linux/fs/btrfs
Qu Wenruo 917ac77846 btrfs: subpage: fix a crash in metadata repair path
[BUG]
Test case btrfs/027 would crash with subpage (64K page size, 4K
sectorsize) with the following dying messages:

  debug: map_length=16384 length=65536 type=metadata|raid6(0x104)
  assertion failed: map_length >= length, in fs/btrfs/volumes.c:8093
  ------------[ cut here ]------------
  kernel BUG at fs/btrfs/messages.c:259!
  Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015
  Call trace:
   btrfs_assertfail+0x28/0x2c [btrfs]
   btrfs_map_repair_block+0x150/0x2b8 [btrfs]
   btrfs_repair_io_failure+0xd4/0x31c [btrfs]
   btrfs_read_extent_buffer+0x150/0x16c [btrfs]
   read_tree_block+0x38/0xbc [btrfs]
   read_tree_root_path+0xfc/0x1bc [btrfs]
   btrfs_get_root_ref.part.0+0xd4/0x3a8 [btrfs]
   open_ctree+0xa30/0x172c [btrfs]
   btrfs_mount_root+0x3c4/0x4a4 [btrfs]
   legacy_get_tree+0x30/0x60
   vfs_get_tree+0x28/0xec
   vfs_kern_mount.part.0+0x90/0xd4
   vfs_kern_mount+0x14/0x28
   btrfs_mount+0x114/0x418 [btrfs]
   legacy_get_tree+0x30/0x60
   vfs_get_tree+0x28/0xec
   path_mount+0x3e0/0xb64
   __arm64_sys_mount+0x200/0x2d8
   invoke_syscall+0x48/0x114
   el0_svc_common.constprop.0+0x60/0x11c
   do_el0_svc+0x38/0x98
   el0_svc+0x40/0xa8
   el0t_64_sync_handler+0xf4/0x120
   el0t_64_sync+0x190/0x194
  Code: aa0403e2 b0fff060 91010000 959c2024 (d4210000)

[CAUSE]
In btrfs/027 we test RAID6 with missing devices, in this particular
case, we're repairing a metadata at the end of a data stripe.

But at btrfs_repair_io_failure(), we always pass a full PAGE for repair,
and for subpage case this can cross stripe boundary and lead to the
above BUG_ON().

This metadata repair code is always there, since the introduction of
subpage support, but this can trigger BUG_ON() after the bio split
ability at btrfs_map_bio().

[FIX]
Instead of passing the old PAGE_SIZE, we calculate the correct length
based on the eb size and page size for both regular and subpage cases.

CC: stable@vger.kernel.org # 6.3+
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2023-06-05 19:21:57 +02:00
..
tests btrfs: replace map_lookup->stripe_len by BTRFS_STRIPE_LEN 2023-04-17 18:01:14 +02:00
accessors.c btrfs: add eb to btrfs_node_key_ptr_offset 2022-12-05 18:00:58 +01:00
accessors.h btrfs: add stack helpers for a few btrfs items 2022-12-05 18:00:58 +01:00
acl.c fs: port acl to mnt_idmap 2023-01-19 09:24:28 +01:00
acl.h fs: port ->set_acl() to pass mnt_idmap 2023-01-19 09:24:27 +01:00
async-thread.c btrfs: simplify WQ_HIGHPRI handling in struct btrfs_workqueue 2022-05-16 17:03:15 +02:00
async-thread.h btrfs: remove unused typedefs get_extent_t and btrfs_work_func_t 2022-07-25 17:45:36 +02:00
backref.c btrfs: fix backref walking not returning all inode refs 2023-05-09 22:09:11 +02:00
backref.h btrfs: fix backref walking not returning all inode refs 2023-05-09 22:09:11 +02:00
bio.c btrfs: zoned: fix dev-replace after the scrub rework 2023-06-01 15:12:02 +02:00
bio.h btrfs: introduce a new helper to submit write bio for repair 2023-04-17 18:01:23 +02:00
block-group.c btrfs: scrub: try harder to mark RAID56 block groups read-only 2023-05-17 11:59:46 +02:00
block-group.h btrfs: scrub: remove the old scrub recheck code 2023-04-17 18:01:24 +02:00
block-rsv.c btrfs: don't free qgroup space unless specified 2023-05-03 16:37:56 +02:00
block-rsv.h btrfs: simplify variables in btrfs_block_rsv_refill() 2023-04-17 18:01:19 +02:00
btrfs_inode.h btrfs: avoid iterating over all indexes when logging directory 2023-04-17 19:52:19 +02:00
check-integrity.c btrfs: use btrfs_dev_name() helper to handle missing devices better 2022-12-05 18:00:57 +01:00
check-integrity.h btrfs: check-integrity: split submit_bio from btrfsic checking 2022-05-16 17:03:12 +02:00
compression.c btrfs: introduce btrfs_bio::fs_info member 2023-04-17 18:01:23 +02:00
compression.h btrfs: move kthread_associate_blkcg out of btrfs_submit_compressed_write 2023-04-17 18:01:22 +02:00
ctree.c btrfs: print extent buffers when sibling keys check fails 2023-04-28 16:36:39 +02:00
ctree.h btrfs: open code btrfs_bin_search() 2023-04-17 18:01:15 +02:00
defrag.c btrfs: remove the wait argument to btrfs_start_ordered_extent 2023-02-13 17:50:34 +01:00
defrag.h btrfs: move defrag related prototypes to their own header 2022-12-05 18:00:46 +01:00
delalloc-space.c btrfs: count extents before taking inode's spinlock when reserving metadata 2023-04-17 18:01:19 +02:00
delalloc-space.h btrfs: move delalloc space related prototypes to delalloc-space.h 2022-12-05 18:00:44 +01:00
delayed-inode.c btrfs: handle btrfs_del_item errors in __btrfs_update_delayed_inode 2023-03-06 19:28:19 +01:00
delayed-inode.h btrfs: extend btrfs_dir_item type to store encryption status 2022-12-05 18:00:43 +01:00
delayed-ref.c btrfs: add helper to calculate space for delayed references 2023-04-17 18:01:19 +02:00
delayed-ref.h btrfs: add helper to calculate space for delayed references 2023-04-17 18:01:19 +02:00
dev-replace.c btrfs: use btrfs_dev_name() helper to handle missing devices better 2022-12-05 18:00:57 +01:00
dev-replace.h btrfs: move dev-replace prototypes into dev-replace.h 2022-12-05 18:00:47 +01:00
dir-item.c btrfs: move dir-item prototypes into dir-item.h 2022-12-05 18:00:46 +01:00
dir-item.h btrfs: move dir-item prototypes into dir-item.h 2022-12-05 18:00:46 +01:00
discard.c btrfs: reinterpret async discard iops_limit=0 as no delay 2023-04-17 19:52:19 +02:00
discard.h btrfs: cleanup btrfs_discard_update_discardable usage 2020-12-08 15:54:02 +01:00
disk-io.c btrfs: subpage: fix a crash in metadata repair path 2023-06-05 19:21:57 +02:00
disk-io.h btrfs: rename btrfs_clean_tree_block to btrfs_clear_buffer_dirty 2023-02-15 19:38:53 +01:00
export.c btrfs: move super_block specific helpers into super.h 2022-12-05 18:00:47 +01:00
export.h btrfs: simplify generation check in btrfs_get_dentry 2022-12-05 18:00:41 +01:00
extent_io.c btrfs: introduce btrfs_bio::fs_info member 2023-04-17 18:01:23 +02:00
extent_io.h btrfs: combine btrfs_clear_buffer_dirty and clear_extent_buffer_dirty 2023-02-15 19:38:54 +01:00
extent_map.c btrfs: fix extent map logging bit not cleared for split maps after dropping range 2023-03-06 19:28:19 +01:00
extent_map.h btrfs: remove no longer used btrfs_next_extent_map() 2022-12-05 18:00:56 +01:00
extent-io-tree.c btrfs: fix spelling mistakes found using codespell 2023-02-15 19:38:50 +01:00
extent-io-tree.h btrfs: remove the io_failure_record infrastructure 2023-02-15 19:38:51 +01:00
extent-tree.c btrfs: remove obsolete delayed ref throttling logic when truncating items 2023-04-17 18:01:19 +02:00
extent-tree.h btrfs: introduce size class to block group allocator 2023-02-13 17:50:34 +01:00
file-item.c btrfs: handle memory allocation failure in btrfs_csum_one_bio 2023-05-17 13:08:28 +02:00
file-item.h btrfs: scrub: introduce helper to find and fill sector info for a scrub_stripe 2023-04-17 18:01:23 +02:00
file.c btrfs: remove the wait argument to btrfs_start_ordered_extent 2023-02-13 17:50:34 +01:00
file.h btrfs: use cached state when looking for delalloc ranges with fiemap 2022-12-05 18:00:56 +01:00
free-space-cache.c btrfs: fix space cache inconsistency after error loading it from disk 2023-05-09 22:08:05 +02:00
free-space-cache.h btrfs: convert discard stat defs to enum 2022-12-05 18:00:45 +01:00
free-space-tree.c btrfs: make clear_cache mount option to rebuild FST without disabling it 2023-05-10 14:51:27 +02:00
free-space-tree.h btrfs: make clear_cache mount option to rebuild FST without disabling it 2023-05-10 14:51:27 +02:00
fs.c btrfs: sysfs: update fs features directory asynchronously 2023-02-13 17:50:35 +01:00
fs.h btrfs: scrub: remove scrub_parity structure 2023-04-17 18:01:24 +02:00
inode-item.c btrfs: remove obsolete delayed ref throttling logic when truncating items 2023-04-17 18:01:19 +02:00
inode-item.h btrfs: use struct fscrypt_str instead of struct qstr 2022-12-05 18:00:43 +01:00
inode.c btrfs: zoned: zone finish data relocation BG with last IO 2023-05-10 14:50:12 +02:00
ioctl.c btrfs: fix assertion of exclop condition when starting balance 2023-04-28 16:36:27 +02:00
ioctl.h fs: port ->fileattr_set() to pass mnt_idmap 2023-01-19 09:24:27 +01:00
Kconfig block: make blkcg_punt_bio_submit optional 2023-04-17 18:01:22 +02:00
locking.c btrfs: locking: use atomic for DREW lock writers 2023-04-17 18:01:17 +02:00
locking.h btrfs: locking: use atomic for DREW lock writers 2023-04-17 18:01:17 +02:00
lru_cache.c btrfs: send: cache utimes operations for directories if possible 2023-02-15 19:38:50 +01:00
lru_cache.h btrfs: remove btrfs_lru_cache_is_full() inline function 2023-04-17 18:01:18 +02:00
lzo.c btrfs: move zero filling of compressed read bios into common code 2023-04-17 18:01:17 +02:00
Makefile btrfs: send: genericize the backref cache to allow it to be reused 2023-02-13 17:50:35 +01:00
messages.c btrfs: mark btrfs_assertfail() __noreturn 2023-04-17 19:52:19 +02:00
messages.h btrfs: mark btrfs_assertfail() __noreturn 2023-04-17 19:52:19 +02:00
misc.h btrfs: simplify percent calculation helpers, rename div_factor 2022-12-05 18:00:48 +01:00
ordered-data.c btrfs: fold btrfs_clone_ordered_extent into btrfs_split_ordered_extent 2023-04-17 18:01:21 +02:00
ordered-data.h btrfs: sink parameter len to btrfs_split_ordered_extent 2023-04-17 18:01:21 +02:00
orphan.c btrfs: move orphan prototypes into orphan.h 2022-12-05 18:00:47 +01:00
orphan.h btrfs: move orphan prototypes into orphan.h 2022-12-05 18:00:47 +01:00
print-tree.c btrfs: print-tree: parent bytenr must be aligned to sector size 2023-05-09 22:07:40 +02:00
print-tree.h btrfs: print the actual offset in btrfs_root_name 2021-01-07 17:25:05 +01:00
props.c btrfs: move super_block specific helpers into super.h 2022-12-05 18:00:47 +01:00
props.h btrfs: make module init/exit match their sequence 2022-12-05 18:00:40 +01:00
qgroup.c btrfs: fix race between quota disable and quota assign ioctls 2023-03-28 00:46:53 +02:00
qgroup.h btrfs: sink gfp_t parameter to btrfs_qgroup_trace_extent 2022-12-05 18:00:43 +01:00
raid56.c btrfs: remove unused raid56 functions which were dedicated for scrub 2023-04-17 19:52:18 +02:00
raid56.h btrfs: remove unused raid56 functions which were dedicated for scrub 2023-04-17 19:52:18 +02:00
rcu-string.h btrfs: replace strncpy() with strscpy() 2022-12-05 18:00:59 +01:00
ref-verify.c btrfs: move accessor helpers into accessors.h 2022-12-05 18:00:42 +01:00
ref-verify.h
reflink.c btrfs: pass btrfs_inode to btrfs_inode_unlock 2022-12-05 18:00:53 +01:00
