• Qu Wenruo's avatar
    btrfs: qgroup: Don't copy extent buffer to do qgroup rescan · 0a0e8b89
    Qu Wenruo authored
    Ancient qgroup code call memcpy() on a extent buffer and use it for leaf
    iteration.
    
    As extent buffer contains lock, pointers to pages, it's never sane to do
    such copy.
    
    The following bug may be caused by this insane operation:
    [92098.841309] general protection fault: 0000 [#1] SMP
    [92098.841338] Modules linked in: ...
    [92098.841814] CPU: 1 PID: 24655 Comm: kworker/u4:12 Not tainted
    4.3.0-rc1 #1
    [92098.841868] Workqueue: btrfs-qgroup-rescan btrfs_qgroup_rescan_helper
    [btrfs]
    [92098.842261] Call Trace:
    [92098.842277]  [<ffffffffc035a5d8>] ? read_extent_buffer+0xb8/0x110
    [btrfs]
    [92098.842304]  [<ffffffffc0396d00>] ? btrfs_find_all_roots+0x60/0x70
    [btrfs]
    [92098.842329]  [<ffffffffc039af3d>]
    btrfs_qgroup_rescan_worker+0x28d/0x5a0 [btrfs]
    
    Where btrfs_qgroup_rescan_worker+0x28d is btrfs_disk_key_to_cpu(),
    called in reading key from the copied extent_buffer.
    
    This patch will use btrfs_clone_extent_buffer() to a better copy of
    extent buffer to deal such case.
    Reported-by: default avatarStephane Lesimple <stephane_btrfs@lesimple.fr>
    Suggested-by: default avatarFilipe Manana <fdmanana@kernel.org>
    Signed-off-by: default avatarQu Wenruo <quwenruo@cn.fujitsu.com>
    Reviewed-by: default avatarFilipe Manana <fdmanana@suse.com>
    Signed-off-by: default avatarChris Mason <clm@fb.com>
    0a0e8b89
qgroup.c 65.8 KB