[PATCH 6.15 17/34] bcachefs: Run may_delete_deleted_inode() checks in bch2_inode_rm()

public inbox for stable@vger.kernel.org
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	patches@lists.linux.dev,
	Kent Overstreet <kent.overstreet@linux.dev>
Subject: [PATCH 6.15 17/34] bcachefs: Run may_delete_deleted_inode() checks in bch2_inode_rm()
Date: Sat,  7 Jun 2025 12:07:58 +0200	[thread overview]
Message-ID: <20250607100720.394727213@linuxfoundation.org> (raw)
In-Reply-To: <20250607100719.711372213@linuxfoundation.org>

6.15-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Kent Overstreet <kent.overstreet@linux.dev>

commit 09fb85ae565645b982e9030dbb2ff6707f2cdddc upstream.

We had a bug where bch2_evict_inode() incorrectly called bch2_inode_rm()
- the journal clearly showed the inode was not unlinked.

We've got checks that we use in recovery when cleaning up deleted
inodes, lift them to bch2_inode_rm() as well.

Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/bcachefs/errcode.h          |    2 +
 fs/bcachefs/fs.c               |    8 ++++
 fs/bcachefs/inode.c            |   66 +++++++++++++++++++++++++++++++----------
 fs/bcachefs/sb-errors_format.h |    3 +
 4 files changed, 61 insertions(+), 18 deletions(-)

--- a/fs/bcachefs/errcode.h
+++ b/fs/bcachefs/errcode.h
@@ -209,6 +209,8 @@
 	x(EINVAL,			remove_would_lose_data)			\
 	x(EINVAL,			no_resize_with_buckets_nouse)		\
 	x(EINVAL,			inode_unpack_error)			\
+	x(EINVAL,			inode_not_unlinked)			\
+	x(EINVAL,			inode_has_child_snapshot)		\
 	x(EINVAL,			varint_decode_error)			\
 	x(EINVAL,			erasure_coding_found_btree_node)	\
 	x(EOPNOTSUPP,			may_not_use_incompat_feature)		\
--- a/fs/bcachefs/fs.c
+++ b/fs/bcachefs/fs.c
@@ -2181,7 +2181,13 @@ static void bch2_evict_inode(struct inod
 				KEY_TYPE_QUOTA_WARN);
 		bch2_quota_acct(c, inode->ei_qid, Q_INO, -1,
 				KEY_TYPE_QUOTA_WARN);
-		bch2_inode_rm(c, inode_inum(inode));
+		int ret = bch2_inode_rm(c, inode_inum(inode));
+		if (ret && !bch2_err_matches(ret, EROFS)) {
+			bch_err_msg(c, ret, "VFS incorrectly tried to delete inode %llu:%llu",
+				    inode->ei_inum.subvol,
+				    inode->ei_inum.inum);
+			bch2_sb_error_count(c, BCH_FSCK_ERR_vfs_bad_inode_rm);
+		}
 
 		/*
 		 * If we are deleting, we need it present in the vfs hash table
--- a/fs/bcachefs/inode.c
+++ b/fs/bcachefs/inode.c
@@ -38,6 +38,7 @@ static const char * const bch2_inode_fla
 #undef  x
 
 static int delete_ancestor_snapshot_inodes(struct btree_trans *, struct bpos);
+static int may_delete_deleted_inum(struct btree_trans *, subvol_inum);
 
 static const u8 byte_table[8] = { 1, 2, 3, 4, 6, 8, 10, 13 };
 
@@ -1048,19 +1049,23 @@ int bch2_inode_rm(struct bch_fs *c, subv
 	u32 snapshot;
 	int ret;
 
+	ret = lockrestart_do(trans, may_delete_deleted_inum(trans, inum));
+	if (ret)
+		goto err2;
+
 	/*
 	 * If this was a directory, there shouldn't be any real dirents left -
 	 * but there could be whiteouts (from hash collisions) that we should
 	 * delete:
 	 *
-	 * XXX: the dirent could ideally would delete whiteouts when they're no
+	 * XXX: the dirent code ideally would delete whiteouts when they're no
 	 * longer needed
 	 */
 	ret   = bch2_inode_delete_keys(trans, inum, BTREE_ID_extents) ?:
 		bch2_inode_delete_keys(trans, inum, BTREE_ID_xattrs) ?:
 		bch2_inode_delete_keys(trans, inum, BTREE_ID_dirents);
 	if (ret)
-		goto err;
+		goto err2;
 retry:
 	bch2_trans_begin(trans);
 
