diff options
| author | Liu Bo <bo.li.liu@oracle.com> | 2013-01-28 22:22:10 -0500 |
|---|---|---|
| committer | Josef Bacik <jbacik@fusionio.com> | 2013-02-05 16:09:13 -0500 |
| commit | 6f1c36055f96e80031c7fdda3fd5be826b8d7782 (patch) | |
| tree | a7417741e5f6680981dc64dabaffe7d0c1a02f53 /fs/btrfs/scrub.c | |
| parent | 843fcf35733164076a77ad833c72c32da8228ad0 (diff) | |
Btrfs: fix race between snapshot deletion and getting inode
While running snapshot testscript created by Mitch and David,
the race between autodefrag and snapshot deletion can lead to
corruption of dead_root list so that we can get crash on
btrfs_clean_old_snapshots().
And besides autodefrag, scrub also does the same thing, ie. read
root first and get inode.
Here is the story(take autodefrag as an example):
(1) when we delete a snapshot or subvolume, it will set its root's
refs to zero and do a iput() on its own inode, and if this inode happens
to be the only active in-meory one in root's inode rbtree, it will add
itself to the global dead_roots list for later cleanup.
(2) after (1), the autodefrag thread may read another inode for defrag
and the inode is just in the deleted snapshot/subvolume, but all of these
are without checking if the root is still valid(refs > 0). So the end up
result is adding the deleted snapshot/subvolume's root to the global
dead_roots list AGAIN.
Fortunately, we already have a srcu lock to avoid the race, ie. subvol_srcu.
So all we need to do is to take the lock to protect 'read root and get inode',
since we synchronize to wait for the rcu grace period before adding something
to the global dead_roots list.
Reported-by: Mitch Harder <mitch.harder@sabayonlinux.org>
Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: Josef Bacik <jbacik@fusionio.com>
Diffstat (limited to 'fs/btrfs/scrub.c')
| -rw-r--r-- | fs/btrfs/scrub.c | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c index bdbb94f245c9..67783e03d121 100644 --- a/fs/btrfs/scrub.c +++ b/fs/btrfs/scrub.c | |||
| @@ -580,20 +580,29 @@ static int scrub_fixup_readpage(u64 inum, u64 offset, u64 root, void *fixup_ctx) | |||
| 580 | int corrected = 0; | 580 | int corrected = 0; |
| 581 | struct btrfs_key key; | 581 | struct btrfs_key key; |
| 582 | struct inode *inode = NULL; | 582 | struct inode *inode = NULL; |
| 583 | struct btrfs_fs_info *fs_info; | ||
| 583 | u64 end = offset + PAGE_SIZE - 1; | 584 | u64 end = offset + PAGE_SIZE - 1; |
| 584 | struct btrfs_root *local_root; | 585 | struct btrfs_root *local_root; |
| 586 | int srcu_index; | ||
| 585 | 587 | ||
| 586 | key.objectid = root; | 588 | key.objectid = root; |
| 587 | key.type = BTRFS_ROOT_ITEM_KEY; | 589 | key.type = BTRFS_ROOT_ITEM_KEY; |
| 588 | key.offset = (u64)-1; | 590 | key.offset = (u64)-1; |
| 589 | local_root = btrfs_read_fs_root_no_name(fixup->root->fs_info, &key); | 591 | |
| 590 | if (IS_ERR(local_root)) | 592 | fs_info = fixup->root->fs_info; |
| 593 | srcu_index = srcu_read_lock(&fs_info->subvol_srcu); | ||
| 594 | |||
| 595 | local_root = btrfs_read_fs_root_no_name(fs_info, &key); | ||
| 596 | if (IS_ERR(local_root)) { | ||
| 597 | srcu_read_unlock(&fs_info->subvol_srcu, srcu_index); | ||
| 591 | return PTR_ERR(local_root); | 598 | return PTR_ERR(local_root); |
| 599 | } | ||
| 592 | 600 | ||
| 593 | key.type = BTRFS_INODE_ITEM_KEY; | 601 | key.type = BTRFS_INODE_ITEM_KEY; |
| 594 | key.objectid = inum; | 602 | key.objectid = inum; |
| 595 | key.offset = 0; | 603 | key.offset = 0; |
| 596 | inode = btrfs_iget(fixup->root->fs_info->sb, &key, local_root, NULL); | 604 | inode = btrfs_iget(fs_info->sb, &key, local_root, NULL); |
| 605 | srcu_read_unlock(&fs_info->subvol_srcu, srcu_index); | ||
| 597 | if (IS_ERR(inode)) | 606 | if (IS_ERR(inode)) |
| 598 | return PTR_ERR(inode); | 607 | return PTR_ERR(inode); |
| 599 | 608 | ||
| @@ -606,7 +615,6 @@ static int scrub_fixup_readpage(u64 inum, u64 offset, u64 root, void *fixup_ctx) | |||
| 606 | } | 615 | } |
| 607 | 616 | ||
| 608 | if (PageUptodate(page)) { | 617 | if (PageUptodate(page)) { |
| 609 | struct btrfs_fs_info *fs_info; | ||
| 610 | if (PageDirty(page)) { | 618 | if (PageDirty(page)) { |
| 611 | /* | 619 | /* |
| 612 | * we need to write the data to the defect sector. the | 620 | * we need to write the data to the defect sector. the |
| @@ -3180,18 +3188,25 @@ static int copy_nocow_pages_for_inode(u64 inum, u64 offset, u64 root, void *ctx) | |||
| 3180 | u64 physical_for_dev_replace; | 3188 | u64 physical_for_dev_replace; |
| 3181 | u64 len; | 3189 | u64 len; |
| 3182 | struct btrfs_fs_info *fs_info = nocow_ctx->sctx->dev_root->fs_info; | 3190 | struct btrfs_fs_info *fs_info = nocow_ctx->sctx->dev_root->fs_info; |
| 3191 | int srcu_index; | ||
| 3183 | 3192 | ||
| 3184 | key.objectid = root; | 3193 | key.objectid = root; |
| 3185 | key.type = BTRFS_ROOT_ITEM_KEY; | 3194 | key.type = BTRFS_ROOT_ITEM_KEY; |
| 3186 | key.offset = (u64)-1; | 3195 | key.offset = (u64)-1; |
| 3196 | |||
| 3197 | srcu_index = srcu_read_lock(&fs_info->subvol_srcu); | ||
| 3198 | |||
| 3187 | local_root = btrfs_read_fs_root_no_name(fs_info, &key); | 3199 | local_root = btrfs_read_fs_root_no_name(fs_info, &key); |
| 3188 | if (IS_ERR(local_root)) | 3200 | if (IS_ERR(local_root)) { |
| 3201 | srcu_read_unlock(&fs_info->subvol_srcu, srcu_index); | ||
| 3189 | return PTR_ERR(local_root); | 3202 | return PTR_ERR(local_root); |
| 3203 | } | ||
| 3190 | 3204 | ||
| 3191 | key.type = BTRFS_INODE_ITEM_KEY; | 3205 | key.type = BTRFS_INODE_ITEM_KEY; |
| 3192 | key.objectid = inum; | 3206 | key.objectid = inum; |
| 3193 | key.offset = 0; | 3207 | key.offset = 0; |
| 3194 | inode = btrfs_iget(fs_info->sb, &key, local_root, NULL); | 3208 | inode = btrfs_iget(fs_info->sb, &key, local_root, NULL); |
| 3209 | srcu_read_unlock(&fs_info->subvol_srcu, srcu_index); | ||
| 3195 | if (IS_ERR(inode)) | 3210 | if (IS_ERR(inode)) |
| 3196 | return PTR_ERR(inode); | 3211 | return PTR_ERR(inode); |
| 3197 | 3212 | ||