Btrfs: fix fallocate deadlock on inode extent lock

The btrfs fallocate call takes an extent lock on the entire range
being fallocated, and then runs through insert_reserved_extent on each
extent as they are allocated.

The problem with this is that btrfs_drop_extents may decide to try
and take the same extent lock fallocate was already holding.  The solution
used here is to push down knowledge of the range that is already locked
going into btrfs_drop_extents.

It turns out that at least one other caller had the same bug.

Signed-off-by: Chris Mason <chris.mason@oracle.com>

diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h
index 213535f45da2418578506b0c3ea582da1c6e3b9c..4414a5d9983a920af633fdf1384ccb79d2a50701 100644 (file)
--- a/fs/btrfs/ctree.h
+++ b/fs/btrfs/ctree.h
@@ -2177,7 +2177,8 @@ int btrfs_check_file(struct btrfs_root *root, struct inode *inode);
 extern struct file_operations btrfs_file_operations;
 int btrfs_drop_extents(struct btrfs_trans_handle *trans,
                       struct btrfs_root *root, struct inode *inode,
-                      u64 start, u64 end, u64 inline_limit, u64 *hint_block);
+                      u64 start, u64 end, u64 locked_end,
+                      u64 inline_limit, u64 *hint_block);
 int btrfs_mark_extent_written(struct btrfs_trans_handle *trans,
                              struct btrfs_root *root,
                              struct inode *inode, u64 start, u64 end);

diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c
index 482f8db2cfd018f5e72b93e122028ffd63129473..da3ed965c956a43382f0a2ed4939243ab351ecaf 100644 (file)
--- a/fs/btrfs/file.c
+++ b/fs/btrfs/file.c
@@ -363,15 +363,16 @@ out:
  */
 noinline int btrfs_drop_extents(struct btrfs_trans_handle *trans,
                       struct btrfs_root *root, struct inode *inode,
-                      u64 start, u64 end, u64 inline_limit, u64 *hint_byte)
+                      u64 start, u64 end, u64 locked_end,
+                      u64 inline_limit, u64 *hint_byte)
 {
        u64 extent_end = 0;
-       u64 locked_end = end;
        u64 search_start = start;
        u64 leaf_start;
        u64 ram_bytes = 0;
        u64 orig_parent = 0;
        u64 disk_bytenr = 0;
+       u64 orig_locked_end = locked_end;
        u8 compression;
        u8 encryption;
        u16 other_encoding = 0;
@@ -684,9 +685,9 @@ next_slot:
        }
 out:
        btrfs_free_path(path);
-       if (locked_end > end) {
-               unlock_extent(&BTRFS_I(inode)->io_tree, end, locked_end - 1,
-                             GFP_NOFS);
+       if (locked_end > orig_locked_end) {
+               unlock_extent(&BTRFS_I(inode)->io_tree, orig_locked_end,
+                             locked_end - 1, GFP_NOFS);
        }
        btrfs_check_file(root, inode);
        return ret;

diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 176b6cc28b1e81c444a2f99873676a433c2d7505..2fdb2995be64520828a6d1b0cd678ca814d7f8b1 100644 (file)
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -234,7 +234,7 @@ static noinline int cow_file_range_inline(struct btrfs_trans_handle *trans,
        }
 
        ret = btrfs_drop_extents(trans, root, inode, start,
-                                aligned_end, start, &hint_byte);
+                                aligned_end, aligned_end, start, &hint_byte);
        BUG_ON(ret);
 
        if (isize > actual_end)
@@ -1439,6 +1439,7 @@ static int insert_reserved_file_extent(struct btrfs_trans_handle *trans,
                                       struct inode *inode, u64 file_pos,
                                       u64 disk_bytenr, u64 disk_num_bytes,
                                       u64 num_bytes, u64 ram_bytes,
+                                      u64 locked_end,
                                       u8 compression, u8 encryption,
                                       u16 other_encoding, int extent_type)
 {
@@ -1455,7 +1456,8 @@ static int insert_reserved_file_extent(struct btrfs_trans_handle *trans,
 
        path->leave_spinning = 1;
        ret = btrfs_drop_extents(trans, root, inode, file_pos,
-                                file_pos + num_bytes, file_pos, &hint);
+                                file_pos + num_bytes, locked_end,
+                                file_pos, &hint);
        BUG_ON(ret);
 
        ins.objectid = inode->i_ino;
@@ -1590,6 +1592,8 @@ static int btrfs_finish_ordered_io(struct inode *inode, u64 start, u64 end)
                                                ordered_extent->disk_len,
                                                ordered_extent->len,
                                                ordered_extent->len,
+                                               ordered_extent->file_offset +
+                                               ordered_extent->len,
                                                compressed, 0, 0,
                                                BTRFS_FILE_EXTENT_REG);
                BUG_ON(ret);
@@ -2877,6 +2881,7 @@ int btrfs_cont_expand(struct inode *inode, loff_t size)
                        err = btrfs_drop_extents(trans, root, inode,
                                                 cur_offset,
                                                 cur_offset + hole_size,
+                                                block_end,
                                                 cur_offset, &hint_byte);
                        if (err)
                                break;
@@ -4968,7 +4973,7 @@ out_fail:
 
 static int prealloc_file_range(struct btrfs_trans_handle *trans,
                               struct inode *inode, u64 start, u64 end,
-                              u64 alloc_hint, int mode)
+                              u64 locked_end, u64 alloc_hint, int mode)
 {
        struct btrfs_root *root = BTRFS_I(inode)->root;
        struct btrfs_key ins;
@@ -4989,7 +4994,8 @@ static int prealloc_file_range(struct btrfs_trans_handle *trans,
                ret = insert_reserved_file_extent(trans, inode,
                                                  cur_offset, ins.objectid,
                                                  ins.offset, ins.offset,
-                                                 ins.offset, 0, 0, 0,
+                                                 ins.offset, locked_end,
+                                                 0, 0, 0,
                                                  BTRFS_FILE_EXTENT_PREALLOC);
                BUG_ON(ret);
                num_bytes -= ins.offset;
@@ -5018,6 +5024,7 @@ static long btrfs_fallocate(struct inode *inode, int mode,
        u64 alloc_start;
        u64 alloc_end;
        u64 alloc_hint = 0;
+       u64 locked_end;
        u64 mask = BTRFS_I(inode)->root->sectorsize - 1;
        struct extent_map *em;
        struct btrfs_trans_handle *trans;
@@ -5039,6 +5046,7 @@ static long btrfs_fallocate(struct inode *inode, int mode,
                        goto out;
        }
 
+       locked_end = alloc_end - 1;
        while (1) {
                struct btrfs_ordered_extent *ordered;
 
@@ -5051,8 +5059,8 @@ static long btrfs_fallocate(struct inode *inode, int mode,
                /* the extent lock is ordered inside the running
                 * transaction
                 */
-               lock_extent(&BTRFS_I(inode)->io_tree, alloc_start,
-                           alloc_end - 1, GFP_NOFS);
+               lock_extent(&BTRFS_I(inode)->io_tree, alloc_start, locked_end,
+                           GFP_NOFS);
                ordered = btrfs_lookup_first_ordered_extent(inode,
                                                            alloc_end - 1);
                if (ordered &&
@@ -5060,7 +5068,7 @@ static long btrfs_fallocate(struct inode *inode, int mode,
                    ordered->file_offset < alloc_end) {
                        btrfs_put_ordered_extent(ordered);
                        unlock_extent(&BTRFS_I(inode)->io_tree,
-                                     alloc_start, alloc_end - 1, GFP_NOFS);
+                                     alloc_start, locked_end, GFP_NOFS);
                        btrfs_end_transaction(trans, BTRFS_I(inode)->root);
 
                        /*
@@ -5085,7 +5093,8 @@ static long btrfs_fallocate(struct inode *inode, int mode,
                last_byte = (last_byte + mask) & ~mask;
                if (em->block_start == EXTENT_MAP_HOLE) {
                        ret = prealloc_file_range(trans, inode, cur_offset,
-                                       last_byte, alloc_hint, mode);
+                                       last_byte, locked_end + 1,
+                                       alloc_hint, mode);
                        if (ret < 0) {
                                free_extent_map(em);
                                break;
@@ -5101,7 +5110,7 @@ static long btrfs_fallocate(struct inode *inode, int mode,
                        break;
                }
        }
-       unlock_extent(&BTRFS_I(inode)->io_tree, alloc_start, alloc_end - 1,
+       unlock_extent(&BTRFS_I(inode)->io_tree, alloc_start, locked_end,
                      GFP_NOFS);
 
        btrfs_end_transaction(trans, BTRFS_I(inode)->root);

diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index 7594bec1be10066619db8ebb578d03f5d2101de1..f4e5d2e5ece6873209dfc10ec66824da4cc24470 100644 (file)
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -830,7 +830,8 @@ static long btrfs_ioctl_clone(struct file *file, unsigned long srcfd,
        BUG_ON(!trans);
 
        /* punch hole in destination first */
-       btrfs_drop_extents(trans, root, inode, off, off+len, 0, &hint_byte);
+       btrfs_drop_extents(trans, root, inode, off, off + len,
+                          off + len, 0, &hint_byte);
 
        /* clone data */
        key.objectid = src->i_ino;

diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
index 25f20ea11f2789db90f796ecfd52aeae87c02910..db5e212e8445273a3e908461276fd2113cf9d93b 100644 (file)
--- a/fs/btrfs/tree-log.c
+++ b/fs/btrfs/tree-log.c
@@ -536,7 +536,7 @@ static noinline int replay_one_extent(struct btrfs_trans_handle *trans,
        saved_nbytes = inode_get_bytes(inode);
        /* drop any overlapping extents */
        ret = btrfs_drop_extents(trans, root, inode,
-                        start, extent_end, start, &alloc_hint);
+                        start, extent_end, extent_end, start, &alloc_hint);
        BUG_ON(ret);
 
        if (found_type == BTRFS_FILE_EXTENT_REG ||