Commit ad3e34bb authored by Josef Bacik's avatar Josef Bacik Committed by Arne Jansen

Btrfs: don't map extent buffer if path->skip_locking is set

Arne's scrub stuff exposed a problem with mapping the extent buffer in
reada_for_search.  He searches the commit root with multiple threads and with
skip_locking set, so we can race and overwrite node->map_token since node isn't
locked.  So fix this so that we only map the extent buffer if we don't already
have a map_token and skip_locking isn't set.  Without this patch scrub would
panic almost immediately, with the patch it doesn't panic anymore.  Thanks,
Reported-by: default avatarArne Jansen <sensille@gmx.net>
Signed-off-by: default avatarJosef Bacik <josef@redhat.com>
parent aa0467d8
...@@ -1228,6 +1228,7 @@ static void reada_for_search(struct btrfs_root *root, ...@@ -1228,6 +1228,7 @@ static void reada_for_search(struct btrfs_root *root,
u32 nr; u32 nr;
u32 blocksize; u32 blocksize;
u32 nscan = 0; u32 nscan = 0;
bool map = true;
if (level != 1) if (level != 1)
return; return;
...@@ -1249,8 +1250,11 @@ static void reada_for_search(struct btrfs_root *root, ...@@ -1249,8 +1250,11 @@ static void reada_for_search(struct btrfs_root *root,
nritems = btrfs_header_nritems(node); nritems = btrfs_header_nritems(node);
nr = slot; nr = slot;
if (node->map_token || path->skip_locking)
map = false;
while (1) { while (1) {
if (!node->map_token) { if (map && !node->map_token) {
unsigned long offset = btrfs_node_key_ptr_offset(nr); unsigned long offset = btrfs_node_key_ptr_offset(nr);
map_private_extent_buffer(node, offset, map_private_extent_buffer(node, offset,
sizeof(struct btrfs_key_ptr), sizeof(struct btrfs_key_ptr),
...@@ -1277,7 +1281,7 @@ static void reada_for_search(struct btrfs_root *root, ...@@ -1277,7 +1281,7 @@ static void reada_for_search(struct btrfs_root *root,
if ((search <= target && target - search <= 65536) || if ((search <= target && target - search <= 65536) ||
(search > target && search - target <= 65536)) { (search > target && search - target <= 65536)) {
gen = btrfs_node_ptr_generation(node, nr); gen = btrfs_node_ptr_generation(node, nr);
if (node->map_token) { if (map && node->map_token) {
unmap_extent_buffer(node, node->map_token, unmap_extent_buffer(node, node->map_token,
KM_USER1); KM_USER1);
node->map_token = NULL; node->map_token = NULL;
...@@ -1289,7 +1293,7 @@ static void reada_for_search(struct btrfs_root *root, ...@@ -1289,7 +1293,7 @@ static void reada_for_search(struct btrfs_root *root,
if ((nread > 65536 || nscan > 32)) if ((nread > 65536 || nscan > 32))
break; break;
} }
if (node->map_token) { if (map && node->map_token) {
unmap_extent_buffer(node, node->map_token, KM_USER1); unmap_extent_buffer(node, node->map_token, KM_USER1);
node->map_token = NULL; node->map_token = NULL;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment