From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Josef Bacik <josef@toxicpanda.com>,
Nikolay Borisov <nborisov@suse.com>,
David Sterba <dsterba@suse.com>
Subject: [PATCH 5.10 11/42] btrfs: fix race between extent freeing/allocation when using bitmaps
Date: Mon, 8 Mar 2021 13:30:37 +0100 [thread overview]
Message-ID: <20210308122718.681086694@linuxfoundation.org> (raw)
In-Reply-To: <20210308122718.120213856@linuxfoundation.org>
From: Nikolay Borisov <nborisov@suse.com>
commit 3c17916510428dbccdf657de050c34e208347089 upstream.
During allocation the allocator will try to allocate an extent using
cluster policy. Once the current cluster is exhausted it will remove the
entry under btrfs_free_cluster::lock and subsequently acquire
btrfs_free_space_ctl::tree_lock to dispose of the already-deleted entry
and adjust btrfs_free_space_ctl::total_bitmap. This poses a problem
because there exists a race condition between removing the entry under
one lock and doing the necessary accounting holding a different lock
since extent freeing only uses the 2nd lock. This can result in the
following situation:
T1: T2:
btrfs_alloc_from_cluster insert_into_bitmap <holds tree_lock>
if (entry->bytes == 0) if (block_group && !list_empty(&block_group->cluster_list)) {
rb_erase(entry)
spin_unlock(&cluster->lock);
(total_bitmaps is still 4) spin_lock(&cluster->lock);
<doesn't find entry in cluster->root>
spin_lock(&ctl->tree_lock); <goes to new_bitmap label, adds
<blocked since T2 holds tree_lock> <a new entry and calls add_new_bitmap>
recalculate_thresholds <crashes,
due to total_bitmaps
becoming 5 and triggering
an ASSERT>
To fix this ensure that once depleted, the cluster entry is deleted when
both cluster lock and tree locks are held in the allocator (T1), this
ensures that even if there is a race with a concurrent
insert_into_bitmap call it will correctly find the entry in the cluster
and add the new space to it.
CC: <stable@vger.kernel.org> # 4.4+
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/free-space-cache.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/fs/btrfs/free-space-cache.c
+++ b/fs/btrfs/free-space-cache.c
@@ -3034,8 +3034,6 @@ u64 btrfs_alloc_from_cluster(struct btrf
entry->bytes -= bytes;
}
- if (entry->bytes == 0)
- rb_erase(&entry->offset_index, &cluster->root);
break;
}
out:
@@ -3052,7 +3050,10 @@ out:
ctl->free_space -= bytes;
if (!entry->bitmap && !btrfs_free_space_trimmed(entry))
ctl->discardable_bytes[BTRFS_STAT_CURR] -= bytes;
+
+ spin_lock(&cluster->lock);
if (entry->bytes == 0) {
+ rb_erase(&entry->offset_index, &cluster->root);
ctl->free_extents--;
if (entry->bitmap) {
kmem_cache_free(btrfs_free_space_bitmap_cachep,
@@ -3065,6 +3066,7 @@ out:
kmem_cache_free(btrfs_free_space_cachep, entry);
}
+ spin_unlock(&cluster->lock);
spin_unlock(&ctl->tree_lock);
return ret;
next prev parent reply other threads:[~2021-03-08 12:34 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-08 12:30 [PATCH 5.10 00/42] 5.10.22-rc1 review Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 01/42] ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 02/42] ALSA: usb-audio: use Corsair Virtuoso mapping for Corsair Virtuoso SE Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 03/42] ALSA: usb-audio: Drop bogus dB range in too low level Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 04/42] tpm, tpm_tis: Decorate tpm_tis_gen_interrupt() with request_locality() Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 05/42] tpm, tpm_tis: Decorate tpm_get_timeouts() " Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 06/42] btrfs: avoid double put of block group when emptying cluster Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 07/42] btrfs: fix raid6 qstripe kmap Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 08/42] btrfs: fix race between writes to swap files and scrub Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 09/42] btrfs: fix race between swap file activation and snapshot creation Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 10/42] btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled Greg Kroah-Hartman
