From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-btrfs-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 51E51C433F5
	for <linux-btrfs@archiver.kernel.org>; Thu,  3 Feb 2022 17:27:10 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1352829AbiBCR1J (ORCPT <rfc822;linux-btrfs@archiver.kernel.org>);
        Thu, 3 Feb 2022 12:27:09 -0500
Received: from smtp-out2.suse.de ([195.135.220.29]:58528 "EHLO
        smtp-out2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1352822AbiBCR1I (ORCPT
        <rfc822;linux-btrfs@vger.kernel.org>); Thu, 3 Feb 2022 12:27:08 -0500
Received: from relay2.suse.de (relay2.suse.de [149.44.160.134])
        by smtp-out2.suse.de (Postfix) with ESMTP id E210E1F399;
        Thu,  3 Feb 2022 17:27:07 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1;
        t=1643909227; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:  content-transfer-encoding:content-transfer-encoding;
        bh=d9RE8jtAbkRZShxO44PHUDkjG1XKA8sYY2WZWax4E28=;
        b=aDTMVOYyF33KTdUISerPJjBBWTTO2wQcNUDeFLYMNOyDJsWWvh3SfNnKBAvJ1YIgtQQMFZ
        Gnye1rSKwYuzeAFInjxJ13wqh052a/1KK385meIpyjQpVDKlM5E02Sbq4tNyNdop6ujJVN
        5IEYjLO0NXHUJAeDiW5CR+THgxVFcPc=
Received: from ds.suse.cz (ds.suse.cz [10.100.12.205])
        by relay2.suse.de (Postfix) with ESMTP id DB1F7A3B85;
        Thu,  3 Feb 2022 17:27:07 +0000 (UTC)
Received: by ds.suse.cz (Postfix, from userid 10065)
        id C7C0FDA781; Thu,  3 Feb 2022 18:26:22 +0100 (CET)
From:   David Sterba <dsterba@suse.com>
To:     linux-btrfs@vger.kernel.org
Cc:     David Sterba <dsterba@suse.com>
Subject: [PATCH 0/5] Speedups and check_setget_bounds reporting updates
Date:   Thu,  3 Feb 2022 18:26:22 +0100
Message-Id: <cover.1643904960.git.dsterba@suse.com>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-btrfs.vger.kernel.org>
X-Mailing-List: linux-btrfs@vger.kernel.org

This is a followup to [1] disabling asserts by default. There's some
performance hit involved because of check_setget_bounds that's called
for any extent buffer item read/write. Trading correctness for speed is
should be considered but in general correctness should be favored.

I've optimized the helper so it should have negligible impact (one
inlined branch instead of function call and 2 branches), I haven't
measured that yet though.

How the checks and reporting works:

- any function generated by BTRFS_SETGET_FUNCS calls check_setget_bounds
  and verifies if the reguested bytes are within the extent buffer

- if the checks fail nothing is read or written to the buffer
  - set a bit in fs_info::fs_state so we know something happened
  - store information about the failed range into fs_info for later

- as the setget helpers aren't checked for errors, there are a few
  points where the transaction is ended/aborted once the bit is set

I've tested that in fstests with inserted failure [2] after each 100K
operations, this allows tests to proceed but fail eventually. This makes
i up to btrfs/020 and hits assert in warn_about_uncommitted_trans.

Possible improvements:

- there's a similar check/report for read_extent_buffer so that could
  also set the bit and fail fast

- can be used as base for the shutdown logic

[1] https://lore.kernel.org/linux-btrfs/20200724164147.39925-1-josef@toxicpanda.com

[2]
--- a/fs/btrfs/struct-funcs.c
+++ b/fs/btrfs/struct-funcs.c
@@ -33,7 +33,15 @@ static void report_setget_bounds(const struct extent_buffer *eb,
 static inline bool check_setget_bounds(const struct extent_buffer *eb,
                                       const void *ptr, unsigned off, int size)
 {
-       const unsigned long member_offset = (unsigned long)ptr + off;
+       unsigned long member_offset = (unsigned long)ptr + off;
+       static unsigned long failure = 1;
+       const unsigned long fail_after = 102400;
+
+       if (test_bit(BTRFS_FS_OPEN, &eb->fs_info->flags) &&
+           (failure++ % fail_after) == 0) {
+               printk(KERN_ERR "SETGET: trigger setget failure at %lu\n", failure);
+               member_offset = 128 * 1024;
+       }
---

David Sterba (5):
  btrfs: remove redundant check in up check_setget_bounds
  btrfs: factor out reporting when check_setget_bounds fails
  btrfs: store details about first setget bounds check failure
  btrfs: fail transaction when a setget bounds check failure is detected
  btrfs: move check_setget_bounds out of ASSERT

 fs/btrfs/ctree.h        | 16 +++++++++++--
 fs/btrfs/struct-funcs.c | 51 ++++++++++++++++++++++++++++-------------
 fs/btrfs/transaction.c  | 11 +++++++++
 3 files changed, 60 insertions(+), 18 deletions(-)

-- 
2.34.1