@@ -1342,7 +1347,8 @@ int bch2_inode_rm_snapshot(struct btree_
 		delete_ancestor_snapshot_inodes(trans, SPOS(0, inum, snapshot));
 }
 
-static int may_delete_deleted_inode(struct btree_trans *trans, struct bpos pos)
+static int may_delete_deleted_inode(struct btree_trans *trans, struct bpos pos,
+				    bool from_deleted_inodes)
 {
 	struct bch_fs *c = trans->c;
 	struct btree_iter inode_iter;
@@ -1357,11 +1363,13 @@ static int may_delete_deleted_inode(stru
 		return ret;
 
 	ret = bkey_is_inode(k.k) ? 0 : -BCH_ERR_ENOENT_inode;
-	if (fsck_err_on(!bkey_is_inode(k.k),
+	if (fsck_err_on(from_deleted_inodes && ret,
 			trans, deleted_inode_missing,
 			"nonexistent inode %llu:%u in deleted_inodes btree",
 			pos.offset, pos.snapshot))
 		goto delete;
+	if (ret)
+		goto out;
 
 	ret = bch2_inode_unpack(k, &inode);
 	if (ret)
@@ -1369,7 +1377,8 @@ static int may_delete_deleted_inode(stru
 
 	if (S_ISDIR(inode.bi_mode)) {
 		ret = bch2_empty_dir_snapshot(trans, pos.offset, 0, pos.snapshot);
-		if (fsck_err_on(bch2_err_matches(ret, ENOTEMPTY),
+		if (fsck_err_on(from_deleted_inodes &&
+				bch2_err_matches(ret, ENOTEMPTY),
 				trans, deleted_inode_is_dir,
 				"non empty directory %llu:%u in deleted_inodes btree",
 				pos.offset, pos.snapshot))
@@ -1378,17 +1387,25 @@ static int may_delete_deleted_inode(stru
 			goto out;
 	}
 
-	if (fsck_err_on(!(inode.bi_flags & BCH_INODE_unlinked),
+	ret = inode.bi_flags & BCH_INODE_unlinked ? 0 : -BCH_ERR_inode_not_unlinked;
+	if (fsck_err_on(from_deleted_inodes && ret,
 			trans, deleted_inode_not_unlinked,
 			"non-deleted inode %llu:%u in deleted_inodes btree",
 			pos.offset, pos.snapshot))
 		goto delete;
+	if (ret)
+		goto out;
+
+	ret = !(inode.bi_flags & BCH_INODE_has_child_snapshot)
+		? 0 : -BCH_ERR_inode_has_child_snapshot;
 
-	if (fsck_err_on(inode.bi_flags & BCH_INODE_has_child_snapshot,
+	if (fsck_err_on(from_deleted_inodes && ret,
 			trans, deleted_inode_has_child_snapshots,
 			"inode with child snapshots %llu:%u in deleted_inodes btree",
 			pos.offset, pos.snapshot))
 		goto delete;
+	if (ret)
+		goto out;
 
 	ret = bch2_inode_has_child_snapshots(trans, k.k->p);
 	if (ret < 0)
@@ -1405,19 +1422,28 @@ static int may_delete_deleted_inode(stru
 			if (ret)
 				goto out;
 		}
+
+		if (!from_deleted_inodes) {
+			ret =   bch2_trans_commit(trans, NULL, NULL, BCH_TRANS_COMMIT_no_enospc) ?:
+				-BCH_ERR_inode_has_child_snapshot;
+			goto out;
+		}
+
 		goto delete;
 
 	}
 
-	if (test_bit(BCH_FS_clean_recovery, &c->flags) &&
-	    !fsck_err(trans, deleted_inode_but_clean,
-		      "filesystem marked as clean but have deleted inode %llu:%u",
-		      pos.offset, pos.snapshot)) {
-		ret = 0;
-		goto out;
-	}
+	if (from_deleted_inodes) {
+		if (test_bit(BCH_FS_clean_recovery, &c->flags) &&
+		    !fsck_err(trans, deleted_inode_but_clean,
+			      "filesystem marked as clean but have deleted inode %llu:%u",
+			      pos.offset, pos.snapshot)) {
+			ret = 0;
+			goto out;
+		}
 
-	ret = 1;
+		ret = 1;
+	}
 out:
 fsck_err:
 	bch2_trans_iter_exit(trans, &inode_iter);
@@ -1428,6 +1454,14 @@ delete:
 	goto out;
 }
 
+static int may_delete_deleted_inum(struct btree_trans *trans, subvol_inum inum)
+{
+	u32 snapshot;
+
+	return bch2_subvolume_get_snapshot(trans, inum.subvol, &snapshot) ?:
+		may_delete_deleted_inode(trans, SPOS(0, inum.inum, snapshot), false);
+}
+
 int bch2_delete_dead_inodes(struct bch_fs *c)
 {
 	struct btree_trans *trans = bch2_trans_get(c);
@@ -1451,7 +1485,7 @@ int bch2_delete_dead_inodes(struct bch_f
 	ret = for_each_btree_key_commit(trans, iter, BTREE_ID_deleted_inodes, POS_MIN,
 					BTREE_ITER_prefetch|BTREE_ITER_all_snapshots, k,
 					NULL, NULL, BCH_TRANS_COMMIT_no_enospc, ({
-		ret = may_delete_deleted_inode(trans, k.k->p);
+		ret = may_delete_deleted_inode(trans, k.k->p, true);
 		if (ret > 0) {
 			bch_verbose_ratelimited(c, "deleting unlinked inode %llu:%u",
 						k.k->p.offset, k.k->p.snapshot);
--- a/fs/bcachefs/sb-errors_format.h
+++ b/fs/bcachefs/sb-errors_format.h
@@ -244,6 +244,7 @@ enum bch_fsck_flags {
 	x(inode_parent_has_case_insensitive_not_set,		317,	FSCK_AUTOFIX)	\
 	x(vfs_inode_i_blocks_underflow,				311,	FSCK_AUTOFIX)	\
 	x(vfs_inode_i_blocks_not_zero_at_truncate,		313,	FSCK_AUTOFIX)	\
+	x(vfs_bad_inode_rm,					320,	0)		\
 	x(deleted_inode_but_clean,				211,	FSCK_AUTOFIX)	\
 	x(deleted_inode_missing,				212,	FSCK_AUTOFIX)	\
 	x(deleted_inode_is_dir,					213,	FSCK_AUTOFIX)	\
@@ -329,7 +330,7 @@ enum bch_fsck_flags {
 	x(dirent_stray_data_after_cf_name,			305,	0)		\
 	x(rebalance_work_incorrectly_set,			309,	FSCK_AUTOFIX)	\
 	x(rebalance_work_incorrectly_unset,			310,	FSCK_AUTOFIX)	\
-	x(MAX,							320,	0)
+	x(MAX,							321,	0)
 
 enum bch_sb_error_id {
 #define x(t, n, ...) BCH_FSCK_ERR_##t = n,

next prev parent reply	other threads:[~2025-06-07 10:10 UTC|newest]

Thread overview: 52+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-06-07 10:07 [PATCH 6.15 00/34] 6.15.2-rc1 review Greg Kroah-Hartman
2025-06-07 10:07 ` [PATCH 6.15 01/34] tracing: Fix compilation warning on arm32 Greg Kroah-Hartman
2025-06-07 10:07 ` [PATCH 6.15 02/34] Revert "x86/smp: Eliminate mwait_play_dead_cpuid_hint()" Greg Kroah-Hartman
2025-06-07 10:07 ` [PATCH 6.15 03/34] ACPICA: Introduce ACPI_NONSTRING Greg Kroah-Hartman
2025-06-07 10:07 ` [PATCH 6.15 04/34] ACPICA: Apply ACPI_NONSTRING Greg Kroah-Hartman
2025-06-07 10:07 ` [PATCH 6.15 05/34] ACPICA: Apply ACPI_NONSTRING in more places Greg Kroah-Hartman
2025-06-12  5:31   ` Collin Funk
2025-06-12  7:23     ` Jiri Slaby
2025-06-12  8:15       ` Ahmed Salem
2025-06-13  2:17         ` Collin Funk
2025-06-13  2:12       ` Collin Funk
2025-06-07 10:07 ` [PATCH 6.15 06/34] pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 Greg Kroah-Hartman
2025-06-07 10:07 ` [PATCH 6.15 07/34] pinctrl: armada-37xx: set GPIO output value before setting direction Greg Kroah-Hartman
2025-06-07 10:07 ` [PATCH 6.15 08/34] clk: samsung: correct clock summary for hsi1 block Greg Kroah-Hartman
2025-06-07 10:07 ` [PATCH 6.15 09/34] acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio() Greg Kroah-Hartman
2025-06-07 10:07 ` [PATCH 6.15 10/34] Documentation: ACPI: Use all-string data node references Greg Kroah-Hartman
2025-06-07 10:07 ` [PATCH 6.15 11/34] pinctrl: mediatek: eint: Fix invalid pointer dereference for v1 platforms Greg Kroah-Hartman
2025-06-07 10:07 ` [PATCH 6.15 12/34] rtc: Make rtc_time64_to_tm() support dates before 1970 Greg Kroah-Hartman
2025-06-07 10:07 ` [PATCH 6.15 13/34] rtc: Fix offset calculation for .start_secs < 0 Greg Kroah-Hartman
2025-06-07 10:07 ` [PATCH 6.15 14/34] bcachefs: Kill un-reverted directory i_size code Greg Kroah-Hartman
2025-06-07 10:07 ` [PATCH 6.15 15/34] bcachefs: Repair code for directory i_size Greg Kroah-Hartman
2025-06-07 10:07 ` [PATCH 6.15 16/34] bcachefs: delete dead code from may_delete_deleted_inode() Greg Kroah-Hartman
2025-06-07 10:07 ` Greg Kroah-Hartman [this message]
2025-06-07 10:07 ` [PATCH 6.15 18/34] bcachefs: Fix subvol to missing root repair Greg Kroah-Hartman
2025-06-07 10:08 ` [PATCH 6.15 19/34] usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE Greg Kroah-Hartman
2025-06-07 10:08 ` [PATCH 6.15 20/34] usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device Greg Kroah-Hartman
2025-06-07 10:08 ` [PATCH 6.15 21/34] USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB Greg Kroah-Hartman
2025-06-07 10:08 ` [PATCH 6.15 22/34] usb: typec: ucsi: fix Clang -Wsign-conversion warning Greg Kroah-Hartman
2025-06-07 10:08 ` [PATCH 6.15 23/34] Bluetooth: hci_qca: move the SoC type check to the right place Greg Kroah-Hartman
2025-06-07 10:08 ` [PATCH 6.15 24/34] serial: jsm: fix NPE during jsm_uart_port_init Greg Kroah-Hartman
2025-06-07 10:08 ` [PATCH 6.15 25/34] nvmem: rmem: select CONFIG_CRC32 Greg Kroah-Hartman
2025-06-07 10:08 ` [PATCH 6.15 26/34] usb: usbtmc: Fix timeout value in get_stb Greg Kroah-Hartman
2025-06-07 10:08 ` [PATCH 6.15 27/34] binder: fix use-after-free in binderfs_evict_inode() Greg Kroah-Hartman
2025-06-07 10:08 ` [PATCH 6.15 28/34] binder: fix yet another UAF in binder_devices Greg Kroah-Hartman
2025-06-07 10:08 ` [PATCH 6.15 29/34] thunderbolt: Do not double dequeue a configuration request Greg Kroah-Hartman
2025-06-07 10:08 ` [PATCH 6.15 30/34] dt-bindings: pwm: adi,axi-pwmgen: Fix clocks Greg Kroah-Hartman
2025-06-10 14:12   ` David Lechner
2025-06-07 10:08 ` [PATCH 6.15 31/34] dt-bindings: remoteproc: qcom,sm8150-pas: Add missing SC8180X compatible Greg Kroah-Hartman
2025-06-07 10:08 ` [PATCH 6.15 32/34] dt-bindings: usb: cypress,hx3: Add support for all variants Greg Kroah-Hartman
2025-06-07 10:08 ` [PATCH 6.15 33/34] dt-bindings: phy: imx8mq-usb: fix fsl,phy-tx-vboost-level-microvolt property Greg Kroah-Hartman
2025-06-07 10:08 ` [PATCH 6.15 34/34] Revert "drm/amd/display: more liberal vmin/vmax update for freesync" Greg Kroah-Hartman
2025-06-07 11:42 ` [PATCH 6.15 00/34] 6.15.2-rc1 review Christian Heusel
2025-06-07 11:50 ` Ronald Warsow
2025-06-08  5:26   ` Luna Jernberg
2025-06-07 20:19 ` Florian Fainelli
2025-06-08  5:13 ` Takeshi Ogasawara
2025-06-08  5:38 ` Ron Economos
2025-06-08  6:53 ` Naresh Kamboju
2025-06-08 17:40 ` Peter Schneider
2025-06-08 22:31 ` Mark Brown
2025-06-09 12:48 ` Jon Hunter
2025-06-12 20:30 ` Miguel Ojeda

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250607100720.394727213@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=kent.overstreet@linux.dev \
    --cc=patches@lists.linux.dev \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox