- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] f2fs: read page index before freeing" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0ea295dd853e0879a9a30ab61f923c26be35b902 Mon Sep 17 00:00:00 2001 From: Pan Bian <bianpan2016(a)163.com> Date: Thu, 22 Nov 2018 18:58:46 +0800 Subject: [PATCH] f2fs: read page index before freeing The function truncate_node frees the page with f2fs_put_page. However, the page index is read after that. So, the patch reads the index before freeing the page. Fixes: bf39c00a9a7f ("f2fs: drop obsolete node page when it is truncated") Cc: <stable(a)vger.kernel.org> Signed-off-by: Pan Bian <bianpan2016(a)163.com> Reviewed-by: Chao Yu <yuchao0(a)huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/node.c b/fs/f2fs/node.c index e60c7779e114..a2273340991f 100644 --- a/fs/f2fs/node.c +++ b/fs/f2fs/node.c @@ -826,6 +826,7 @@ static int truncate_node(struct dnode_of_data *dn) struct f2fs_sb_info *sbi = F2FS_I_SB(dn->inode); struct node_info ni; int err; + pgoff_t index; err = f2fs_get_node_info(sbi, dn->nid, &ni); if (err) @@ -845,10 +846,11 @@ static int truncate_node(struct dnode_of_data *dn) clear_node_page_dirty(dn->node_page); set_sbi_flag(sbi, SBI_IS_DIRTY); + index = dn->node_page->index; f2fs_put_page(dn->node_page, 1); invalidate_mapping_pages(NODE_MAPPING(sbi), - dn->node_page->index, dn->node_page->index); + index, index); dn->node_page = NULL; trace_f2fs_truncate_node(dn->inode, dn->nid, ni.blk_addr);

6 years, 8 months

1
0
0 0

[PATCH v2 4.14 0/5] netfilter: xt_connlimit: backport upstream fixes for race in connection counting

by Mauricio Faria de Oliveira

From: Ubuntu <ubuntu(a)petilil.segmaas.1ss> [changelog] - v2: include patch 5/5 (a very recent fix to patch 4/5) which is not yet in Linus's tree but it's in nf.git + linux-next.git, thus should make it shortly. Test results still consistent. Thanks Florian Westphal for reviewing and pointing that out. Recently, Alakesh Haloi reported the following issue [1] with stable/4.14: """ An iptable rule like the following on a multicore systems will result in accepting more connections than set in the rule. iptables -A INPUT -p tcp -m tcp --syn --dport 7777 -m connlimit \ --connlimit-above 2000 --connlimit-mask 0 -j DROP """ And proposed a fix that is not in Linus's tree. The discussion went on to confirm whether the issue was still reproducible with mainline/nf.git tip, and to either identify the upstream fix or re-submit the non-upstream fix. Alakesh eventually was able to test with upstream, and reported that issue was still reproducible [2]. On that, our findinds diverge, at least in my test environment: First, I verified that the suggested mainline fix for the issue [3] indeed fixes it, by testing with it applied and reverted on v4.18, a clean revert. (The issue is reproducible with the commit reverted). Then, with a consistent reproducer, I moved to nf.git, with HEAD on commit a007232 ("netfilter: nf_conncount: fix argument order to find_next_bit"), and the issues was not reproducible (even with 20+ threads on client side, the number Alakesh reported to achieve 2150+ connections [4], and I tried spreading the network interface IRQ affinity over more and more CPUs too.) Either way, the suggested mainline fix does actually fix the issue in 4.14 for at least one environment. So, it might well be the case that Alakesh's test environment has differences/subtleties that leads to more connections accepted, and more commits are needed for that particular environment type. (v2 update: see Florian's reply to v1 thread [1]; these different results are probably explained by very recent fixes still missing back then.) But for now, with one bare-metal environment (24-core server, 4-core client) verified, I thought of submitting the patches for review/comments/testing, then looking for additional fixes for that environment separately. The fix is PATCH 4 (needs fix in PATCH 5), and PATCHes 1-3 are helpers for a cleaner backport. All backports are simple, and essentially consist of refresh context lines and use older struct/file names. Reviews from netfilter maintainers are very appreciated, as I've no previous experience in this area, and although the backports look simple and build/run correctly, there's usually stuff that only more experienced people may notice. Thanks, Mauricio Links: ===== [1] https://www.spinics.net/lists/stable/msg270040.html [2] https://www.spinics.net/lists/stable/msg273669.html [3] https://www.spinics.net/lists/stable/msg271300.html [4] https://www.spinics.net/lists/stable/msg273669.html [5] https://www.spinics.net/lists/stable/msg276883.html Test-case: ========= - v4.14.91 (original): client achieves 2000+ connections (6000 target) with 3 threads. server # iptables -F server # iptables -A INPUT -p tcp -m tcp --syn --dport 7777 -m connlimit --connlimit-above 2000 --connlimit-mask 0 -j DROP server # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination DROP tcp -- anywhere anywhere tcp dpt:7777 flags:FIN,SYN,RST,ACK/SYN #conn src/0 > 2000 Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination server # ulimit -SHn 65000 server # ruby server.rb <... listening ...> client # ulimit -SHn 65000 client # ruby client.rb 10.230.56.100 7777 6000 3 Connecting to ["10.230.56.100"]:7777 6000 times with 3 1 2 3 <...> 2000 <...> 6000 Target reached. Thread finishing 6001 Target reached. Thread finishing 6002 Target reached. Thread finishing Threads done. 6002 connections press enter to exit - v4.14.91 + patches: client only achieved 2000 connections. server # (same procedure) client # (same procedure) Connecting to ["10.230.56.100"]:7777 6000 times with 3 1 2 3 <...> 2000 <... blocked for a while...> failed to create connection: Connection timed out - connect(2) for "10.230.56.100" port 7777 failed to create connection: Connection timed out - connect(2) for "10.230.56.100" port 7777 failed to create connection: Connection timed out - connect(2) for "10.230.56.100" port 7777 Threads done. 2000 connections press enter to exit Florian Westphal (3): netfilter: xt_connlimit: don't store address in the conn nodes netfilter: nf_conncount: fix garbage collection confirm race netfilter: nf_conncount: don't skip eviction when age is negative Pablo Neira Ayuso (1): netfilter: nf_conncount: expose connection list interface Yi-Hung Wei (1): netfilter: nf_conncount: Fix garbage collection with zones include/net/netfilter/nf_conntrack_count.h | 15 +++++ net/netfilter/xt_connlimit.c | 99 +++++++++++++++++++++++------- 2 files changed, 91 insertions(+), 23 deletions(-) create mode 100644 include/net/netfilter/nf_conntrack_count.h -- 2.7.4

6 years, 8 months

2
6
0 0

[4.19-stable PATCH 0/2] dax: Don't access a freed inode

by Dan Williams

The original upstream fix, commit 55e56f06ed71 "dax: Don't access a freed inode", prompted an immediate cleanup request. Now that the cleanup has landed, commit d8a706414af4 "dax: Use non-exclusive wait in wait_entry_unlocked()", backport them both to -stable. --- Dan Williams (1): dax: Use non-exclusive wait in wait_entry_unlocked() Matthew Wilcox (1): dax: Don't access a freed inode fs/dax.c | 69 ++++++++++++++++++++++++++++---------------------------------- 1 file changed, 31 insertions(+), 38 deletions(-)

6 years, 8 months

2
3
0 0

Re: [PATCH] smb3: fix large reads on encrypted connections

by Steve French

On Sun, Jan 6, 2019 at 4:58 AM Sebastian Kemper <sebastian_ml(a)gmx.net> wrote: > Sorry for probably breaking the thread. This is really in reply to Paul > Aubrich's patch titled "smb3: fix large reads on encrypted connections". > I browsed linux-cifs and found Paul's patch. With the patch applied the > problem is gone, kernel 4.19 works like 4.9 did without encryption. > > The patch title suggests that only large reads are not working. Well, > considering the cutoff is between 13K and 17K I'd say that encryption on > 4.19 for cifs can be considered broken without this patch. It'd be cool > if this could make it to stable kernels pronto. Yes - it is a a very important patch, and is merged in and marked for stable (for 4.19 and 4.20 kernels). Hopefully can be included soon. The good news though is that with the improved test automation that Paulo/Aurelien/Ronnie have been doing, we have added more to the automated xfstests run before checkin and more importantly added various different mount configrations that are much broader (used to be only a very small set that ran) and so would have caught this (and also other regressions that had made it through over the past couple years). Now our next challenge is figuring out how to get automated tests for smb3 to run reasonably regularly against some of the stable kernels and also against the full backports of cifs.ko to earlier kernels etc. which some need to get the many security, performance and functional improvements over the past year. -- Thanks, Steve

6 years, 8 months

2
1
0 0

FAILED: patch "[PATCH] ext4: check for shutdown and r/o file system in" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 18f2c4fcebf2582f96cbd5f2238f4f354a0e4847 Mon Sep 17 00:00:00 2001 From: Theodore Ts'o <tytso(a)mit.edu> Date: Wed, 19 Dec 2018 14:36:58 -0500 Subject: [PATCH] ext4: check for shutdown and r/o file system in ext4_write_inode() If the file system has been shut down or is read-only, then ext4_write_inode() needs to bail out early. Also use jbd2_complete_transaction() instead of ext4_force_commit() so we only force a commit if it is needed. Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)kernel.org diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 664b434ba836..9affabd07682 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -5400,9 +5400,13 @@ int ext4_write_inode(struct inode *inode, struct writeback_control *wbc) { int err; - if (WARN_ON_ONCE(current->flags & PF_MEMALLOC)) + if (WARN_ON_ONCE(current->flags & PF_MEMALLOC) || + sb_rdonly(inode->i_sb)) return 0; + if (unlikely(ext4_forced_shutdown(EXT4_SB(inode->i_sb)))) + return -EIO; + if (EXT4_SB(inode->i_sb)->s_journal) { if (ext4_journal_current_handle()) { jbd_debug(1, "called recursively, non-PF_MEMALLOC!\n"); @@ -5418,7 +5422,8 @@ int ext4_write_inode(struct inode *inode, struct writeback_control *wbc) if (wbc->sync_mode != WB_SYNC_ALL || wbc->for_sync) return 0; - err = ext4_force_commit(inode->i_sb); + err = jbd2_complete_transaction(EXT4_SB(inode->i_sb)->s_journal, + EXT4_I(inode)->i_sync_tid); } else { struct ext4_iloc iloc;

6 years, 8 months

1
0
0 0

[PATCH 03/16] crypto: ofb - fix handling partial blocks and make thread-safe

by Eric Biggers

From: Eric Biggers <ebiggers(a)google.com> Fix multiple bugs in the OFB implementation: 1. It stored the per-request state 'cnt' in the tfm context, which can be used by multiple threads concurrently (e.g. via AF_ALG). 2. It didn't support messages not a multiple of the block cipher size, despite being a stream cipher. 3. It didn't set cra_blocksize to 1 to indicate it is a stream cipher. To fix these, set the 'chunksize' property to the cipher block size to guarantee that when walking through the scatterlist, a partial block can only occur at the end. Then change the implementation to XOR a block at a time at first, then XOR the partial block at the end if needed. This is the same way CTR and CFB are implemented. As a bonus, this also improves performance in most cases over the current approach. Fixes: e497c51896b3 ("crypto: ofb - add output feedback mode") Cc: <stable(a)vger.kernel.org> # v4.20+ Cc: Gilad Ben-Yossef <gilad(a)benyossef.com> Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- crypto/ofb.c | 91 ++++++++++++++++++++---------------------------- crypto/testmgr.h | 28 +++++++++++++-- 2 files changed, 63 insertions(+), 56 deletions(-) diff --git a/crypto/ofb.c b/crypto/ofb.c index 886631708c5e9..cab0b80953fed 100644 --- a/crypto/ofb.c +++ b/crypto/ofb.c @@ -5,9 +5,6 @@ * * Copyright (C) 2018 ARM Limited or its affiliates. * All rights reserved. - * - * Based loosely on public domain code gleaned from libtomcrypt - * (https://github.com/libtom/libtomcrypt). */ #include <crypto/algapi.h> @@ -21,7 +18,6 @@ struct crypto_ofb_ctx { struct crypto_cipher *child; - int cnt; }; @@ -41,58 +37,40 @@ static int crypto_ofb_setkey(struct crypto_skcipher *parent, const u8 *key, return err; } -static int crypto_ofb_encrypt_segment(struct crypto_ofb_ctx *ctx, - struct skcipher_walk *walk, - struct crypto_cipher *tfm) +static int crypto_ofb_crypt(struct skcipher_request *req) { - int bsize = crypto_cipher_blocksize(tfm); - int nbytes = walk->nbytes; - - u8 *src = walk->src.virt.addr; - u8 *dst = walk->dst.virt.addr; - u8 *iv = walk->iv; - - do { - if (ctx->cnt == bsize) { - if (nbytes < bsize) - break; - crypto_cipher_encrypt_one(tfm, iv, iv); - ctx->cnt = 0; - } - *dst = *src ^ iv[ctx->cnt]; - src++; - dst++; - ctx->cnt++; - } while (--nbytes); - return nbytes; -} - -static int crypto_ofb_encrypt(struct skcipher_request *req) -{ - struct skcipher_walk walk; struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); - unsigned int bsize; struct crypto_ofb_ctx *ctx = crypto_skcipher_ctx(tfm); - struct crypto_cipher *child = ctx->child; - int ret = 0; + struct crypto_cipher *cipher = ctx->child; + const unsigned int bsize = crypto_cipher_blocksize(cipher); + struct skcipher_walk walk; + int err; - bsize = crypto_cipher_blocksize(child); - ctx->cnt = bsize; + err = skcipher_walk_virt(&walk, req, false); - ret = skcipher_walk_virt(&walk, req, false); + while (walk.nbytes >= bsize) { + const u8 *src = walk.src.virt.addr; + u8 *dst = walk.dst.virt.addr; + u8 * const iv = walk.iv; + unsigned int nbytes = walk.nbytes; - while (walk.nbytes) { - ret = crypto_ofb_encrypt_segment(ctx, &walk, child); - ret = skcipher_walk_done(&walk, ret); - } + do { + crypto_cipher_encrypt_one(cipher, iv, iv); + crypto_xor_cpy(dst, src, iv, bsize); + dst += bsize; + src += bsize; + } while ((nbytes -= bsize) >= bsize); - return ret; -} + err = skcipher_walk_done(&walk, nbytes); + } -/* OFB encrypt and decrypt are identical */ -static int crypto_ofb_decrypt(struct skcipher_request *req) -{ - return crypto_ofb_encrypt(req); + if (walk.nbytes) { + crypto_cipher_encrypt_one(cipher, walk.iv, walk.iv); + crypto_xor_cpy(walk.dst.virt.addr, walk.src.virt.addr, walk.iv, + walk.nbytes); + err = skcipher_walk_done(&walk, 0); + } + return err; } static int crypto_ofb_init_tfm(struct crypto_skcipher *tfm) @@ -165,13 +143,18 @@ static int crypto_ofb_create(struct crypto_template *tmpl, struct rtattr **tb) if (err) goto err_drop_spawn; + /* OFB mode is a stream cipher. */ + inst->alg.base.cra_blocksize = 1; + + /* + * To simplify the implementation, configure the skcipher walk to only + * give a partial block at the very end, never earlier. + */ + inst->alg.chunksize = alg->cra_blocksize; + inst->alg.base.cra_priority = alg->cra_priority; - inst->alg.base.cra_blocksize = alg->cra_blocksize; inst->alg.base.cra_alignmask = alg->cra_alignmask; - /* We access the data as u32s when xoring. */ - inst->alg.base.cra_alignmask |= __alignof__(u32) - 1; - inst->alg.ivsize = alg->cra_blocksize; inst->alg.min_keysize = alg->cra_cipher.cia_min_keysize; inst->alg.max_keysize = alg->cra_cipher.cia_max_keysize; @@ -182,8 +165,8 @@ static int crypto_ofb_create(struct crypto_template *tmpl, struct rtattr **tb) inst->alg.exit = crypto_ofb_exit_tfm; inst->alg.setkey = crypto_ofb_setkey; - inst->alg.encrypt = crypto_ofb_encrypt; - inst->alg.decrypt = crypto_ofb_decrypt; + inst->alg.encrypt = crypto_ofb_crypt; + inst->alg.decrypt = crypto_ofb_crypt; inst->free = crypto_ofb_free; diff --git a/crypto/testmgr.h b/crypto/testmgr.h index 7f4dae7a57a1c..ca8e8ebef309d 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -16681,8 +16681,7 @@ static const struct cipher_testvec aes_ctr_rfc3686_tv_template[] = { }; static const struct cipher_testvec aes_ofb_tv_template[] = { - /* From NIST Special Publication 800-38A, Appendix F.5 */ - { + { /* From NIST Special Publication 800-38A, Appendix F.5 */ .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6" "\xab\xf7\x15\x88\x09\xcf\x4f\x3c", .klen = 16, @@ -16705,6 +16704,31 @@ static const struct cipher_testvec aes_ofb_tv_template[] = { "\x30\x4c\x65\x28\xf6\x59\xc7\x78" "\x66\xa5\x10\xd9\xc1\xd6\xae\x5e", .len = 64, + .also_non_np = 1, + .np = 2, + .tap = { 31, 33 }, + }, { /* > 16 bytes, not a multiple of 16 bytes */ + .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6" + "\xab\xf7\x15\x88\x09\xcf\x4f\x3c", + .klen = 16, + .iv = "\x00\x01\x02\x03\x04\x05\x06\x07" + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", + .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" + "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" + "\xae", + .ctext = "\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20" + "\x33\x34\x49\xf8\xe8\x3c\xfb\x4a" + "\x77", + .len = 17, + }, { /* < 16 bytes */ + .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6" + "\xab\xf7\x15\x88\x09\xcf\x4f\x3c", + .klen = 16, + .iv = "\x00\x01\x02\x03\x04\x05\x06\x07" + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", + .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f", + .ctext = "\x3b\x3f\xd9\x2e\xb7\x2d\xad", + .len = 7, } }; -- 2.20.1

6 years, 8 months

2
1
0 0

Re: [PATCH] SUNRPC: Fix TCP receive code on archs with flush_dcache_page()

by Sasha Levin

Hi, [This is an automated email] This commit has been processed because it contains a "Fixes:" tag, fixing commit: 277e4ab7d530 SUNRPC: Simplify TCP receive code by switching to using iterators. The bot has tested the following trees: v4.20.0, v4.20.0: Build failed! Errors: net/sunrpc/xprtsock.c:396:24: error: ‘struct bio_vec’ has no member named ‘page’; did you mean ‘bv_page’? How should we proceed with this patch? -- Thanks, Sasha

6 years, 8 months

2
2
0 0

Re: wlcore update breaks on 4.9 and 4.4 kernel branches

by Sasha Levin

On Tue, Dec 11, 2018 at 03:29:31PM -0500, Dietmar May wrote: >Sasha, > >I've verified that 4.9.143 no longer exhibits this problem. Thanks for confirming! >The revert hasn't shown up in 4.4 yet; but I'll verify once merged there. There was no 4.4 release yet; it's coming, I promise :) -- Thanks, Sasha

6 years, 8 months

2
2
0 0

stable-rc/linux-4.14.y boot: 113 boots: 1 failed, 110 passed with 1 offline, 1 conflict (v4.14.91-54-g8897fa4778d0)

by kernelci.org bot

stable-rc/linux-4.14.y boot: 113 boots: 1 failed, 110 passed with 1 offline, 1 conflict (v4.14.91-54-g8897fa4778d0) Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.14.y/kernel/v4.1… Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.14.y/kernel/v4.14.91-54… Tree: stable-rc Branch: linux-4.14.y Git Describe: v4.14.91-54-g8897fa4778d0 Git Commit: 8897fa4778d0272ac62bfe23e0aad9f540661dcb Git URL: http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Tested: 60 unique boards, 22 SoC families, 12 builds out of 197 Boot Failure Detected: arm64: defconfig rk3399-firefly: 1 failed lab Offline Platforms: arm64: defconfig: meson-gxbb-odroidc2: 1 offline lab Conflicting Boot Failure Detected: (These likely are not failures as other labs are reporting PASS. Needs review.) arm64: defconfig: meson-gxl-s905x-libretech-cc: lab-baylibre-seattle: FAIL lab-baylibre: PASS --- For more info write to <info(a)kernelci.org>

6 years, 8 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: run delayed items before dropping the snapshot" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0568e82dbe2510fc1fa664f58e5c997d3f1e649e Mon Sep 17 00:00:00 2001 From: Josef Bacik <jbacik(a)fb.com> Date: Fri, 30 Nov 2018 11:52:14 -0500 Subject: [PATCH] btrfs: run delayed items before dropping the snapshot With my delayed refs patches in place we started seeing a large amount of aborts in __btrfs_free_extent: BTRFS error (device sdb1): unable to find ref byte nr 91947008 parent 0 root 35964 owner 1 offset 0 Call Trace: ? btrfs_merge_delayed_refs+0xaf/0x340 __btrfs_run_delayed_refs+0x6ea/0xfc0 ? btrfs_set_path_blocking+0x31/0x60 btrfs_run_delayed_refs+0xeb/0x180 btrfs_commit_transaction+0x179/0x7f0 ? btrfs_check_space_for_delayed_refs+0x30/0x50 ? should_end_transaction.isra.19+0xe/0x40 btrfs_drop_snapshot+0x41c/0x7c0 btrfs_clean_one_deleted_snapshot+0xb5/0xd0 cleaner_kthread+0xf6/0x120 kthread+0xf8/0x130 ? btree_invalidatepage+0x90/0x90 ? kthread_bind+0x10/0x10 ret_from_fork+0x35/0x40 This was because btrfs_drop_snapshot depends on the root not being modified while it's dropping the snapshot. It will unlock the root node (and really every node) as it walks down the tree, only to re-lock it when it needs to do something. This is a problem because if we modify the tree we could cow a block in our path, which frees our reference to that block. Then once we get back to that shared block we'll free our reference to it again, and get ENOENT when trying to lookup our extent reference to that block in __btrfs_free_extent. This is ultimately happening because we have delayed items left to be processed for our deleted snapshot _after_ all of the inodes are closed for the snapshot. We only run the delayed inode item if we're deleting the inode, and even then we do not run the delayed insertions or delayed removals. These can be run at any point after our final inode does its last iput, which is what triggers the snapshot deletion. We can end up with the snapshot deletion happening and then have the delayed items run on that file system, resulting in the above problem. This problem has existed forever, however my patches made it much easier to hit as I wake up the cleaner much more often to deal with delayed iputs, which made us more likely to start the snapshot dropping work before the transaction commits, which is when the delayed items would generally be run. Before, generally speaking, we would run the delayed items, commit the transaction, and wakeup the cleaner thread to start deleting snapshots, which means we were less likely to hit this problem. You could still hit it if you had multiple snapshots to be deleted and ended up with lots of delayed items, but it was definitely harder. Fix for now by simply running all the delayed items before starting to drop the snapshot. We could make this smarter in the future by making the delayed items per-root, and then simply drop any delayed items for roots that we are going to delete. But for now just a quick and easy solution is the safest. CC: stable(a)vger.kernel.org # 4.4+ Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index de21e0c93eb6..8a9ce33dfdbc 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -9272,6 +9272,10 @@ int btrfs_drop_snapshot(struct btrfs_root *root, goto out_free; } + err = btrfs_run_delayed_items(trans); + if (err) + goto out_end_trans; + if (block_rsv) trans->block_rsv = block_rsv;

6 years, 8 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror