[PATCH 4.11 110/150] btrfs: fix race with relocation recovery and fs_root setup

From: Greg Kroah-Hartman
Date: Mon Jun 12 2017 - 11:31:16 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.11 087/150] block: Avoid that blk_exit_rl() triggers a use-after-free"
Previous message: Greg Kroah-Hartman: "[PATCH 4.11 106/150] cxl: Fix error path on bad ioctl"
In reply to: Greg Kroah-Hartman: "[PATCH 4.11 106/150] cxl: Fix error path on bad ioctl"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.11 087/150] block: Avoid that blk_exit_rl() triggers a use-after-free"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

4.11-stable review patch. If anyone has any objections, please let me know.

------------------

From: Jeff Mahoney <jeffm@xxxxxxxx>

commit a9b3311ef36b670909ea4443f306c8318082c8f0 upstream.

If we have to recover relocation during mount, we'll ultimately have to
evict the orphan inode. That goes through the reservation dance, where
priority_reclaim_metadata_space and flush_space expect fs_info->fs_root
to be valid. That's the next thing to be set up during mount, so we
crash, almost always in flush_space trying to join the transaction
but priority_reclaim_metadata_space is possible as well. This call
path has been problematic in the past WRT whether ->fs_root is valid
yet. Commit 957780eb278 (Btrfs: introduce ticketed enospc
infrastructure) added new users that are called in the direct path
instead of the async path that had already been worked around.

The thing is that we don't actually need the fs_root, specifically, for
anything. We either use it to determine whether the root is the
chunk_root for use in choosing an allocation profile or as a root to pass
btrfs_join_transaction before immediately committing it. Anything that
isn't the chunk root works in the former case and any root works in
the latter.

A simple fix is to use a root we know will always be there: the
extent_root.

Fixes: 957780eb278 (Btrfs: introduce ticketed enospc infrastructure)
Signed-off-by: Jeff Mahoney <jeffm@xxxxxxxx>
Reviewed-by: Liu Bo <bo.li.liu@xxxxxxxxxx>
Signed-off-by: David Sterba <dsterba@xxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
fs/btrfs/extent-tree.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -4835,7 +4835,7 @@ static int may_commit_transaction(struct
spin_unlock(&delayed_rsv->lock);

commit:
- trans = btrfs_join_transaction(fs_info->fs_root);
+ trans = btrfs_join_transaction(fs_info->extent_root);
if (IS_ERR(trans))
return -ENOSPC;

@@ -4853,7 +4853,7 @@ static int flush_space(struct btrfs_fs_i
struct btrfs_space_info *space_info, u64 num_bytes,
u64 orig_bytes, int state)
{
- struct btrfs_root *root = fs_info->fs_root;
+ struct btrfs_root *root = fs_info->extent_root;
struct btrfs_trans_handle *trans;
int nr;
int ret = 0;
@@ -5053,7 +5053,7 @@ static void priority_reclaim_metadata_sp
int flush_state = FLUSH_DELAYED_ITEMS_NR;

spin_lock(&space_info->lock);
- to_reclaim = btrfs_calc_reclaim_metadata_size(fs_info->fs_root,
+ to_reclaim = btrfs_calc_reclaim_metadata_size(fs_info->extent_root,
space_info);
if (!to_reclaim) {
spin_unlock(&space_info->lock);

Next message: Greg Kroah-Hartman: "[PATCH 4.11 087/150] block: Avoid that blk_exit_rl() triggers a use-after-free"
Previous message: Greg Kroah-Hartman: "[PATCH 4.11 106/150] cxl: Fix error path on bad ioctl"
In reply to: Greg Kroah-Hartman: "[PATCH 4.11 106/150] cxl: Fix error path on bad ioctl"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.11 087/150] block: Avoid that blk_exit_rl() triggers a use-after-free"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]