2021-03-08 12:30 ` Greg Kroah-Hartman [this message]
2021-03-08 12:30 ` [PATCH 5.10 12/42] btrfs: validate qgroup inherit for SNAP_CREATE_V2 ioctl Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 13/42] btrfs: free correct amount of space in btrfs_delayed_inode_reserve_metadata Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 14/42] btrfs: unlock extents in btrfs_zero_range in case of quota reservation errors Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 15/42] btrfs: fix warning when creating a directory with smack enabled Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 16/42] PM: runtime: Update device status before letting suppliers suspend Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 17/42] ring-buffer: Force before_stamp and write_stamp to be different on discard Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 18/42] io_uring: ignore double poll add on the same waitqueue head Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 19/42] dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 20/42] dm verity: fix FEC for RS roots unaligned to block size Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 21/42] drm/amdgpu:disable VCN for Navi12 SKU Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 22/42] drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 23/42] crypto - shash: reduce minimum alignment of shash_desc structure Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 24/42] arm64: mm: Move reserve_crashkernel() into mem_init() Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 25/42] arm64: mm: Move zone_dma_bits initialization into zone_sizes_init() Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 26/42] of/address: Introduce of_dma_get_max_cpu_address() Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 27/42] of: unittest: Add test for of_dma_get_max_cpu_address() Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 28/42] arm64: mm: Set ZONE_DMA size based on devicetrees dma-ranges Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 29/42] arm64: mm: Set ZONE_DMA size based on early IORT scan Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 30/42] mm: Remove examples from enum zone_type comment Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 31/42] ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 32/42] RDMA/cm: Fix IRQ restore in ib_send_cm_sidr_rep Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.10 33/42] RDMA/rxe: Fix missing kconfig dependency on CRYPTO Greg Kroah-Hartman
2021-03-08 12:31 ` [PATCH 5.10 34/42] IB/mlx5: Add missing error code Greg Kroah-Hartman
2021-03-08 12:31 ` [PATCH 5.10 35/42] ALSA: hda: intel-nhlt: verify config type Greg Kroah-Hartman
2021-03-08 12:31 ` [PATCH 5.10 36/42] ftrace: Have recordmcount use w8 to read relp->r_info in arm64_is_fake_mcount Greg Kroah-Hartman
2021-03-08 12:31 ` [PATCH 5.10 37/42] rsxx: Return -EFAULT if copy_to_user() fails Greg Kroah-Hartman
2021-03-08 12:31 ` [PATCH 5.10 38/42] iommu/vt-d: Fix status code for Allocate/Free PASID command Greg Kroah-Hartman
2021-03-08 12:31 ` [PATCH 5.10 39/42] Revert "arm64: dts: amlogic: add missing ethernet reset ID" Greg Kroah-Hartman
2021-03-08 12:31 ` [PATCH 5.10 40/42] of: unittest: Fix build on architectures without CONFIG_OF_ADDRESS Greg Kroah-Hartman
2021-03-08 12:31 ` [PATCH 5.10 41/42] tomoyo: recognize kernel threads correctly Greg Kroah-Hartman
2021-03-08 12:31 ` [PATCH 5.10 42/42] r8169: fix resuming from suspend on RTL8105e if machine runs on battery Greg Kroah-Hartman
2021-03-08 17:50 ` [PATCH 5.10 00/42] 5.10.22-rc1 review Florian Fainelli
2021-03-08 20:35 ` Pavel Machek
2021-03-08 22:29 ` Guenter Roeck
2021-03-09 1:08 ` Samuel Zou
2021-03-09 10:27 ` Greg Kroah-Hartman
2021-03-09 10:27 ` Greg Kroah-Hartman
2021-03-09 4:43 ` Naresh Kamboju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210308122718.681086694@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=dsterba@suse.com \
--cc=josef@toxicpanda.com \
--cc=linux-kernel@vger.kernel.org \
--cc=nborisov@suse.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox