18d07e43e4
commit 7227ff4de55d931bbdc156c8ef0ce4f100c78a5b upstream. There is a race between adding and removing elements to the tree mod log list and rbtree that can lead to use-after-free problems. Consider the following example that explains how/why the problems happens: 1) Task A has mod log element with sequence number 200. It currently is the only element in the mod log list; 2) Task A calls btrfs_put_tree_mod_seq() because it no longer needs to access the tree mod log. When it enters the function, it initializes 'min_seq' to (u64)-1. Then it acquires the lock 'tree_mod_seq_lock' before checking if there are other elements in the mod seq list. Since the list it empty, 'min_seq' remains set to (u64)-1. Then it unlocks the lock 'tree_mod_seq_lock'; 3) Before task A acquires the lock 'tree_mod_log_lock', task B adds itself to the mod seq list through btrfs_get_tree_mod_seq() and gets a sequence number of 201; 4) Some other task, name it task C, modifies a btree and because there elements in the mod seq list, it adds a tree mod elem to the tree mod log rbtree. That node added to the mod log rbtree is assigned a sequence number of 202; 5) Task B, which is doing fiemap and resolving indirect back references, calls btrfs get_old_root(), with 'time_seq' == 201, which in turn calls tree_mod_log_search() - the search returns the mod log node from the rbtree with sequence number 202, created by task C; 6) Task A now acquires the lock 'tree_mod_log_lock', starts iterating the mod log rbtree and finds the node with sequence number 202. Since 202 is less than the previously computed 'min_seq', (u64)-1, it removes the node and frees it; 7) Task B still has a pointer to the node with sequence number 202, and it dereferences the pointer itself and through the call to __tree_mod_log_rewind(), resulting in a use-after-free problem. This issue can be triggered sporadically with the test case generic/561 from fstests, and it happens more frequently with a higher number of duperemove processes. When it happens to me, it either freezes the VM or it produces a trace like the following before crashing: [ 1245.321140] general protection fault: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI [ 1245.321200] CPU: 1 PID: 26997 Comm: pool Not tainted 5.5.0-rc6-btrfs-next-52 #1 [ 1245.321235] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org 04/01/2014 [ 1245.321287] RIP: 0010:rb_next+0x16/0x50 [ 1245.321307] Code: .... [ 1245.321372] RSP: 0018:ffffa151c4d039b0 EFLAGS: 00010202 [ 1245.321388] RAX: 6b6b6b6b6b6b6b6b RBX: ffff8ae221363c80 RCX: 6b6b6b6b6b6b6b6b [ 1245.321409] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff8ae221363c80 [ 1245.321439] RBP: ffff8ae20fcc4688 R08: 0000000000000002 R09: 0000000000000000 [ 1245.321475] R10: ffff8ae20b120910 R11: 00000000243f8bb1 R12: 0000000000000038 [ 1245.321506] R13: ffff8ae221363c80 R14: 000000000000075f R15: ffff8ae223f762b8 [ 1245.321539] FS: 00007fdee1ec7700(0000) GS:ffff8ae236c80000(0000) knlGS:0000000000000000 [ 1245.321591] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1245.321614] CR2: 00007fded4030c48 CR3: 000000021da16003 CR4: 00000000003606e0 [ 1245.321642] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1245.321668] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1245.321706] Call Trace: [ 1245.321798] __tree_mod_log_rewind+0xbf/0x280 [btrfs] [ 1245.321841] btrfs_search_old_slot+0x105/0xd00 [btrfs] [ 1245.321877] resolve_indirect_refs+0x1eb/0xc60 [btrfs] [ 1245.321912] find_parent_nodes+0x3dc/0x11b0 [btrfs] [ 1245.321947] btrfs_check_shared+0x115/0x1c0 [btrfs] [ 1245.321980] ? extent_fiemap+0x59d/0x6d0 [btrfs] [ 1245.322029] extent_fiemap+0x59d/0x6d0 [btrfs] [ 1245.322066] do_vfs_ioctl+0x45a/0x750 [ 1245.322081] ksys_ioctl+0x70/0x80 [ 1245.322092] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1245.322113] __x64_sys_ioctl+0x16/0x20 [ 1245.322126] do_syscall_64+0x5c/0x280 [ 1245.322139] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1245.322155] RIP: 0033:0x7fdee3942dd7 [ 1245.322177] Code: .... [ 1245.322258] RSP: 002b:00007fdee1ec6c88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1245.322294] RAX: ffffffffffffffda RBX: 00007fded40210d8 RCX: 00007fdee3942dd7 [ 1245.322314] RDX: 00007fded40210d8 RSI: 00000000c020660b RDI: 0000000000000004 [ 1245.322337] RBP: 0000562aa89e7510 R08: 0000000000000000 R09: 00007fdee1ec6d44 [ 1245.322369] R10: 0000000000000073 R11: 0000000000000246 R12: 00007fdee1ec6d48 [ 1245.322390] R13: 00007fdee1ec6d40 R14: 00007fded40210d0 R15: 00007fdee1ec6d50 [ 1245.322423] Modules linked in: .... [ 1245.323443] ---[ end trace 01de1e9ec5dff3cd ]--- Fix this by ensuring that btrfs_put_tree_mod_seq() computes the minimum sequence number and iterates the rbtree while holding the lock 'tree_mod_log_lock' in write mode. Also get rid of the 'tree_mod_seq_lock' lock, since it is now redundant. Fixes:bd989ba359
("Btrfs: add tree modification log functions") Fixes:097b8a7c9e
("Btrfs: join tree mod log code with the code holding back delayed refs") CC: stable@vger.kernel.org # 4.4+ Reviewed-by: Josef Bacik <josef@toxicpanda.com> Reviewed-by: Nikolay Borisov <nborisov@suse.com> Signed-off-by: Filipe Manana <fdmanana@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
948 lines
25 KiB
C
948 lines
25 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
/*
|
|
* Copyright (C) 2009 Oracle. All rights reserved.
|
|
*/
|
|
|
|
#include <linux/sched.h>
|
|
#include <linux/slab.h>
|
|
#include <linux/sort.h>
|
|
#include "ctree.h"
|
|
#include "delayed-ref.h"
|
|
#include "transaction.h"
|
|
#include "qgroup.h"
|
|
|
|
struct kmem_cache *btrfs_delayed_ref_head_cachep;
|
|
struct kmem_cache *btrfs_delayed_tree_ref_cachep;
|
|
struct kmem_cache *btrfs_delayed_data_ref_cachep;
|
|
struct kmem_cache *btrfs_delayed_extent_op_cachep;
|
|
/*
|
|
* delayed back reference update tracking. For subvolume trees
|
|
* we queue up extent allocations and backref maintenance for
|
|
* delayed processing. This avoids deep call chains where we
|
|
* add extents in the middle of btrfs_search_slot, and it allows
|
|
* us to buffer up frequently modified backrefs in an rb tree instead
|
|
* of hammering updates on the extent allocation tree.
|
|
*/
|
|
|
|
/*
|
|
* compare two delayed tree backrefs with same bytenr and type
|
|
*/
|
|
static int comp_tree_refs(struct btrfs_delayed_tree_ref *ref1,
|
|
struct btrfs_delayed_tree_ref *ref2)
|
|
{
|
|
if (ref1->node.type == BTRFS_TREE_BLOCK_REF_KEY) {
|
|
if (ref1->root < ref2->root)
|
|
return -1;
|
|
if (ref1->root > ref2->root)
|
|
return 1;
|
|
} else {
|
|
if (ref1->parent < ref2->parent)
|
|
return -1;
|
|
if (ref1->parent > ref2->parent)
|
|
return 1;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* compare two delayed data backrefs with same bytenr and type
|
|
*/
|
|
static int comp_data_refs(struct btrfs_delayed_data_ref *ref1,
|
|
struct btrfs_delayed_data_ref *ref2)
|
|
{
|
|
if (ref1->node.type == BTRFS_EXTENT_DATA_REF_KEY) {
|
|
if (ref1->root < ref2->root)
|
|
return -1;
|
|
if (ref1->root > ref2->root)
|
|
return 1;
|
|
if (ref1->objectid < ref2->objectid)
|
|
return -1;
|
|
if (ref1->objectid > ref2->objectid)
|
|
return 1;
|
|
if (ref1->offset < ref2->offset)
|
|
return -1;
|
|
if (ref1->offset > ref2->offset)
|
|
return 1;
|
|
} else {
|
|
if (ref1->parent < ref2->parent)
|
|
return -1;
|
|
if (ref1->parent > ref2->parent)
|
|
return 1;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
static int comp_refs(struct btrfs_delayed_ref_node *ref1,
|
|
struct btrfs_delayed_ref_node *ref2,
|
|
bool check_seq)
|
|
{
|
|
int ret = 0;
|
|
|
|
if (ref1->type < ref2->type)
|
|
return -1;
|
|
if (ref1->type > ref2->type)
|
|
return 1;
|
|
if (ref1->type == BTRFS_TREE_BLOCK_REF_KEY ||
|
|
ref1->type == BTRFS_SHARED_BLOCK_REF_KEY)
|
|
ret = comp_tree_refs(btrfs_delayed_node_to_tree_ref(ref1),
|
|
btrfs_delayed_node_to_tree_ref(ref2));
|
|
else
|
|
ret = comp_data_refs(btrfs_delayed_node_to_data_ref(ref1),
|
|
btrfs_delayed_node_to_data_ref(ref2));
|
|
if (ret)
|
|
return ret;
|
|
if (check_seq) {
|
|
if (ref1->seq < ref2->seq)
|
|
return -1;
|
|
if (ref1->seq > ref2->seq)
|
|
return 1;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
/* insert a new ref to head ref rbtree */
|
|
static struct btrfs_delayed_ref_head *htree_insert(struct rb_root *root,
|
|
struct rb_node *node)
|
|
{
|
|
struct rb_node **p = &root->rb_node;
|
|
struct rb_node *parent_node = NULL;
|
|
struct btrfs_delayed_ref_head *entry;
|
|
struct btrfs_delayed_ref_head *ins;
|
|
u64 bytenr;
|
|
|
|
ins = rb_entry(node, struct btrfs_delayed_ref_head, href_node);
|
|
bytenr = ins->bytenr;
|
|
while (*p) {
|
|
parent_node = *p;
|
|
entry = rb_entry(parent_node, struct btrfs_delayed_ref_head,
|
|
href_node);
|
|
|
|
if (bytenr < entry->bytenr)
|
|
p = &(*p)->rb_left;
|
|
else if (bytenr > entry->bytenr)
|
|
p = &(*p)->rb_right;
|
|
else
|
|
return entry;
|
|
}
|
|
|
|
rb_link_node(node, parent_node, p);
|
|
rb_insert_color(node, root);
|
|
return NULL;
|
|
}
|
|
|
|
static struct btrfs_delayed_ref_node* tree_insert(struct rb_root *root,
|
|
struct btrfs_delayed_ref_node *ins)
|
|
{
|
|
struct rb_node **p = &root->rb_node;
|
|
struct rb_node *node = &ins->ref_node;
|
|
struct rb_node *parent_node = NULL;
|
|
struct btrfs_delayed_ref_node *entry;
|
|
|
|
while (*p) {
|
|
int comp;
|
|
|
|
parent_node = *p;
|
|
entry = rb_entry(parent_node, struct btrfs_delayed_ref_node,
|
|
ref_node);
|
|
comp = comp_refs(ins, entry, true);
|
|
if (comp < 0)
|
|
p = &(*p)->rb_left;
|
|
else if (comp > 0)
|
|
p = &(*p)->rb_right;
|
|
else
|
|
return entry;
|
|
}
|
|
|
|
rb_link_node(node, parent_node, p);
|
|
rb_insert_color(node, root);
|
|
return NULL;
|
|
}
|
|
|
|
/*
|
|
* find an head entry based on bytenr. This returns the delayed ref
|
|
* head if it was able to find one, or NULL if nothing was in that spot.
|
|
* If return_bigger is given, the next bigger entry is returned if no exact
|
|
* match is found.
|
|
*/
|
|
static struct btrfs_delayed_ref_head *
|
|
find_ref_head(struct rb_root *root, u64 bytenr,
|
|
int return_bigger)
|
|
{
|
|
struct rb_node *n;
|
|
struct btrfs_delayed_ref_head *entry;
|
|
|
|
n = root->rb_node;
|
|
entry = NULL;
|
|
while (n) {
|
|
entry = rb_entry(n, struct btrfs_delayed_ref_head, href_node);
|
|
|
|
if (bytenr < entry->bytenr)
|
|
n = n->rb_left;
|
|
else if (bytenr > entry->bytenr)
|
|
n = n->rb_right;
|
|
else
|
|
return entry;
|
|
}
|
|
if (entry && return_bigger) {
|
|
if (bytenr > entry->bytenr) {
|
|
n = rb_next(&entry->href_node);
|
|
if (!n)
|
|
n = rb_first(root);
|
|
entry = rb_entry(n, struct btrfs_delayed_ref_head,
|
|
href_node);
|
|
return entry;
|
|
}
|
|
return entry;
|
|
}
|
|
return NULL;
|
|
}
|
|
|
|
int btrfs_delayed_ref_lock(struct btrfs_trans_handle *trans,
|
|
struct btrfs_delayed_ref_head *head)
|
|
{
|
|
struct btrfs_delayed_ref_root *delayed_refs;
|
|
|
|
delayed_refs = &trans->transaction->delayed_refs;
|
|
lockdep_assert_held(&delayed_refs->lock);
|
|
if (mutex_trylock(&head->mutex))
|
|
return 0;
|
|
|
|
refcount_inc(&head->refs);
|
|
spin_unlock(&delayed_refs->lock);
|
|
|
|
mutex_lock(&head->mutex);
|
|
spin_lock(&delayed_refs->lock);
|
|
if (RB_EMPTY_NODE(&head->href_node)) {
|
|
mutex_unlock(&head->mutex);
|
|
btrfs_put_delayed_ref_head(head);
|
|
return -EAGAIN;
|
|
}
|
|
btrfs_put_delayed_ref_head(head);
|
|
return 0;
|
|
}
|
|
|
|
static inline void drop_delayed_ref(struct btrfs_trans_handle *trans,
|
|
struct btrfs_delayed_ref_root *delayed_refs,
|
|
struct btrfs_delayed_ref_head *head,
|
|
struct btrfs_delayed_ref_node *ref)
|
|
{
|
|
lockdep_assert_held(&head->lock);
|
|
rb_erase(&ref->ref_node, &head->ref_tree);
|
|
RB_CLEAR_NODE(&ref->ref_node);
|
|
if (!list_empty(&ref->add_list))
|
|
list_del(&ref->add_list);
|
|
ref->in_tree = 0;
|
|
btrfs_put_delayed_ref(ref);
|
|
atomic_dec(&delayed_refs->num_entries);
|
|
}
|
|
|
|
static bool merge_ref(struct btrfs_trans_handle *trans,
|
|
struct btrfs_delayed_ref_root *delayed_refs,
|
|
struct btrfs_delayed_ref_head *head,
|
|
struct btrfs_delayed_ref_node *ref,
|
|
u64 seq)
|
|
{
|
|
struct btrfs_delayed_ref_node *next;
|
|
struct rb_node *node = rb_next(&ref->ref_node);
|
|
bool done = false;
|
|
|
|
while (!done && node) {
|
|
int mod;
|
|
|
|
next = rb_entry(node, struct btrfs_delayed_ref_node, ref_node);
|
|
node = rb_next(node);
|
|
if (seq && next->seq >= seq)
|
|
break;
|
|
if (comp_refs(ref, next, false))
|
|
break;
|
|
|
|
if (ref->action == next->action) {
|
|
mod = next->ref_mod;
|
|
} else {
|
|
if (ref->ref_mod < next->ref_mod) {
|
|
swap(ref, next);
|
|
done = true;
|
|
}
|
|
mod = -next->ref_mod;
|
|
}
|
|
|
|
drop_delayed_ref(trans, delayed_refs, head, next);
|
|
ref->ref_mod += mod;
|
|
if (ref->ref_mod == 0) {
|
|
drop_delayed_ref(trans, delayed_refs, head, ref);
|
|
done = true;
|
|
} else {
|
|
/*
|
|
* Can't have multiples of the same ref on a tree block.
|
|
*/
|
|
WARN_ON(ref->type == BTRFS_TREE_BLOCK_REF_KEY ||
|
|
ref->type == BTRFS_SHARED_BLOCK_REF_KEY);
|
|
}
|
|
}
|
|
|
|
return done;
|
|
}
|
|
|
|
void btrfs_merge_delayed_refs(struct btrfs_trans_handle *trans,
|
|
struct btrfs_delayed_ref_root *delayed_refs,
|
|
struct btrfs_delayed_ref_head *head)
|
|
{
|
|
struct btrfs_fs_info *fs_info = trans->fs_info;
|
|
struct btrfs_delayed_ref_node *ref;
|
|
struct rb_node *node;
|
|
u64 seq = 0;
|
|
|
|
lockdep_assert_held(&head->lock);
|
|
|
|
if (RB_EMPTY_ROOT(&head->ref_tree))
|
|
return;
|
|
|
|
/* We don't have too many refs to merge for data. */
|
|
if (head->is_data)
|
|
return;
|
|
|
|
read_lock(&fs_info->tree_mod_log_lock);
|
|
if (!list_empty(&fs_info->tree_mod_seq_list)) {
|
|
struct seq_list *elem;
|
|
|
|
elem = list_first_entry(&fs_info->tree_mod_seq_list,
|
|
struct seq_list, list);
|
|
seq = elem->seq;
|
|
}
|
|
read_unlock(&fs_info->tree_mod_log_lock);
|
|
|
|
again:
|
|
for (node = rb_first(&head->ref_tree); node; node = rb_next(node)) {
|
|
ref = rb_entry(node, struct btrfs_delayed_ref_node, ref_node);
|
|
if (seq && ref->seq >= seq)
|
|
continue;
|
|
if (merge_ref(trans, delayed_refs, head, ref, seq))
|
|
goto again;
|
|
}
|
|
}
|
|
|
|
int btrfs_check_delayed_seq(struct btrfs_fs_info *fs_info, u64 seq)
|
|
{
|
|
struct seq_list *elem;
|
|
int ret = 0;
|
|
|
|
read_lock(&fs_info->tree_mod_log_lock);
|
|
if (!list_empty(&fs_info->tree_mod_seq_list)) {
|
|
elem = list_first_entry(&fs_info->tree_mod_seq_list,
|
|
struct seq_list, list);
|
|
if (seq >= elem->seq) {
|
|
btrfs_debug(fs_info,
|
|
"holding back delayed_ref %#x.%x, lowest is %#x.%x",
|
|
(u32)(seq >> 32), (u32)seq,
|
|
(u32)(elem->seq >> 32), (u32)elem->seq);
|
|
ret = 1;
|
|
}
|
|
}
|
|
|
|
read_unlock(&fs_info->tree_mod_log_lock);
|
|
return ret;
|
|
}
|
|
|
|
struct btrfs_delayed_ref_head *
|
|
btrfs_select_ref_head(struct btrfs_trans_handle *trans)
|
|
{
|
|
struct btrfs_delayed_ref_root *delayed_refs;
|
|
struct btrfs_delayed_ref_head *head;
|
|
u64 start;
|
|
bool loop = false;
|
|
|
|
delayed_refs = &trans->transaction->delayed_refs;
|
|
|
|
again:
|
|
start = delayed_refs->run_delayed_start;
|
|
head = find_ref_head(&delayed_refs->href_root, start, 1);
|
|
if (!head && !loop) {
|
|
delayed_refs->run_delayed_start = 0;
|
|
start = 0;
|
|
loop = true;
|
|
head = find_ref_head(&delayed_refs->href_root, start, 1);
|
|
if (!head)
|
|
return NULL;
|
|
} else if (!head && loop) {
|
|
return NULL;
|
|
}
|
|
|
|
while (head->processing) {
|
|
struct rb_node *node;
|
|
|
|
node = rb_next(&head->href_node);
|
|
if (!node) {
|
|
if (loop)
|
|
return NULL;
|
|
delayed_refs->run_delayed_start = 0;
|
|
start = 0;
|
|
loop = true;
|
|
goto again;
|
|
}
|
|
head = rb_entry(node, struct btrfs_delayed_ref_head,
|
|
href_node);
|
|
}
|
|
|
|
head->processing = 1;
|
|
WARN_ON(delayed_refs->num_heads_ready == 0);
|
|
delayed_refs->num_heads_ready--;
|
|
delayed_refs->run_delayed_start = head->bytenr +
|
|
head->num_bytes;
|
|
return head;
|
|
}
|
|
|
|
/*
|
|
* Helper to insert the ref_node to the tail or merge with tail.
|
|
*
|
|
* Return 0 for insert.
|
|
* Return >0 for merge.
|
|
*/
|
|
static int insert_delayed_ref(struct btrfs_trans_handle *trans,
|
|
struct btrfs_delayed_ref_root *root,
|
|
struct btrfs_delayed_ref_head *href,
|
|
struct btrfs_delayed_ref_node *ref)
|
|
{
|
|
struct btrfs_delayed_ref_node *exist;
|
|
int mod;
|
|
int ret = 0;
|
|
|
|
spin_lock(&href->lock);
|
|
exist = tree_insert(&href->ref_tree, ref);
|
|
if (!exist)
|
|
goto inserted;
|
|
|
|
/* Now we are sure we can merge */
|
|
ret = 1;
|
|
if (exist->action == ref->action) {
|
|
mod = ref->ref_mod;
|
|
} else {
|
|
/* Need to change action */
|
|
if (exist->ref_mod < ref->ref_mod) {
|
|
exist->action = ref->action;
|
|
mod = -exist->ref_mod;
|
|
exist->ref_mod = ref->ref_mod;
|
|
if (ref->action == BTRFS_ADD_DELAYED_REF)
|
|
list_add_tail(&exist->add_list,
|
|
&href->ref_add_list);
|
|
else if (ref->action == BTRFS_DROP_DELAYED_REF) {
|
|
ASSERT(!list_empty(&exist->add_list));
|
|
list_del(&exist->add_list);
|
|
} else {
|
|
ASSERT(0);
|
|
}
|
|
} else
|
|
mod = -ref->ref_mod;
|
|
}
|
|
exist->ref_mod += mod;
|
|
|
|
/* remove existing tail if its ref_mod is zero */
|
|
if (exist->ref_mod == 0)
|
|
drop_delayed_ref(trans, root, href, exist);
|
|
spin_unlock(&href->lock);
|
|
return ret;
|
|
inserted:
|
|
if (ref->action == BTRFS_ADD_DELAYED_REF)
|
|
list_add_tail(&ref->add_list, &href->ref_add_list);
|
|
atomic_inc(&root->num_entries);
|
|
spin_unlock(&href->lock);
|
|
return ret;
|
|
}
|
|
|
|
/*
|
|
* helper function to update the accounting in the head ref
|
|
* existing and update must have the same bytenr
|
|
*/
|
|
static noinline void
|
|
update_existing_head_ref(struct btrfs_delayed_ref_root *delayed_refs,
|
|
struct btrfs_delayed_ref_head *existing,
|
|
struct btrfs_delayed_ref_head *update,
|
|
int *old_ref_mod_ret)
|
|
{
|
|
int old_ref_mod;
|
|
|
|
BUG_ON(existing->is_data != update->is_data);
|
|
|
|
spin_lock(&existing->lock);
|
|
if (update->must_insert_reserved) {
|
|
/* if the extent was freed and then
|
|
* reallocated before the delayed ref
|
|
* entries were processed, we can end up
|
|
* with an existing head ref without
|
|
* the must_insert_reserved flag set.
|
|
* Set it again here
|
|
*/
|
|
existing->must_insert_reserved = update->must_insert_reserved;
|
|
|
|
/*
|
|
* update the num_bytes so we make sure the accounting
|
|
* is done correctly
|
|
*/
|
|
existing->num_bytes = update->num_bytes;
|
|
|
|
}
|
|
|
|
if (update->extent_op) {
|
|
if (!existing->extent_op) {
|
|
existing->extent_op = update->extent_op;
|
|
} else {
|
|
if (update->extent_op->update_key) {
|
|
memcpy(&existing->extent_op->key,
|
|
&update->extent_op->key,
|
|
sizeof(update->extent_op->key));
|
|
existing->extent_op->update_key = true;
|
|
}
|
|
if (update->extent_op->update_flags) {
|
|
existing->extent_op->flags_to_set |=
|
|
update->extent_op->flags_to_set;
|
|
existing->extent_op->update_flags = true;
|
|
}
|
|
btrfs_free_delayed_extent_op(update->extent_op);
|
|
}
|
|
}
|
|
/*
|
|
* update the reference mod on the head to reflect this new operation,
|
|
* only need the lock for this case cause we could be processing it
|
|
* currently, for refs we just added we know we're a-ok.
|
|
*/
|
|
old_ref_mod = existing->total_ref_mod;
|
|
if (old_ref_mod_ret)
|
|
*old_ref_mod_ret = old_ref_mod;
|
|
existing->ref_mod += update->ref_mod;
|
|
existing->total_ref_mod += update->ref_mod;
|
|
|
|
/*
|
|
* If we are going to from a positive ref mod to a negative or vice
|
|
* versa we need to make sure to adjust pending_csums accordingly.
|
|
*/
|
|
if (existing->is_data) {
|
|
if (existing->total_ref_mod >= 0 && old_ref_mod < 0)
|
|
delayed_refs->pending_csums -= existing->num_bytes;
|
|
if (existing->total_ref_mod < 0 && old_ref_mod >= 0)
|
|
delayed_refs->pending_csums += existing->num_bytes;
|
|
}
|
|
spin_unlock(&existing->lock);
|
|
}
|
|
|
|
static void init_delayed_ref_head(struct btrfs_delayed_ref_head *head_ref,
|
|
struct btrfs_qgroup_extent_record *qrecord,
|
|
u64 bytenr, u64 num_bytes, u64 ref_root,
|
|
u64 reserved, int action, bool is_data,
|
|
bool is_system)
|
|
{
|
|
int count_mod = 1;
|
|
int must_insert_reserved = 0;
|
|
|
|
/* If reserved is provided, it must be a data extent. */
|
|
BUG_ON(!is_data && reserved);
|
|
|
|
/*
|
|
* The head node stores the sum of all the mods, so dropping a ref
|
|
* should drop the sum in the head node by one.
|
|
*/
|
|
if (action == BTRFS_UPDATE_DELAYED_HEAD)
|
|
count_mod = 0;
|
|
else if (action == BTRFS_DROP_DELAYED_REF)
|
|
count_mod = -1;
|
|
|
|
/*
|
|
* BTRFS_ADD_DELAYED_EXTENT means that we need to update the reserved
|
|
* accounting when the extent is finally added, or if a later
|
|
* modification deletes the delayed ref without ever inserting the
|
|
* extent into the extent allocation tree. ref->must_insert_reserved
|
|
* is the flag used to record that accounting mods are required.
|
|
*
|
|
* Once we record must_insert_reserved, switch the action to
|
|
* BTRFS_ADD_DELAYED_REF because other special casing is not required.
|
|
*/
|
|
if (action == BTRFS_ADD_DELAYED_EXTENT)
|
|
must_insert_reserved = 1;
|
|
else
|
|
must_insert_reserved = 0;
|
|
|
|
refcount_set(&head_ref->refs, 1);
|
|
head_ref->bytenr = bytenr;
|
|
head_ref->num_bytes = num_bytes;
|
|
head_ref->ref_mod = count_mod;
|
|
head_ref->must_insert_reserved = must_insert_reserved;
|
|
head_ref->is_data = is_data;
|
|
head_ref->is_system = is_system;
|
|
head_ref->ref_tree = RB_ROOT;
|
|
INIT_LIST_HEAD(&head_ref->ref_add_list);
|
|
RB_CLEAR_NODE(&head_ref->href_node);
|
|
head_ref->processing = 0;
|
|
head_ref->total_ref_mod = count_mod;
|
|
head_ref->qgroup_reserved = 0;
|
|
head_ref->qgroup_ref_root = 0;
|
|
spin_lock_init(&head_ref->lock);
|
|
mutex_init(&head_ref->mutex);
|
|
|
|
if (qrecord) {
|
|
if (ref_root && reserved) {
|
|
head_ref->qgroup_ref_root = ref_root;
|
|
head_ref->qgroup_reserved = reserved;
|
|
}
|
|
|
|
qrecord->bytenr = bytenr;
|
|
qrecord->num_bytes = num_bytes;
|
|
qrecord->old_roots = NULL;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* helper function to actually insert a head node into the rbtree.
|
|
* this does all the dirty work in terms of maintaining the correct
|
|
* overall modification count.
|
|
*/
|
|
static noinline struct btrfs_delayed_ref_head *
|
|
add_delayed_ref_head(struct btrfs_trans_handle *trans,
|
|
struct btrfs_delayed_ref_head *head_ref,
|
|
struct btrfs_qgroup_extent_record *qrecord,
|
|
int action, int *qrecord_inserted_ret,
|
|
int *old_ref_mod, int *new_ref_mod)
|
|
{
|
|
struct btrfs_delayed_ref_head *existing;
|
|
struct btrfs_delayed_ref_root *delayed_refs;
|
|
int qrecord_inserted = 0;
|
|
|
|
delayed_refs = &trans->transaction->delayed_refs;
|
|
|
|
/* Record qgroup extent info if provided */
|
|
if (qrecord) {
|
|
if (btrfs_qgroup_trace_extent_nolock(trans->fs_info,
|
|
delayed_refs, qrecord))
|
|
kfree(qrecord);
|
|
else
|
|
qrecord_inserted = 1;
|
|
}
|
|
|
|
trace_add_delayed_ref_head(trans->fs_info, head_ref, action);
|
|
|
|
existing = htree_insert(&delayed_refs->href_root,
|
|
&head_ref->href_node);
|
|
if (existing) {
|
|
WARN_ON(qrecord && head_ref->qgroup_ref_root
|
|
&& head_ref->qgroup_reserved
|
|
&& existing->qgroup_ref_root
|
|
&& existing->qgroup_reserved);
|
|
update_existing_head_ref(delayed_refs, existing, head_ref,
|
|
old_ref_mod);
|
|
/*
|
|
* we've updated the existing ref, free the newly
|
|
* allocated ref
|
|
*/
|
|
kmem_cache_free(btrfs_delayed_ref_head_cachep, head_ref);
|
|
head_ref = existing;
|
|
} else {
|
|
if (old_ref_mod)
|
|
*old_ref_mod = 0;
|
|
if (head_ref->is_data && head_ref->ref_mod < 0)
|
|
delayed_refs->pending_csums += head_ref->num_bytes;
|
|
delayed_refs->num_heads++;
|
|
delayed_refs->num_heads_ready++;
|
|
atomic_inc(&delayed_refs->num_entries);
|
|
trans->delayed_ref_updates++;
|
|
}
|
|
if (qrecord_inserted_ret)
|
|
*qrecord_inserted_ret = qrecord_inserted;
|
|
if (new_ref_mod)
|
|
*new_ref_mod = head_ref->total_ref_mod;
|
|
|
|
return head_ref;
|
|
}
|
|
|
|
/*
|
|
* init_delayed_ref_common - Initialize the structure which represents a
|
|
* modification to a an extent.
|
|
*
|
|
* @fs_info: Internal to the mounted filesystem mount structure.
|
|
*
|
|
* @ref: The structure which is going to be initialized.
|
|
*
|
|
* @bytenr: The logical address of the extent for which a modification is
|
|
* going to be recorded.
|
|
*
|
|
* @num_bytes: Size of the extent whose modification is being recorded.
|
|
*
|
|
* @ref_root: The id of the root where this modification has originated, this
|
|
* can be either one of the well-known metadata trees or the
|
|
* subvolume id which references this extent.
|
|
*
|
|
* @action: Can be one of BTRFS_ADD_DELAYED_REF/BTRFS_DROP_DELAYED_REF or
|
|
* BTRFS_ADD_DELAYED_EXTENT
|
|
*
|
|
* @ref_type: Holds the type of the extent which is being recorded, can be
|
|
* one of BTRFS_SHARED_BLOCK_REF_KEY/BTRFS_TREE_BLOCK_REF_KEY
|
|
* when recording a metadata extent or BTRFS_SHARED_DATA_REF_KEY/
|
|
* BTRFS_EXTENT_DATA_REF_KEY when recording data extent
|
|
*/
|
|
static void init_delayed_ref_common(struct btrfs_fs_info *fs_info,
|
|
struct btrfs_delayed_ref_node *ref,
|
|
u64 bytenr, u64 num_bytes, u64 ref_root,
|
|
int action, u8 ref_type)
|
|
{
|
|
u64 seq = 0;
|
|
|
|
if (action == BTRFS_ADD_DELAYED_EXTENT)
|
|
action = BTRFS_ADD_DELAYED_REF;
|
|
|
|
if (is_fstree(ref_root))
|
|
seq = atomic64_read(&fs_info->tree_mod_seq);
|
|
|
|
refcount_set(&ref->refs, 1);
|
|
ref->bytenr = bytenr;
|
|
ref->num_bytes = num_bytes;
|
|
ref->ref_mod = 1;
|
|
ref->action = action;
|
|
ref->is_head = 0;
|
|
ref->in_tree = 1;
|
|
ref->seq = seq;
|
|
ref->type = ref_type;
|
|
RB_CLEAR_NODE(&ref->ref_node);
|
|
INIT_LIST_HEAD(&ref->add_list);
|
|
}
|
|
|
|
/*
|
|
* add a delayed tree ref. This does all of the accounting required
|
|
* to make sure the delayed ref is eventually processed before this
|
|
* transaction commits.
|
|
*/
|
|
int btrfs_add_delayed_tree_ref(struct btrfs_trans_handle *trans,
|
|
u64 bytenr, u64 num_bytes, u64 parent,
|
|
u64 ref_root, int level, int action,
|
|
struct btrfs_delayed_extent_op *extent_op,
|
|
int *old_ref_mod, int *new_ref_mod)
|
|
{
|
|
struct btrfs_fs_info *fs_info = trans->fs_info;
|
|
struct btrfs_delayed_tree_ref *ref;
|
|
struct btrfs_delayed_ref_head *head_ref;
|
|
struct btrfs_delayed_ref_root *delayed_refs;
|
|
struct btrfs_qgroup_extent_record *record = NULL;
|
|
int qrecord_inserted;
|
|
bool is_system = (ref_root == BTRFS_CHUNK_TREE_OBJECTID);
|
|
int ret;
|
|
u8 ref_type;
|
|
|
|
BUG_ON(extent_op && extent_op->is_data);
|
|
ref = kmem_cache_alloc(btrfs_delayed_tree_ref_cachep, GFP_NOFS);
|
|
if (!ref)
|
|
return -ENOMEM;
|
|
|
|
head_ref = kmem_cache_alloc(btrfs_delayed_ref_head_cachep, GFP_NOFS);
|
|
if (!head_ref) {
|
|
kmem_cache_free(btrfs_delayed_tree_ref_cachep, ref);
|
|
return -ENOMEM;
|
|
}
|
|
|
|
if (test_bit(BTRFS_FS_QUOTA_ENABLED, &fs_info->flags) &&
|
|
is_fstree(ref_root)) {
|
|
record = kmalloc(sizeof(*record), GFP_NOFS);
|
|
if (!record) {
|
|
kmem_cache_free(btrfs_delayed_tree_ref_cachep, ref);
|
|
kmem_cache_free(btrfs_delayed_ref_head_cachep, head_ref);
|
|
return -ENOMEM;
|
|
}
|
|
}
|
|
|
|
if (parent)
|
|
ref_type = BTRFS_SHARED_BLOCK_REF_KEY;
|
|
else
|
|
ref_type = BTRFS_TREE_BLOCK_REF_KEY;
|
|
|
|
init_delayed_ref_common(fs_info, &ref->node, bytenr, num_bytes,
|
|
ref_root, action, ref_type);
|
|
ref->root = ref_root;
|
|
ref->parent = parent;
|
|
ref->level = level;
|
|
|
|
init_delayed_ref_head(head_ref, record, bytenr, num_bytes,
|
|
ref_root, 0, action, false, is_system);
|
|
head_ref->extent_op = extent_op;
|
|
|
|
delayed_refs = &trans->transaction->delayed_refs;
|
|
spin_lock(&delayed_refs->lock);
|
|
|
|
/*
|
|
* insert both the head node and the new ref without dropping
|
|
* the spin lock
|
|
*/
|
|
head_ref = add_delayed_ref_head(trans, head_ref, record,
|
|
action, &qrecord_inserted,
|
|
old_ref_mod, new_ref_mod);
|
|
|
|
ret = insert_delayed_ref(trans, delayed_refs, head_ref, &ref->node);
|
|
spin_unlock(&delayed_refs->lock);
|
|
|
|
trace_add_delayed_tree_ref(fs_info, &ref->node, ref,
|
|
action == BTRFS_ADD_DELAYED_EXTENT ?
|
|
BTRFS_ADD_DELAYED_REF : action);
|
|
if (ret > 0)
|
|
kmem_cache_free(btrfs_delayed_tree_ref_cachep, ref);
|
|
|
|
if (qrecord_inserted)
|
|
btrfs_qgroup_trace_extent_post(fs_info, record);
|
|
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* add a delayed data ref. it's similar to btrfs_add_delayed_tree_ref.
|
|
*/
|
|
int btrfs_add_delayed_data_ref(struct btrfs_trans_handle *trans,
|
|
u64 bytenr, u64 num_bytes,
|
|
u64 parent, u64 ref_root,
|
|
u64 owner, u64 offset, u64 reserved, int action,
|
|
int *old_ref_mod, int *new_ref_mod)
|
|
{
|
|
struct btrfs_fs_info *fs_info = trans->fs_info;
|
|
struct btrfs_delayed_data_ref *ref;
|
|
struct btrfs_delayed_ref_head *head_ref;
|
|
struct btrfs_delayed_ref_root *delayed_refs;
|
|
struct btrfs_qgroup_extent_record *record = NULL;
|
|
int qrecord_inserted;
|
|
int ret;
|
|
u8 ref_type;
|
|
|
|
ref = kmem_cache_alloc(btrfs_delayed_data_ref_cachep, GFP_NOFS);
|
|
if (!ref)
|
|
return -ENOMEM;
|
|
|
|
if (parent)
|
|
ref_type = BTRFS_SHARED_DATA_REF_KEY;
|
|
else
|
|
ref_type = BTRFS_EXTENT_DATA_REF_KEY;
|
|
init_delayed_ref_common(fs_info, &ref->node, bytenr, num_bytes,
|
|
ref_root, action, ref_type);
|
|
ref->root = ref_root;
|
|
ref->parent = parent;
|
|
ref->objectid = owner;
|
|
ref->offset = offset;
|
|
|
|
|
|
head_ref = kmem_cache_alloc(btrfs_delayed_ref_head_cachep, GFP_NOFS);
|
|
if (!head_ref) {
|
|
kmem_cache_free(btrfs_delayed_data_ref_cachep, ref);
|
|
return -ENOMEM;
|
|
}
|
|
|
|
if (test_bit(BTRFS_FS_QUOTA_ENABLED, &fs_info->flags) &&
|
|
is_fstree(ref_root)) {
|
|
record = kmalloc(sizeof(*record), GFP_NOFS);
|
|
if (!record) {
|
|
kmem_cache_free(btrfs_delayed_data_ref_cachep, ref);
|
|
kmem_cache_free(btrfs_delayed_ref_head_cachep,
|
|
head_ref);
|
|
return -ENOMEM;
|
|
}
|
|
}
|
|
|
|
init_delayed_ref_head(head_ref, record, bytenr, num_bytes, ref_root,
|
|
reserved, action, true, false);
|
|
head_ref->extent_op = NULL;
|
|
|
|
delayed_refs = &trans->transaction->delayed_refs;
|
|
spin_lock(&delayed_refs->lock);
|
|
|
|
/*
|
|
* insert both the head node and the new ref without dropping
|
|
* the spin lock
|
|
*/
|
|
head_ref = add_delayed_ref_head(trans, head_ref, record,
|
|
action, &qrecord_inserted,
|
|
old_ref_mod, new_ref_mod);
|
|
|
|
ret = insert_delayed_ref(trans, delayed_refs, head_ref, &ref->node);
|
|
spin_unlock(&delayed_refs->lock);
|
|
|
|
trace_add_delayed_data_ref(trans->fs_info, &ref->node, ref,
|
|
action == BTRFS_ADD_DELAYED_EXTENT ?
|
|
BTRFS_ADD_DELAYED_REF : action);
|
|
if (ret > 0)
|
|
kmem_cache_free(btrfs_delayed_data_ref_cachep, ref);
|
|
|
|
|
|
if (qrecord_inserted)
|
|
return btrfs_qgroup_trace_extent_post(fs_info, record);
|
|
return 0;
|
|
}
|
|
|
|
int btrfs_add_delayed_extent_op(struct btrfs_fs_info *fs_info,
|
|
struct btrfs_trans_handle *trans,
|
|
u64 bytenr, u64 num_bytes,
|
|
struct btrfs_delayed_extent_op *extent_op)
|
|
{
|
|
struct btrfs_delayed_ref_head *head_ref;
|
|
struct btrfs_delayed_ref_root *delayed_refs;
|
|
|
|
head_ref = kmem_cache_alloc(btrfs_delayed_ref_head_cachep, GFP_NOFS);
|
|
if (!head_ref)
|
|
return -ENOMEM;
|
|
|
|
init_delayed_ref_head(head_ref, NULL, bytenr, num_bytes, 0, 0,
|
|
BTRFS_UPDATE_DELAYED_HEAD, extent_op->is_data,
|
|
false);
|
|
head_ref->extent_op = extent_op;
|
|
|
|
delayed_refs = &trans->transaction->delayed_refs;
|
|
spin_lock(&delayed_refs->lock);
|
|
|
|
add_delayed_ref_head(trans, head_ref, NULL, BTRFS_UPDATE_DELAYED_HEAD,
|
|
NULL, NULL, NULL);
|
|
|
|
spin_unlock(&delayed_refs->lock);
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* this does a simple search for the head node for a given extent.
|
|
* It must be called with the delayed ref spinlock held, and it returns
|
|
* the head node if any where found, or NULL if not.
|
|
*/
|
|
struct btrfs_delayed_ref_head *
|
|
btrfs_find_delayed_ref_head(struct btrfs_delayed_ref_root *delayed_refs, u64 bytenr)
|
|
{
|
|
return find_ref_head(&delayed_refs->href_root, bytenr, 0);
|
|
}
|
|
|
|
void __cold btrfs_delayed_ref_exit(void)
|
|
{
|
|
kmem_cache_destroy(btrfs_delayed_ref_head_cachep);
|
|
kmem_cache_destroy(btrfs_delayed_tree_ref_cachep);
|
|
kmem_cache_destroy(btrfs_delayed_data_ref_cachep);
|
|
kmem_cache_destroy(btrfs_delayed_extent_op_cachep);
|
|
}
|
|
|
|
int __init btrfs_delayed_ref_init(void)
|
|
{
|
|
btrfs_delayed_ref_head_cachep = kmem_cache_create(
|
|
"btrfs_delayed_ref_head",
|
|
sizeof(struct btrfs_delayed_ref_head), 0,
|
|
SLAB_MEM_SPREAD, NULL);
|
|
if (!btrfs_delayed_ref_head_cachep)
|
|
goto fail;
|
|
|
|
btrfs_delayed_tree_ref_cachep = kmem_cache_create(
|
|
"btrfs_delayed_tree_ref",
|
|
sizeof(struct btrfs_delayed_tree_ref), 0,
|
|
SLAB_MEM_SPREAD, NULL);
|
|
if (!btrfs_delayed_tree_ref_cachep)
|
|
goto fail;
|
|
|
|
btrfs_delayed_data_ref_cachep = kmem_cache_create(
|
|
"btrfs_delayed_data_ref",
|
|
sizeof(struct btrfs_delayed_data_ref), 0,
|
|
SLAB_MEM_SPREAD, NULL);
|
|
if (!btrfs_delayed_data_ref_cachep)
|
|
goto fail;
|
|
|
|
btrfs_delayed_extent_op_cachep = kmem_cache_create(
|
|
"btrfs_delayed_extent_op",
|
|
sizeof(struct btrfs_delayed_extent_op), 0,
|
|
SLAB_MEM_SPREAD, NULL);
|
|
if (!btrfs_delayed_extent_op_cachep)
|
|
goto fail;
|
|
|
|
return 0;
|
|
fail:
|
|
btrfs_delayed_ref_exit();
|
|
return -ENOMEM;
|
|
}
|