reflink.h
relocation.c btrfs: fix backref walking not returning all inode refs 2023-05-09 22:09:11 +02:00
relocation.h btrfs: move relocation prototypes into relocation.h 2022-12-05 18:00:47 +01:00
root-tree.c btrfs: move orphan prototypes into orphan.h 2022-12-05 18:00:47 +01:00
root-tree.h btrfs: move root tree prototypes to their own header 2022-12-05 18:00:44 +01:00
scrub.c btrfs: zoned: fix dev-replace after the scrub rework 2023-06-01 15:12:02 +02:00
scrub.h btrfs: scrub: remove scrub_bio structure 2023-04-17 18:01:24 +02:00
send.c btrfs: fix uninitialized variable warnings 2023-04-17 19:52:19 +02:00
send.h btrfs: send add define for v2 buffer size 2022-12-05 18:00:41 +01:00
space-info.c btrfs: add helper to calculate space for delayed references 2023-04-17 18:01:19 +02:00
space-info.h btrfs: update documentation for BTRFS_RESERVE_FLUSH_EVICT flush method 2023-04-17 18:01:18 +02:00
subpage.c btrfs: move the printk helpers out of ctree.h 2022-12-05 18:00:41 +01:00
subpage.h btrfs: make nodesize >= PAGE_SIZE case to reuse the non-subpage routine 2022-05-16 17:03:11 +02:00
super.c btrfs: make clear_cache mount option to rebuild FST without disabling it 2023-05-10 14:51:27 +02:00
super.h btrfs: move super_block specific helpers into super.h 2022-12-05 18:00:47 +01:00
sysfs.c btrfs: sysfs: relax bg_reclaim_threshold for debugging purposes 2023-04-17 18:01:18 +02:00
sysfs.h btrfs: sysfs: update fs features directory asynchronously 2023-02-13 17:50:35 +01:00
transaction.c btrfs: correctly calculate delayed ref bytes when starting transaction 2023-04-17 18:01:22 +02:00
transaction.h btrfs: move btrfs_abort_transaction to transaction.c 2023-02-13 17:50:33 +01:00
tree-checker.c btrfs: reduce div64 calls by limiting the number of stripes of a chunk to u32 2023-04-17 18:01:14 +02:00
tree-checker.h btrfs: move struct btrfs_tree_parent_check out of disk-io.h 2022-12-05 18:00:57 +01:00
tree-log.c btrfs: fix an uninitialized variable warning in btrfs_log_inode 2023-05-26 23:24:04 +02:00
tree-log.h btrfs: use a negative value for BTRFS_LOG_FORCE_COMMIT 2023-02-13 17:50:34 +01:00
tree-mod-log.c btrfs: add eb to btrfs_node_key_ptr_offset 2022-12-05 18:00:58 +01:00
tree-mod-log.h btrfs: fix SPDX comment in tree-mod-log.h 2022-12-05 18:00:48 +01:00
ulist.c btrfs: constify ulist parameter of ulist_next() 2022-12-05 18:00:50 +01:00
ulist.h btrfs: constify ulist parameter of ulist_next() 2022-12-05 18:00:50 +01:00
uuid-tree.c btrfs: move uuid tree prototypes to uuid-tree.h 2022-12-05 18:00:46 +01:00
uuid-tree.h btrfs: move uuid tree prototypes to uuid-tree.h 2022-12-05 18:00:46 +01:00
verity.c fsverity: pass pos and size to ->write_merkle_tree_block 2023-01-01 15:46:48 -08:00
verity.h btrfs: move verity prototypes into verity.h 2022-12-05 18:00:47 +01:00
volumes.c btrfs: fix leak of source device allocation state after device replace 2023-04-28 16:36:31 +02:00
volumes.h btrfs: introduce a new helper to submit write bio for repair 2023-04-17 18:01:23 +02:00
xattr.c fs: port xattr to mnt_idmap 2023-01-19 09:24:28 +01:00
xattr.h
zlib.c btrfs: move zero filling of compressed read bios into common code 2023-04-17 18:01:17 +02:00
zoned.c btrfs: zero the buffer before marking it dirty in btrfs_redirty_list_add 2023-05-10 14:50:29 +02:00
zoned.h btrfs: pass a btrfs_bio to btrfs_use_append 2023-02-15 19:38:55 +01:00
zstd.c btrfs: move zero filling of compressed read bios into common code 2023-04-17 18:01:17 +02:00