Commit d05a2b4c authored by Filipe Manana's avatar Filipe Manana Committed by Chris Mason

Btrfs: fix race that makes btrfs_lookup_extent_info miss skinny extent items

We have a race that can lead us to miss skinny extent items in the function
btrfs_lookup_extent_info() when the skinny metadata feature is enabled.
So basically the sequence of steps is:

1) We search in the extent tree for the skinny extent, which returns > 0
   (not found);

2) We check the previous item in the returned leaf for a non-skinny extent,
   and we don't find it;

3) Because we didn't find the non-skinny extent in step 2), we release our
   path to search the extent tree again, but this time for a non-skinny
   extent key;

4) Right after we released our path in step 3), a skinny extent was inserted
   in the extent tree (delayed refs were run) - our second extent tree search
   will miss it, because it's not looking for a skinny extent;

5) After the second search returned (with ret > 0), we look for any delayed
   ref for our extent's bytenr (and we do it while holding a read lock on the
   leaf), but we won't find any, as such delayed ref had just run and completed
   after we released out path in step 3) before doing the second search.

Fix this by removing completely the path release and re-search logic. This is
safe, because if we seach for a metadata item and we don't find it, we have the
guarantee that the returned leaf is the one where the item would be inserted,
and so path->slots[0] > 0 and path->slots[0] - 1 must be the slot where the
non-skinny extent item is if it exists. The only case where path->slots[0] is
zero is when there are no smaller keys in the tree (i.e. no left siblings for
our leaf), in which case the re-search logic isn't needed as well.

This race has been present since the introduction of skinny metadata (change
3173a18f).
Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
Reviewed-by: default avatarMiao Xie <miaox@cn.fujitsu.com>
Signed-off-by: default avatarChris Mason <clm@fb.com>
parent 5ed5f588
...@@ -780,7 +780,6 @@ int btrfs_lookup_extent_info(struct btrfs_trans_handle *trans, ...@@ -780,7 +780,6 @@ int btrfs_lookup_extent_info(struct btrfs_trans_handle *trans,
else else
key.type = BTRFS_EXTENT_ITEM_KEY; key.type = BTRFS_EXTENT_ITEM_KEY;
again:
ret = btrfs_search_slot(trans, root->fs_info->extent_root, ret = btrfs_search_slot(trans, root->fs_info->extent_root,
&key, path, 0, 0); &key, path, 0, 0);
if (ret < 0) if (ret < 0)
...@@ -796,13 +795,6 @@ int btrfs_lookup_extent_info(struct btrfs_trans_handle *trans, ...@@ -796,13 +795,6 @@ int btrfs_lookup_extent_info(struct btrfs_trans_handle *trans,
key.offset == root->nodesize) key.offset == root->nodesize)
ret = 0; ret = 0;
} }
if (ret) {
key.objectid = bytenr;
key.type = BTRFS_EXTENT_ITEM_KEY;
key.offset = root->nodesize;
btrfs_release_path(path);
goto again;
}
} }
if (ret == 0) { if (ret == 0) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment