this, I strongly recommend a new tree-checker entry for
> ROOT_REF, before returning -EUCLEAN without an error message.
Right, we don't seem to have a case for BTRFS_ROOT_REF_KEY in
tree-checker, at least the allowed value range could be there.
> > btrfs: send: handle unexpected data in header buffer in begin_cmd()
> > btrfs: send: handle unexpected inode in header process_recorded_refs()
> > btrfs: send: handle path ref underflow in header iterate_inode_ref()
> > btrfs: change BUG_ON to assertion in tree_move_down()
> > btrfs: change BUG_ONs to assertions in btrfs_qgroup_trace_subtree()
> > btrfs: delete pointless BUG_ON check on quota root in
> > btrfs_qgroup_account_extent()
> > btrfs: delete pointless BUG_ONs on extent item size
>
> The above ones look good to me.
>
> > btrfs: handle unexpected parent block offset in
> > btrfs_alloc_tree_block()
>
> For this one, I'd prefer one error message or at least something noisy
> enough (aka, ASSERT()), just to make life a little easier when we
> screwed up in our development environment.
Well, there are too many BUG_ONs that somebody just sprinkled over the
code, it still documents the invariants but in a very random way.
Getting rid of them is much harder as it requires reasoning in a much
broader context. I looked at all callers, this looks like a proper API
usage check rather than a random error that would need a message.
Each call site with EUCLEAN can be revisited if we really want to get
noticed about that or not, but I'm not doing that right now unless I'm
convince we do from the context.
next prev parent reply other threads:[~2024-02-09 2:03 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-08 8:59 [PATCH 00/14] More error handling and BUG_ON cleanups David Sterba
2024-02-08 8:59 ` [PATCH 01/14] btrfs: push errors up from add_async_extent() David Sterba
2024-02-08 8:59 ` [PATCH 02/14] btrfs: update comment and drop assertion in extent item lookup in find_parent_nodes() David Sterba
2024-02-08 8:59 ` [PATCH 03/14] btrfs: handle invalid extent item reference found in extent_from_logical() David Sterba
2024-02-08 8:59 ` [PATCH 04/14] btrfs: handle invalid extent item reference found in find_first_extent_item() David Sterba
2024-02-08 8:59 ` [PATCH 05/14] btrfs: handle invalid root reference found in may_destroy_subvol() David Sterba
2024-02-08 8:59 ` [PATCH 06/14] btrfs: send: handle unexpected data in header buffer in begin_cmd() David Sterba
2024-02-08 8:59 ` [PATCH 07/14] btrfs: send: handle unexpected inode in header process_recorded_refs() David Sterba
2024-02-08 8:59 ` [PATCH 08/14] btrfs: send: handle path ref underflow in header iterate_inode_ref() David Sterba
2024-02-08 8:59 ` [PATCH 09/14] btrfs: change BUG_ON to assertion in tree_move_down() David Sterba
2024-02-08 8:59 ` [PATCH 10/14] btrfs: change BUG_ONs to assertions in btrfs_qgroup_trace_subtree() David Sterba
2024-02-08 9:00 ` [PATCH 11/14] btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() David Sterba
2024-02-08 9:00 ` [PATCH 12/14] btrfs: delete pointless BUG_ONs on extent item size David Sterba
2024-02-08 9:00 ` [PATCH 13/14] btrfs: handle unexpected parent block offset in btrfs_alloc_tree_block() David Sterba
2024-02-08 9:00 ` [PATCH 14/14] btrfs: delete BUG_ON in btrfs_init_locked_inode() David Sterba
2024-02-08 9:50 ` [PATCH 00/14] More error handling and BUG_ON cleanups Qu Wenruo
2024-02-09 2:03 ` David Sterba [this message]
2024-02-13 19:05 ` David Sterba
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240209020317.GY355@twin.jikos.cz \
--to=dsterba@suse.cz \
--cc=dsterba@suse.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=quwenruo.btrfs@gmx.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox