<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/fs/btrfs/backref.c, branch linux-3.16.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>btrfs: remove spurious WARN_ON(ref-&gt;count &lt; 0) in find_parent_nodes</title>
<updated>2018-06-16T21:22:05+00:00</updated>
<author>
<name>Zygo Blaxell</name>
<email>ce3g8jdj@umail.furryterror.org</email>
</author>
<published>2018-01-24T03:22:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=e199800c515a2a5ee6632d3d64dbfae6d62d15c1'/>
<id>e199800c515a2a5ee6632d3d64dbfae6d62d15c1</id>
<content type='text'>
commit c8195a7b1ad5648857ce20ba24f384faed8512bc upstream.

Until v4.14, this warning was very infrequent:

	WARNING: CPU: 3 PID: 18172 at fs/btrfs/backref.c:1391 find_parent_nodes+0xc41/0x14e0
	Modules linked in: [...]
	CPU: 3 PID: 18172 Comm: bees Tainted: G      D W    L  4.11.9-zb64+ #1
	Hardware name: System manufacturer System Product Name/M5A78L-M/USB3, BIOS 2101    12/02/2014
	Call Trace:
	 dump_stack+0x85/0xc2
	 __warn+0xd1/0xf0
	 warn_slowpath_null+0x1d/0x20
	 find_parent_nodes+0xc41/0x14e0
	 __btrfs_find_all_roots+0xad/0x120
	 ? extent_same_check_offsets+0x70/0x70
	 iterate_extent_inodes+0x168/0x300
	 iterate_inodes_from_logical+0x87/0xb0
	 ? iterate_inodes_from_logical+0x87/0xb0
	 ? extent_same_check_offsets+0x70/0x70
	 btrfs_ioctl+0x8ac/0x2820
	 ? lock_acquire+0xc2/0x200
	 do_vfs_ioctl+0x91/0x700
	 ? __fget+0x112/0x200
	 SyS_ioctl+0x79/0x90
	 entry_SYSCALL_64_fastpath+0x23/0xc6
	 ? trace_hardirqs_off_caller+0x1f/0x140

Starting with v4.14 (specifically 86d5f9944252 ("btrfs: convert prelimary
reference tracking to use rbtrees")) the WARN_ON occurs three orders of
magnitude more frequently--almost once per second while running workloads
like bees.

Replace the WARN_ON() with a comment rationale for its removal.
The rationale is paraphrased from an explanation by Edmund Nadolski
&lt;enadolski@suse.de&gt; on the linux-btrfs mailing list.

Fixes: 8da6d5815c59 ("Btrfs: added btrfs_find_all_roots()")
Signed-off-by: Zygo Blaxell &lt;ce3g8jdj@umail.furryterror.org&gt;
Reviewed-by: Lu Fengqi &lt;lufq.fnst@cn.fujitsu.com&gt;
Signed-off-by: David Sterba &lt;dsterba@suse.com&gt;
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit c8195a7b1ad5648857ce20ba24f384faed8512bc upstream.

Until v4.14, this warning was very infrequent:

	WARNING: CPU: 3 PID: 18172 at fs/btrfs/backref.c:1391 find_parent_nodes+0xc41/0x14e0
	Modules linked in: [...]
	CPU: 3 PID: 18172 Comm: bees Tainted: G      D W    L  4.11.9-zb64+ #1
	Hardware name: System manufacturer System Product Name/M5A78L-M/USB3, BIOS 2101    12/02/2014
	Call Trace:
	 dump_stack+0x85/0xc2
	 __warn+0xd1/0xf0
	 warn_slowpath_null+0x1d/0x20
	 find_parent_nodes+0xc41/0x14e0
	 __btrfs_find_all_roots+0xad/0x120
	 ? extent_same_check_offsets+0x70/0x70
	 iterate_extent_inodes+0x168/0x300
	 iterate_inodes_from_logical+0x87/0xb0
	 ? iterate_inodes_from_logical+0x87/0xb0
	 ? extent_same_check_offsets+0x70/0x70
	 btrfs_ioctl+0x8ac/0x2820
	 ? lock_acquire+0xc2/0x200
	 do_vfs_ioctl+0x91/0x700
	 ? __fget+0x112/0x200
	 SyS_ioctl+0x79/0x90
	 entry_SYSCALL_64_fastpath+0x23/0xc6
	 ? trace_hardirqs_off_caller+0x1f/0x140

Starting with v4.14 (specifically 86d5f9944252 ("btrfs: convert prelimary
reference tracking to use rbtrees")) the WARN_ON occurs three orders of
magnitude more frequently--almost once per second while running workloads
like bees.

Replace the WARN_ON() with a comment rationale for its removal.
The rationale is paraphrased from an explanation by Edmund Nadolski
&lt;enadolski@suse.de&gt; on the linux-btrfs mailing list.

Fixes: 8da6d5815c59 ("Btrfs: added btrfs_find_all_roots()")
Signed-off-by: Zygo Blaxell &lt;ce3g8jdj@umail.furryterror.org&gt;
Reviewed-by: Lu Fengqi &lt;lufq.fnst@cn.fujitsu.com&gt;
Signed-off-by: David Sterba &lt;dsterba@suse.com&gt;
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Btrfs: fix hang on extent buffer lock caused by the inode_paths ioctl</title>
<updated>2016-02-25T10:34:37+00:00</updated>
<author>
<name>Filipe Manana</name>
<email>fdmanana@suse.com</email>
</author>
<published>2016-02-03T19:17:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=b10a62d6c00ee83c2614fda9e8d8e7178ef53020'/>
<id>b10a62d6c00ee83c2614fda9e8d8e7178ef53020</id>
<content type='text'>
commit 0c0fe3b0fa45082cd752553fdb3a4b42503a118e upstream.

While doing some tests I ran into an hang on an extent buffer's rwlock
that produced the following trace:

[39389.800012] NMI watchdog: BUG: soft lockup - CPU#15 stuck for 22s! [fdm-stress:32166]
[39389.800016] NMI watchdog: BUG: soft lockup - CPU#14 stuck for 22s! [fdm-stress:32165]
[39389.800016] Modules linked in: btrfs dm_mod ppdev xor sha256_generic hmac raid6_pq drbg ansi_cprng aesni_intel i2c_piix4 acpi_cpufreq aes_x86_64 ablk_helper tpm_tis parport_pc i2c_core sg cryptd evdev psmouse lrw tpm parport gf128mul serio_raw pcspkr glue_helper processor button loop autofs4 ext4 crc16 mbcache jbd2 sd_mod sr_mod cdrom ata_generic virtio_scsi ata_piix libata virtio_pci virtio_ring crc32c_intel scsi_mod e1000 virtio floppy [last unloaded: btrfs]
[39389.800016] irq event stamp: 0
[39389.800016] hardirqs last  enabled at (0): [&lt;          (null)&gt;]           (null)
[39389.800016] hardirqs last disabled at (0): [&lt;ffffffff8104e58d&gt;] copy_process+0x638/0x1a35
[39389.800016] softirqs last  enabled at (0): [&lt;ffffffff8104e58d&gt;] copy_process+0x638/0x1a35
[39389.800016] softirqs last disabled at (0): [&lt;          (null)&gt;]           (null)
[39389.800016] CPU: 14 PID: 32165 Comm: fdm-stress Not tainted 4.4.0-rc6-btrfs-next-18+ #1
[39389.800016] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS by qemu-project.org 04/01/2014
[39389.800016] task: ffff880175b1ca40 ti: ffff8800a185c000 task.ti: ffff8800a185c000
[39389.800016] RIP: 0010:[&lt;ffffffff810902af&gt;]  [&lt;ffffffff810902af&gt;] queued_spin_lock_slowpath+0x57/0x158
[39389.800016] RSP: 0018:ffff8800a185fb80  EFLAGS: 00000202
[39389.800016] RAX: 0000000000000101 RBX: ffff8801710c4e9c RCX: 0000000000000101
[39389.800016] RDX: 0000000000000100 RSI: 0000000000000001 RDI: 0000000000000001
[39389.800016] RBP: ffff8800a185fb98 R08: 0000000000000001 R09: 0000000000000000
[39389.800016] R10: ffff8800a185fb68 R11: 6db6db6db6db6db7 R12: ffff8801710c4e98
[39389.800016] R13: ffff880175b1ca40 R14: ffff8800a185fc10 R15: ffff880175b1ca40
[39389.800016] FS:  00007f6d37fff700(0000) GS:ffff8802be9c0000(0000) knlGS:0000000000000000
[39389.800016] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[39389.800016] CR2: 00007f6d300019b8 CR3: 0000000037c93000 CR4: 00000000001406e0
[39389.800016] Stack:
[39389.800016]  ffff8801710c4e98 ffff8801710c4e98 ffff880175b1ca40 ffff8800a185fbb0
[39389.800016]  ffffffff81091e11 ffff8801710c4e98 ffff8800a185fbc8 ffffffff81091895
[39389.800016]  ffff8801710c4e98 ffff8800a185fbe8 ffffffff81486c5c ffffffffa067288c
[39389.800016] Call Trace:
[39389.800016]  [&lt;ffffffff81091e11&gt;] queued_read_lock_slowpath+0x46/0x60
[39389.800016]  [&lt;ffffffff81091895&gt;] do_raw_read_lock+0x3e/0x41
[39389.800016]  [&lt;ffffffff81486c5c&gt;] _raw_read_lock+0x3d/0x44
[39389.800016]  [&lt;ffffffffa067288c&gt;] ? btrfs_tree_read_lock+0x54/0x125 [btrfs]
[39389.800016]  [&lt;ffffffffa067288c&gt;] btrfs_tree_read_lock+0x54/0x125 [btrfs]
[39389.800016]  [&lt;ffffffffa0622ced&gt;] ? btrfs_find_item+0xa7/0xd2 [btrfs]
[39389.800016]  [&lt;ffffffffa069363f&gt;] btrfs_ref_to_path+0xd6/0x174 [btrfs]
[39389.800016]  [&lt;ffffffffa0693730&gt;] inode_to_path+0x53/0xa2 [btrfs]
[39389.800016]  [&lt;ffffffffa0693e2e&gt;] paths_from_inode+0x117/0x2ec [btrfs]
[39389.800016]  [&lt;ffffffffa0670cff&gt;] btrfs_ioctl+0xd5b/0x2793 [btrfs]
[39389.800016]  [&lt;ffffffff8108a8b0&gt;] ? arch_local_irq_save+0x9/0xc
[39389.800016]  [&lt;ffffffff81276727&gt;] ? __this_cpu_preempt_check+0x13/0x15
[39389.800016]  [&lt;ffffffff8108a8b0&gt;] ? arch_local_irq_save+0x9/0xc
[39389.800016]  [&lt;ffffffff8118b3d4&gt;] ? rcu_read_unlock+0x3e/0x5d
[39389.800016]  [&lt;ffffffff811822f8&gt;] do_vfs_ioctl+0x42b/0x4ea
[39389.800016]  [&lt;ffffffff8118b4f3&gt;] ? __fget_light+0x62/0x71
[39389.800016]  [&lt;ffffffff8118240e&gt;] SyS_ioctl+0x57/0x79
[39389.800016]  [&lt;ffffffff814872d7&gt;] entry_SYSCALL_64_fastpath+0x12/0x6f
[39389.800016] Code: b9 01 01 00 00 f7 c6 00 ff ff ff 75 32 83 fe 01 89 ca 89 f0 0f 45 d7 f0 0f b1 13 39 f0 74 04 89 c6 eb e2 ff ca 0f 84 fa 00 00 00 &lt;8b&gt; 03 84 c0 74 04 f3 90 eb f6 66 c7 03 01 00 e9 e6 00 00 00 e8
[39389.800012] Modules linked in: btrfs dm_mod ppdev xor sha256_generic hmac raid6_pq drbg ansi_cprng aesni_intel i2c_piix4 acpi_cpufreq aes_x86_64 ablk_helper tpm_tis parport_pc i2c_core sg cryptd evdev psmouse lrw tpm parport gf128mul serio_raw pcspkr glue_helper processor button loop autofs4 ext4 crc16 mbcache jbd2 sd_mod sr_mod cdrom ata_generic virtio_scsi ata_piix libata virtio_pci virtio_ring crc32c_intel scsi_mod e1000 virtio floppy [last unloaded: btrfs]
[39389.800012] irq event stamp: 0
[39389.800012] hardirqs last  enabled at (0): [&lt;          (null)&gt;]           (null)
[39389.800012] hardirqs last disabled at (0): [&lt;ffffffff8104e58d&gt;] copy_process+0x638/0x1a35
[39389.800012] softirqs last  enabled at (0): [&lt;ffffffff8104e58d&gt;] copy_process+0x638/0x1a35
[39389.800012] softirqs last disabled at (0): [&lt;          (null)&gt;]           (null)
[39389.800012] CPU: 15 PID: 32166 Comm: fdm-stress Tainted: G             L  4.4.0-rc6-btrfs-next-18+ #1
[39389.800012] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS by qemu-project.org 04/01/2014
[39389.800012] task: ffff880179294380 ti: ffff880034a60000 task.ti: ffff880034a60000
[39389.800012] RIP: 0010:[&lt;ffffffff81091e8d&gt;]  [&lt;ffffffff81091e8d&gt;] queued_write_lock_slowpath+0x62/0x72
[39389.800012] RSP: 0018:ffff880034a639f0  EFLAGS: 00000206
[39389.800012] RAX: 0000000000000101 RBX: ffff8801710c4e98 RCX: 0000000000000000
[39389.800012] RDX: 00000000000000ff RSI: 0000000000000000 RDI: ffff8801710c4e9c
[39389.800012] RBP: ffff880034a639f8 R08: 0000000000000001 R09: 0000000000000000
[39389.800012] R10: ffff880034a639b0 R11: 0000000000001000 R12: ffff8801710c4e98
[39389.800012] R13: 0000000000000001 R14: ffff880172cbc000 R15: ffff8801710c4e00
[39389.800012] FS:  00007f6d377fe700(0000) GS:ffff8802be9e0000(0000) knlGS:0000000000000000
[39389.800012] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[39389.800012] CR2: 00007f6d3d3c1000 CR3: 0000000037c93000 CR4: 00000000001406e0
[39389.800012] Stack:
[39389.800012]  ffff8801710c4e98 ffff880034a63a10 ffffffff81091963 ffff8801710c4e98
[39389.800012]  ffff880034a63a30 ffffffff81486f1b ffffffffa0672cb3 ffff8801710c4e00
[39389.800012]  ffff880034a63a78 ffffffffa0672cb3 ffff8801710c4e00 ffff880034a63a58
[39389.800012] Call Trace:
[39389.800012]  [&lt;ffffffff81091963&gt;] do_raw_write_lock+0x72/0x8c
[39389.800012]  [&lt;ffffffff81486f1b&gt;] _raw_write_lock+0x3a/0x41
[39389.800012]  [&lt;ffffffffa0672cb3&gt;] ? btrfs_tree_lock+0x119/0x251 [btrfs]
[39389.800012]  [&lt;ffffffffa0672cb3&gt;] btrfs_tree_lock+0x119/0x251 [btrfs]
[39389.800012]  [&lt;ffffffffa061aeba&gt;] ? rcu_read_unlock+0x5b/0x5d [btrfs]
[39389.800012]  [&lt;ffffffffa061ce13&gt;] ? btrfs_root_node+0xda/0xe6 [btrfs]
[39389.800012]  [&lt;ffffffffa061ce83&gt;] btrfs_lock_root_node+0x22/0x42 [btrfs]
[39389.800012]  [&lt;ffffffffa062046b&gt;] btrfs_search_slot+0x1b8/0x758 [btrfs]
[39389.800012]  [&lt;ffffffff810fc6b0&gt;] ? time_hardirqs_on+0x15/0x28
[39389.800012]  [&lt;ffffffffa06365db&gt;] btrfs_lookup_inode+0x31/0x95 [btrfs]
[39389.800012]  [&lt;ffffffff8108d62f&gt;] ? trace_hardirqs_on+0xd/0xf
[39389.800012]  [&lt;ffffffff8148482b&gt;] ? mutex_lock_nested+0x397/0x3bc
[39389.800012]  [&lt;ffffffffa068821b&gt;] __btrfs_update_delayed_inode+0x59/0x1c0 [btrfs]
[39389.800012]  [&lt;ffffffffa068858e&gt;] __btrfs_commit_inode_delayed_items+0x194/0x5aa [btrfs]
[39389.800012]  [&lt;ffffffff81486ab7&gt;] ? _raw_spin_unlock+0x31/0x44
[39389.800012]  [&lt;ffffffffa0688a48&gt;] __btrfs_run_delayed_items+0xa4/0x15c [btrfs]
[39389.800012]  [&lt;ffffffffa0688d62&gt;] btrfs_run_delayed_items+0x11/0x13 [btrfs]
[39389.800012]  [&lt;ffffffffa064048e&gt;] btrfs_commit_transaction+0x234/0x96e [btrfs]
[39389.800012]  [&lt;ffffffffa0618d10&gt;] btrfs_sync_fs+0x145/0x1ad [btrfs]
[39389.800012]  [&lt;ffffffffa0671176&gt;] btrfs_ioctl+0x11d2/0x2793 [btrfs]
[39389.800012]  [&lt;ffffffff8108a8b0&gt;] ? arch_local_irq_save+0x9/0xc
[39389.800012]  [&lt;ffffffff81140261&gt;] ? __might_fault+0x4c/0xa7
[39389.800012]  [&lt;ffffffff81140261&gt;] ? __might_fault+0x4c/0xa7
[39389.800012]  [&lt;ffffffff8108a8b0&gt;] ? arch_local_irq_save+0x9/0xc
[39389.800012]  [&lt;ffffffff8118b3d4&gt;] ? rcu_read_unlock+0x3e/0x5d
[39389.800012]  [&lt;ffffffff811822f8&gt;] do_vfs_ioctl+0x42b/0x4ea
[39389.800012]  [&lt;ffffffff8118b4f3&gt;] ? __fget_light+0x62/0x71
[39389.800012]  [&lt;ffffffff8118240e&gt;] SyS_ioctl+0x57/0x79
[39389.800012]  [&lt;ffffffff814872d7&gt;] entry_SYSCALL_64_fastpath+0x12/0x6f
[39389.800012] Code: f0 0f b1 13 85 c0 75 ef eb 2a f3 90 8a 03 84 c0 75 f8 f0 0f b0 13 84 c0 75 f0 ba ff 00 00 00 eb 0a f0 0f b1 13 ff c8 74 0b f3 90 &lt;8b&gt; 03 83 f8 01 75 f7 eb ed c6 43 04 00 5b 5d c3 0f 1f 44 00 00

This happens because in the code path executed by the inode_paths ioctl we
end up nesting two calls to read lock a leaf's rwlock when after the first
call to read_lock() and before the second call to read_lock(), another
task (running the delayed items as part of a transaction commit) has
already called write_lock() against the leaf's rwlock. This situation is
illustrated by the following diagram:

         Task A                       Task B

  btrfs_ref_to_path()               btrfs_commit_transaction()
    read_lock(&amp;eb-&gt;lock);

                                      btrfs_run_delayed_items()
                                        __btrfs_commit_inode_delayed_items()
                                          __btrfs_update_delayed_inode()
                                            btrfs_lookup_inode()

                                              write_lock(&amp;eb-&gt;lock);
                                                --&gt; task waits for lock

    read_lock(&amp;eb-&gt;lock);
    --&gt; makes this task hang
        forever (and task B too
	of course)

So fix this by avoiding doing the nested read lock, which is easily
avoidable. This issue does not happen if task B calls write_lock() after
task A does the second call to read_lock(), however there does not seem
to exist anything in the documentation that mentions what is the expected
behaviour for recursive locking of rwlocks (leaving the idea that doing
so is not a good usage of rwlocks).

Also, as a side effect necessary for this fix, make sure we do not
needlessly read lock extent buffers when the input path has skip_locking
set (used when called from send).

Signed-off-by: Filipe Manana &lt;fdmanana@suse.com&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 0c0fe3b0fa45082cd752553fdb3a4b42503a118e upstream.

While doing some tests I ran into an hang on an extent buffer's rwlock
that produced the following trace:

[39389.800012] NMI watchdog: BUG: soft lockup - CPU#15 stuck for 22s! [fdm-stress:32166]
[39389.800016] NMI watchdog: BUG: soft lockup - CPU#14 stuck for 22s! [fdm-stress:32165]
[39389.800016] Modules linked in: btrfs dm_mod ppdev xor sha256_generic hmac raid6_pq drbg ansi_cprng aesni_intel i2c_piix4 acpi_cpufreq aes_x86_64 ablk_helper tpm_tis parport_pc i2c_core sg cryptd evdev psmouse lrw tpm parport gf128mul serio_raw pcspkr glue_helper processor button loop autofs4 ext4 crc16 mbcache jbd2 sd_mod sr_mod cdrom ata_generic virtio_scsi ata_piix libata virtio_pci virtio_ring crc32c_intel scsi_mod e1000 virtio floppy [last unloaded: btrfs]
[39389.800016] irq event stamp: 0
[39389.800016] hardirqs last  enabled at (0): [&lt;          (null)&gt;]           (null)
[39389.800016] hardirqs last disabled at (0): [&lt;ffffffff8104e58d&gt;] copy_process+0x638/0x1a35
[39389.800016] softirqs last  enabled at (0): [&lt;ffffffff8104e58d&gt;] copy_process+0x638/0x1a35
[39389.800016] softirqs last disabled at (0): [&lt;          (null)&gt;]           (null)
[39389.800016] CPU: 14 PID: 32165 Comm: fdm-stress Not tainted 4.4.0-rc6-btrfs-next-18+ #1
[39389.800016] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS by qemu-project.org 04/01/2014
[39389.800016] task: ffff880175b1ca40 ti: ffff8800a185c000 task.ti: ffff8800a185c000
[39389.800016] RIP: 0010:[&lt;ffffffff810902af&gt;]  [&lt;ffffffff810902af&gt;] queued_spin_lock_slowpath+0x57/0x158
[39389.800016] RSP: 0018:ffff8800a185fb80  EFLAGS: 00000202
[39389.800016] RAX: 0000000000000101 RBX: ffff8801710c4e9c RCX: 0000000000000101
[39389.800016] RDX: 0000000000000100 RSI: 0000000000000001 RDI: 0000000000000001
[39389.800016] RBP: ffff8800a185fb98 R08: 0000000000000001 R09: 0000000000000000
[39389.800016] R10: ffff8800a185fb68 R11: 6db6db6db6db6db7 R12: ffff8801710c4e98
[39389.800016] R13: ffff880175b1ca40 R14: ffff8800a185fc10 R15: ffff880175b1ca40
[39389.800016] FS:  00007f6d37fff700(0000) GS:ffff8802be9c0000(0000) knlGS:0000000000000000
[39389.800016] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[39389.800016] CR2: 00007f6d300019b8 CR3: 0000000037c93000 CR4: 00000000001406e0
[39389.800016] Stack:
[39389.800016]  ffff8801710c4e98 ffff8801710c4e98 ffff880175b1ca40 ffff8800a185fbb0
[39389.800016]  ffffffff81091e11 ffff8801710c4e98 ffff8800a185fbc8 ffffffff81091895
[39389.800016]  ffff8801710c4e98 ffff8800a185fbe8 ffffffff81486c5c ffffffffa067288c
[39389.800016] Call Trace:
[39389.800016]  [&lt;ffffffff81091e11&gt;] queued_read_lock_slowpath+0x46/0x60
[39389.800016]  [&lt;ffffffff81091895&gt;] do_raw_read_lock+0x3e/0x41
[39389.800016]  [&lt;ffffffff81486c5c&gt;] _raw_read_lock+0x3d/0x44
[39389.800016]  [&lt;ffffffffa067288c&gt;] ? btrfs_tree_read_lock+0x54/0x125 [btrfs]
[39389.800016]  [&lt;ffffffffa067288c&gt;] btrfs_tree_read_lock+0x54/0x125 [btrfs]
[39389.800016]  [&lt;ffffffffa0622ced&gt;] ? btrfs_find_item+0xa7/0xd2 [btrfs]
[39389.800016]  [&lt;ffffffffa069363f&gt;] btrfs_ref_to_path+0xd6/0x174 [btrfs]
[39389.800016]  [&lt;ffffffffa0693730&gt;] inode_to_path+0x53/0xa2 [btrfs]
[39389.800016]  [&lt;ffffffffa0693e2e&gt;] paths_from_inode+0x117/0x2ec [btrfs]
[39389.800016]  [&lt;ffffffffa0670cff&gt;] btrfs_ioctl+0xd5b/0x2793 [btrfs]
[39389.800016]  [&lt;ffffffff8108a8b0&gt;] ? arch_local_irq_save+0x9/0xc
[39389.800016]  [&lt;ffffffff81276727&gt;] ? __this_cpu_preempt_check+0x13/0x15
[39389.800016]  [&lt;ffffffff8108a8b0&gt;] ? arch_local_irq_save+0x9/0xc
[39389.800016]  [&lt;ffffffff8118b3d4&gt;] ? rcu_read_unlock+0x3e/0x5d
[39389.800016]  [&lt;ffffffff811822f8&gt;] do_vfs_ioctl+0x42b/0x4ea
[39389.800016]  [&lt;ffffffff8118b4f3&gt;] ? __fget_light+0x62/0x71
[39389.800016]  [&lt;ffffffff8118240e&gt;] SyS_ioctl+0x57/0x79
[39389.800016]  [&lt;ffffffff814872d7&gt;] entry_SYSCALL_64_fastpath+0x12/0x6f
[39389.800016] Code: b9 01 01 00 00 f7 c6 00 ff ff ff 75 32 83 fe 01 89 ca 89 f0 0f 45 d7 f0 0f b1 13 39 f0 74 04 89 c6 eb e2 ff ca 0f 84 fa 00 00 00 &lt;8b&gt; 03 84 c0 74 04 f3 90 eb f6 66 c7 03 01 00 e9 e6 00 00 00 e8
[39389.800012] Modules linked in: btrfs dm_mod ppdev xor sha256_generic hmac raid6_pq drbg ansi_cprng aesni_intel i2c_piix4 acpi_cpufreq aes_x86_64 ablk_helper tpm_tis parport_pc i2c_core sg cryptd evdev psmouse lrw tpm parport gf128mul serio_raw pcspkr glue_helper processor button loop autofs4 ext4 crc16 mbcache jbd2 sd_mod sr_mod cdrom ata_generic virtio_scsi ata_piix libata virtio_pci virtio_ring crc32c_intel scsi_mod e1000 virtio floppy [last unloaded: btrfs]
[39389.800012] irq event stamp: 0
[39389.800012] hardirqs last  enabled at (0): [&lt;          (null)&gt;]           (null)
[39389.800012] hardirqs last disabled at (0): [&lt;ffffffff8104e58d&gt;] copy_process+0x638/0x1a35
[39389.800012] softirqs last  enabled at (0): [&lt;ffffffff8104e58d&gt;] copy_process+0x638/0x1a35
[39389.800012] softirqs last disabled at (0): [&lt;          (null)&gt;]           (null)
[39389.800012] CPU: 15 PID: 32166 Comm: fdm-stress Tainted: G             L  4.4.0-rc6-btrfs-next-18+ #1
[39389.800012] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS by qemu-project.org 04/01/2014
[39389.800012] task: ffff880179294380 ti: ffff880034a60000 task.ti: ffff880034a60000
[39389.800012] RIP: 0010:[&lt;ffffffff81091e8d&gt;]  [&lt;ffffffff81091e8d&gt;] queued_write_lock_slowpath+0x62/0x72
[39389.800012] RSP: 0018:ffff880034a639f0  EFLAGS: 00000206
[39389.800012] RAX: 0000000000000101 RBX: ffff8801710c4e98 RCX: 0000000000000000
[39389.800012] RDX: 00000000000000ff RSI: 0000000000000000 RDI: ffff8801710c4e9c
[39389.800012] RBP: ffff880034a639f8 R08: 0000000000000001 R09: 0000000000000000
[39389.800012] R10: ffff880034a639b0 R11: 0000000000001000 R12: ffff8801710c4e98
[39389.800012] R13: 0000000000000001 R14: ffff880172cbc000 R15: ffff8801710c4e00
[39389.800012] FS:  00007f6d377fe700(0000) GS:ffff8802be9e0000(0000) knlGS:0000000000000000
[39389.800012] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[39389.800012] CR2: 00007f6d3d3c1000 CR3: 0000000037c93000 CR4: 00000000001406e0
[39389.800012] Stack:
[39389.800012]  ffff8801710c4e98 ffff880034a63a10 ffffffff81091963 ffff8801710c4e98
[39389.800012]  ffff880034a63a30 ffffffff81486f1b ffffffffa0672cb3 ffff8801710c4e00
[39389.800012]  ffff880034a63a78 ffffffffa0672cb3 ffff8801710c4e00 ffff880034a63a58
[39389.800012] Call Trace:
[39389.800012]  [&lt;ffffffff81091963&gt;] do_raw_write_lock+0x72/0x8c
[39389.800012]  [&lt;ffffffff81486f1b&gt;] _raw_write_lock+0x3a/0x41
[39389.800012]  [&lt;ffffffffa0672cb3&gt;] ? btrfs_tree_lock+0x119/0x251 [btrfs]
[39389.800012]  [&lt;ffffffffa0672cb3&gt;] btrfs_tree_lock+0x119/0x251 [btrfs]
[39389.800012]  [&lt;ffffffffa061aeba&gt;] ? rcu_read_unlock+0x5b/0x5d [btrfs]
[39389.800012]  [&lt;ffffffffa061ce13&gt;] ? btrfs_root_node+0xda/0xe6 [btrfs]
[39389.800012]  [&lt;ffffffffa061ce83&gt;] btrfs_lock_root_node+0x22/0x42 [btrfs]
[39389.800012]  [&lt;ffffffffa062046b&gt;] btrfs_search_slot+0x1b8/0x758 [btrfs]
[39389.800012]  [&lt;ffffffff810fc6b0&gt;] ? time_hardirqs_on+0x15/0x28
[39389.800012]  [&lt;ffffffffa06365db&gt;] btrfs_lookup_inode+0x31/0x95 [btrfs]
[39389.800012]  [&lt;ffffffff8108d62f&gt;] ? trace_hardirqs_on+0xd/0xf
[39389.800012]  [&lt;ffffffff8148482b&gt;] ? mutex_lock_nested+0x397/0x3bc
[39389.800012]  [&lt;ffffffffa068821b&gt;] __btrfs_update_delayed_inode+0x59/0x1c0 [btrfs]
[39389.800012]  [&lt;ffffffffa068858e&gt;] __btrfs_commit_inode_delayed_items+0x194/0x5aa [btrfs]
[39389.800012]  [&lt;ffffffff81486ab7&gt;] ? _raw_spin_unlock+0x31/0x44
[39389.800012]  [&lt;ffffffffa0688a48&gt;] __btrfs_run_delayed_items+0xa4/0x15c [btrfs]
[39389.800012]  [&lt;ffffffffa0688d62&gt;] btrfs_run_delayed_items+0x11/0x13 [btrfs]
[39389.800012]  [&lt;ffffffffa064048e&gt;] btrfs_commit_transaction+0x234/0x96e [btrfs]
[39389.800012]  [&lt;ffffffffa0618d10&gt;] btrfs_sync_fs+0x145/0x1ad [btrfs]
[39389.800012]  [&lt;ffffffffa0671176&gt;] btrfs_ioctl+0x11d2/0x2793 [btrfs]
[39389.800012]  [&lt;ffffffff8108a8b0&gt;] ? arch_local_irq_save+0x9/0xc
[39389.800012]  [&lt;ffffffff81140261&gt;] ? __might_fault+0x4c/0xa7
[39389.800012]  [&lt;ffffffff81140261&gt;] ? __might_fault+0x4c/0xa7
[39389.800012]  [&lt;ffffffff8108a8b0&gt;] ? arch_local_irq_save+0x9/0xc
[39389.800012]  [&lt;ffffffff8118b3d4&gt;] ? rcu_read_unlock+0x3e/0x5d
[39389.800012]  [&lt;ffffffff811822f8&gt;] do_vfs_ioctl+0x42b/0x4ea
[39389.800012]  [&lt;ffffffff8118b4f3&gt;] ? __fget_light+0x62/0x71
[39389.800012]  [&lt;ffffffff8118240e&gt;] SyS_ioctl+0x57/0x79
[39389.800012]  [&lt;ffffffff814872d7&gt;] entry_SYSCALL_64_fastpath+0x12/0x6f
[39389.800012] Code: f0 0f b1 13 85 c0 75 ef eb 2a f3 90 8a 03 84 c0 75 f8 f0 0f b0 13 84 c0 75 f0 ba ff 00 00 00 eb 0a f0 0f b1 13 ff c8 74 0b f3 90 &lt;8b&gt; 03 83 f8 01 75 f7 eb ed c6 43 04 00 5b 5d c3 0f 1f 44 00 00

This happens because in the code path executed by the inode_paths ioctl we
end up nesting two calls to read lock a leaf's rwlock when after the first
call to read_lock() and before the second call to read_lock(), another
task (running the delayed items as part of a transaction commit) has
already called write_lock() against the leaf's rwlock. This situation is
illustrated by the following diagram:

         Task A                       Task B

  btrfs_ref_to_path()               btrfs_commit_transaction()
    read_lock(&amp;eb-&gt;lock);

                                      btrfs_run_delayed_items()
                                        __btrfs_commit_inode_delayed_items()
                                          __btrfs_update_delayed_inode()
                                            btrfs_lookup_inode()

                                              write_lock(&amp;eb-&gt;lock);
                                                --&gt; task waits for lock

    read_lock(&amp;eb-&gt;lock);
    --&gt; makes this task hang
        forever (and task B too
	of course)

So fix this by avoiding doing the nested read lock, which is easily
avoidable. This issue does not happen if task B calls write_lock() after
task A does the second call to read_lock(), however there does not seem
to exist anything in the documentation that mentions what is the expected
behaviour for recursive locking of rwlocks (leaving the idea that doing
so is not a good usage of rwlocks).

Also, as a side effect necessary for this fix, make sure we do not
needlessly read lock extent buffers when the input path has skip_locking
set (used when called from send).

Signed-off-by: Filipe Manana &lt;fdmanana@suse.com&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>btrfs: fix use after free iterating extrefs</title>
<updated>2015-11-16T11:26:49+00:00</updated>
<author>
<name>Chris Mason</name>
<email>clm@fb.com</email>
</author>
<published>2015-10-13T18:06:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=a806d978f040cb848a64bdeaf7b52cb61f6eb095'/>
<id>a806d978f040cb848a64bdeaf7b52cb61f6eb095</id>
<content type='text'>
commit dc6c5fb3b514221f2e9d21ee626a9d95d3418dff upstream.

The code for btrfs inode-resolve has never worked properly for
files with enough hard links to trigger extrefs.  It was trying to
get the leaf out of a path after freeing the path:

	btrfs_release_path(path);
	leaf = path-&gt;nodes[0];
	item_size = btrfs_item_size_nr(leaf, slot);

The fix here is to use the extent buffer we cloned just a little higher
up to avoid deadlocks caused by using the leaf in the path.

Signed-off-by: Chris Mason &lt;clm@fb.com&gt;
cc: Mark Fasheh &lt;mfasheh@suse.de&gt;
Reviewed-by: Filipe Manana &lt;fdmanana@suse.com&gt;
Reviewed-by: Mark Fasheh &lt;mfasheh@suse.de&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit dc6c5fb3b514221f2e9d21ee626a9d95d3418dff upstream.

The code for btrfs inode-resolve has never worked properly for
files with enough hard links to trigger extrefs.  It was trying to
get the leaf out of a path after freeing the path:

	btrfs_release_path(path);
	leaf = path-&gt;nodes[0];
	item_size = btrfs_item_size_nr(leaf, slot);

The fix here is to use the extent buffer we cloned just a little higher
up to avoid deadlocks caused by using the leaf in the path.

Signed-off-by: Chris Mason &lt;clm@fb.com&gt;
cc: Mark Fasheh &lt;mfasheh@suse.de&gt;
Reviewed-by: Filipe Manana &lt;fdmanana@suse.com&gt;
Reviewed-by: Mark Fasheh &lt;mfasheh@suse.de&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Btrfs: read lock extent buffer while walking backrefs</title>
<updated>2014-09-05T23:36:37+00:00</updated>
<author>
<name>Filipe Manana</name>
<email>fdmanana@suse.com</email>
</author>
<published>2014-07-02T19:07:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=480f1ea5e0697c721149fb6abe93652dc48e30ae'/>
<id>480f1ea5e0697c721149fb6abe93652dc48e30ae</id>
<content type='text'>
commit 6f7ff6d7832c6be13e8c95598884dbc40ad69fb7 upstream.

Before processing the extent buffer, acquire a read lock on it, so
that we're safe against concurrent updates on the extent buffer.

Signed-off-by: Filipe Manana &lt;fdmanana@suse.com&gt;
Signed-off-by: Chris Mason &lt;clm@fb.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 6f7ff6d7832c6be13e8c95598884dbc40ad69fb7 upstream.

Before processing the extent buffer, acquire a read lock on it, so
that we're safe against concurrent updates on the extent buffer.

Signed-off-by: Filipe Manana &lt;fdmanana@suse.com&gt;
Signed-off-by: Chris Mason &lt;clm@fb.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>Btrfs: Fix memory corruption by ulist_add_merge() on 32bit arch</title>
<updated>2014-09-05T23:36:36+00:00</updated>
<author>
<name>Takashi Iwai</name>
<email>tiwai@suse.de</email>
</author>
<published>2014-07-28T08:57:04+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=3173e852f05a359645eb3c9e141f3cff7d317c45'/>
<id>3173e852f05a359645eb3c9e141f3cff7d317c45</id>
<content type='text'>
commit 4eb1f66dce6c4dc28dd90a7ffbe6b2b1cb08aa4e upstream.

We've got bug reports that btrfs crashes when quota is enabled on
32bit kernel, typically with the Oops like below:
 BUG: unable to handle kernel NULL pointer dereference at 00000004
 IP: [&lt;f9234590&gt;] find_parent_nodes+0x360/0x1380 [btrfs]
 *pde = 00000000
 Oops: 0000 [#1] SMP
 CPU: 0 PID: 151 Comm: kworker/u8:2 Tainted: G S      W 3.15.2-1.gd43d97e-default #1
 Workqueue: btrfs-qgroup-rescan normal_work_helper [btrfs]
 task: f1478130 ti: f147c000 task.ti: f147c000
 EIP: 0060:[&lt;f9234590&gt;] EFLAGS: 00010213 CPU: 0
 EIP is at find_parent_nodes+0x360/0x1380 [btrfs]
 EAX: f147dda8 EBX: f147ddb0 ECX: 00000011 EDX: 00000000
 ESI: 00000000 EDI: f147dda4 EBP: f147ddf8 ESP: f147dd38
  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
 CR0: 8005003b CR2: 00000004 CR3: 00bf3000 CR4: 00000690
 Stack:
  00000000 00000000 f147dda4 00000050 00000001 00000000 00000001 00000050
  00000001 00000000 d3059000 00000001 00000022 000000a8 00000000 00000000
  00000000 000000a1 00000000 00000000 00000001 00000000 00000000 11800000
 Call Trace:
  [&lt;f923564d&gt;] __btrfs_find_all_roots+0x9d/0xf0 [btrfs]
  [&lt;f9237bb1&gt;] btrfs_qgroup_rescan_worker+0x401/0x760 [btrfs]
  [&lt;f9206148&gt;] normal_work_helper+0xc8/0x270 [btrfs]
  [&lt;c025e38b&gt;] process_one_work+0x11b/0x390
  [&lt;c025eea1&gt;] worker_thread+0x101/0x340
  [&lt;c026432b&gt;] kthread+0x9b/0xb0
  [&lt;c0712a71&gt;] ret_from_kernel_thread+0x21/0x30
  [&lt;c0264290&gt;] kthread_create_on_node+0x110/0x110

This indicates a NULL corruption in prefs_delayed list.  The further
investigation and bisection pointed that the call of ulist_add_merge()
results in the corruption.

ulist_add_merge() takes u64 as aux and writes a 64bit value into
old_aux.  The callers of this function in backref.c, however, pass a
pointer of a pointer to old_aux.  That is, the function overwrites
64bit value on 32bit pointer.  This caused a NULL in the adjacent
variable, in this case, prefs_delayed.

Here is a quick attempt to band-aid over this: a new function,
ulist_add_merge_ptr() is introduced to pass/store properly a pointer
value instead of u64.  There are still ugly void ** cast remaining
in the callers because void ** cannot be taken implicitly.  But, it's
safer than explicit cast to u64, anyway.

Bugzilla: https://bugzilla.novell.com/show_bug.cgi?id=887046
Signed-off-by: Takashi Iwai &lt;tiwai@suse.de&gt;
Signed-off-by: Chris Mason &lt;clm@fb.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 4eb1f66dce6c4dc28dd90a7ffbe6b2b1cb08aa4e upstream.

We've got bug reports that btrfs crashes when quota is enabled on
32bit kernel, typically with the Oops like below:
 BUG: unable to handle kernel NULL pointer dereference at 00000004
 IP: [&lt;f9234590&gt;] find_parent_nodes+0x360/0x1380 [btrfs]
 *pde = 00000000
 Oops: 0000 [#1] SMP
 CPU: 0 PID: 151 Comm: kworker/u8:2 Tainted: G S      W 3.15.2-1.gd43d97e-default #1
 Workqueue: btrfs-qgroup-rescan normal_work_helper [btrfs]
 task: f1478130 ti: f147c000 task.ti: f147c000
 EIP: 0060:[&lt;f9234590&gt;] EFLAGS: 00010213 CPU: 0
 EIP is at find_parent_nodes+0x360/0x1380 [btrfs]
 EAX: f147dda8 EBX: f147ddb0 ECX: 00000011 EDX: 00000000
 ESI: 00000000 EDI: f147dda4 EBP: f147ddf8 ESP: f147dd38
  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
 CR0: 8005003b CR2: 00000004 CR3: 00bf3000 CR4: 00000690
 Stack:
  00000000 00000000 f147dda4 00000050 00000001 00000000 00000001 00000050
  00000001 00000000 d3059000 00000001 00000022 000000a8 00000000 00000000
  00000000 000000a1 00000000 00000000 00000001 00000000 00000000 11800000
 Call Trace:
  [&lt;f923564d&gt;] __btrfs_find_all_roots+0x9d/0xf0 [btrfs]
  [&lt;f9237bb1&gt;] btrfs_qgroup_rescan_worker+0x401/0x760 [btrfs]
  [&lt;f9206148&gt;] normal_work_helper+0xc8/0x270 [btrfs]
  [&lt;c025e38b&gt;] process_one_work+0x11b/0x390
  [&lt;c025eea1&gt;] worker_thread+0x101/0x340
  [&lt;c026432b&gt;] kthread+0x9b/0xb0
  [&lt;c0712a71&gt;] ret_from_kernel_thread+0x21/0x30
  [&lt;c0264290&gt;] kthread_create_on_node+0x110/0x110

This indicates a NULL corruption in prefs_delayed list.  The further
investigation and bisection pointed that the call of ulist_add_merge()
results in the corruption.

ulist_add_merge() takes u64 as aux and writes a 64bit value into
old_aux.  The callers of this function in backref.c, however, pass a
pointer of a pointer to old_aux.  That is, the function overwrites
64bit value on 32bit pointer.  This caused a NULL in the adjacent
variable, in this case, prefs_delayed.

Here is a quick attempt to band-aid over this: a new function,
ulist_add_merge_ptr() is introduced to pass/store properly a pointer
value instead of u64.  There are still ugly void ** cast remaining
in the callers because void ** cannot be taken implicitly.  But, it's
safer than explicit cast to u64, anyway.

Bugzilla: https://bugzilla.novell.com/show_bug.cgi?id=887046
Signed-off-by: Takashi Iwai &lt;tiwai@suse.de&gt;
Signed-off-by: Chris Mason &lt;clm@fb.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>Btrfs: fix scrub_print_warning to handle skinny metadata extents</title>
<updated>2014-06-10T00:21:17+00:00</updated>
<author>
<name>Liu Bo</name>
<email>bo.li.liu@oracle.com</email>
</author>
<published>2014-06-09T02:54:07+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=6eda71d0c030af0fc2f68aaa676e6d445600855b'/>
<id>6eda71d0c030af0fc2f68aaa676e6d445600855b</id>
<content type='text'>
The skinny extents are intepreted incorrectly in scrub_print_warning(),
and end up hitting the BUG() in btrfs_extent_inline_ref_size.

Reported-by: Konstantinos Skarlatos &lt;k.skarlatos@gmail.com&gt;
Signed-off-by: Liu Bo &lt;bo.li.liu@oracle.com&gt;
Signed-off-by: Chris Mason &lt;clm@fb.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The skinny extents are intepreted incorrectly in scrub_print_warning(),
and end up hitting the BUG() in btrfs_extent_inline_ref_size.

Reported-by: Konstantinos Skarlatos &lt;k.skarlatos@gmail.com&gt;
Signed-off-by: Liu Bo &lt;bo.li.liu@oracle.com&gt;
Signed-off-by: Chris Mason &lt;clm@fb.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Btrfs: use right type to get real comparison</title>
<updated>2014-06-10T00:21:15+00:00</updated>
<author>
<name>Liu Bo</name>
<email>bo.li.liu@oracle.com</email>
</author>
<published>2014-06-08T11:04:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=cd857dd6bc2ae9ecea14e75a34e8a8fdc158e307'/>
<id>cd857dd6bc2ae9ecea14e75a34e8a8fdc158e307</id>
<content type='text'>
We want to make sure the point is still within the extent item, not to verify
the memory it's pointing to.

Signed-off-by: Liu Bo &lt;bo.li.liu@oracle.com&gt;
Signed-off-by: Chris Mason &lt;clm@fb.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
We want to make sure the point is still within the extent item, not to verify
the memory it's pointing to.

Signed-off-by: Liu Bo &lt;bo.li.liu@oracle.com&gt;
Signed-off-by: Chris Mason &lt;clm@fb.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Btrfs: don't check nodes for extent items</title>
<updated>2014-06-10T00:21:14+00:00</updated>
<author>
<name>Josef Bacik</name>
<email>jbacik@fb.com</email>
</author>
<published>2014-06-05T20:08:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=8a56457f5f8fa7c2698ffae8545214c5b96a2cb5'/>
<id>8a56457f5f8fa7c2698ffae8545214c5b96a2cb5</id>
<content type='text'>
The backref code was looking at nodes as well as leaves when we tried to
populate extent item entries.  This is not good, and although we go away with it
for the most part because we'd skip where disk_bytenr != random_memory,
sometimes random_memory would match and suddenly boom.  This fixes that problem.
Thanks,

Signed-off-by: Josef Bacik &lt;jbacik@fb.com&gt;
Signed-off-by: Chris Mason &lt;clm@fb.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The backref code was looking at nodes as well as leaves when we tried to
populate extent item entries.  This is not good, and although we go away with it
for the most part because we'd skip where disk_bytenr != random_memory,
sometimes random_memory would match and suddenly boom.  This fixes that problem.
Thanks,

Signed-off-by: Josef Bacik &lt;jbacik@fb.com&gt;
Signed-off-by: Chris Mason &lt;clm@fb.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Btrfs: add sanity tests for new qgroup accounting code</title>
<updated>2014-06-10T00:20:49+00:00</updated>
<author>
<name>Josef Bacik</name>
<email>jbacik@fb.com</email>
</author>
<published>2014-05-07T21:06:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=faa2dbf004e89e8f7ccd28fbe6f07c308417b8ae'/>
<id>faa2dbf004e89e8f7ccd28fbe6f07c308417b8ae</id>
<content type='text'>
This exercises the various parts of the new qgroup accounting code.  We do some
basic stuff and do some things with the shared refs to make sure all that code
works.  I had to add a bunch of infrastructure because I needed to be able to
insert items into a fake tree without having to do all the hard work myself,
hopefully this will be usefull in the future.  Thanks,

Signed-off-by: Josef Bacik &lt;jbacik@fb.com&gt;
Signed-off-by: Chris Mason &lt;clm@fb.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This exercises the various parts of the new qgroup accounting code.  We do some
basic stuff and do some things with the shared refs to make sure all that code
works.  I had to add a bunch of infrastructure because I needed to be able to
insert items into a fake tree without having to do all the hard work myself,
hopefully this will be usefull in the future.  Thanks,

Signed-off-by: Josef Bacik &lt;jbacik@fb.com&gt;
Signed-off-by: Chris Mason &lt;clm@fb.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Btrfs: remove transaction from send</title>
<updated>2014-04-07T00:39:30+00:00</updated>
<author>
<name>Josef Bacik</name>
<email>jbacik@fb.com</email>
</author>
<published>2014-03-13T19:42:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=9e351cc862b098d8ec8f8022d110932490794925'/>
<id>9e351cc862b098d8ec8f8022d110932490794925</id>
<content type='text'>
Lets try this again.  We can deadlock the box if we send on a box and try to
write onto the same fs with the app that is trying to listen to the send pipe.
This is because the writer could get stuck waiting for a transaction commit
which is being blocked by the send.  So fix this by making sure looking at the
commit roots is always going to be consistent.  We do this by keeping track of
which roots need to have their commit roots swapped during commit, and then
taking the commit_root_sem and swapping them all at once.  Then make sure we
take a read lock on the commit_root_sem in cases where we search the commit root
to make sure we're always looking at a consistent view of the commit roots.
Previously we had problems with this because we would swap a fs tree commit root
and then swap the extent tree commit root independently which would cause the
backref walking code to screw up sometimes.  With this patch we no longer
deadlock and pass all the weird send/receive corner cases.  Thanks,

Reportedy-by: Hugo Mills &lt;hugo@carfax.org.uk&gt;
Signed-off-by: Josef Bacik &lt;jbacik@fb.com&gt;
Signed-off-by: Chris Mason &lt;clm@fb.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Lets try this again.  We can deadlock the box if we send on a box and try to
write onto the same fs with the app that is trying to listen to the send pipe.
This is because the writer could get stuck waiting for a transaction commit
which is being blocked by the send.  So fix this by making sure looking at the
commit roots is always going to be consistent.  We do this by keeping track of
which roots need to have their commit roots swapped during commit, and then
taking the commit_root_sem and swapping them all at once.  Then make sure we
take a read lock on the commit_root_sem in cases where we search the commit root
to make sure we're always looking at a consistent view of the commit roots.
Previously we had problems with this because we would swap a fs tree commit root
and then swap the extent tree commit root independently which would cause the
backref walking code to screw up sometimes.  With this patch we no longer
deadlock and pass all the weird send/receive corner cases.  Thanks,

Reportedy-by: Hugo Mills &lt;hugo@carfax.org.uk&gt;
Signed-off-by: Josef Bacik &lt;jbacik@fb.com&gt;
Signed-off-by: Chris Mason &lt;clm@fb.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
