Btrfs: fix regression in btrfs_page_mkwrite() from vm_fault_t conversion
authorChris Mason <clm@fb.com>
Mon, 25 Jun 2018 17:03:41 +0000 (10:03 -0700)
committerDavid Sterba <dsterba@suse.com>
Thu, 28 Jun 2018 09:30:50 +0000 (11:30 +0200)
The vm_fault_t conversion commit introduced a ret2 variable for tracking
the integer return values from internal btrfs functions.  It was
sometimes returning VM_FAULT_LOCKED for pages that were actually invalid
and had been removed from the radix.  Something like this:

    ret2 = btrfs_delalloc_reserve_space() // returns zero on success

    lock_page(page)
    if (page->mapping != inode->i_mapping)
goto out_unlock;

...

out_unlock:
    if (!ret2) {
    ...
    return VM_FAULT_LOCKED;
    }

This ends up triggering this WARNING in btrfs_destroy_inode()
    WARN_ON(BTRFS_I(inode)->block_rsv.size);

xfstests generic/095 was able to reliably reproduce the errors.

Since out_unlock: is only used for errors, this fix moves it below the
if (!ret2) check we use to return VM_FAULT_LOCKED for success.

Fixes: a528a2415087 (btrfs: change return type of btrfs_page_mkwrite to vm_fault_t)
Signed-off-by: Chris Mason <clm@fb.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
fs/btrfs/inode.c

index a6bf9e2ff68f6ba196f3cae71c1cfc4262db5962..f21f4223d03b40f59d03e126d2ce6e0058dc16f7 100644 (file)
@@ -9005,13 +9005,14 @@ again:
 
        unlock_extent_cached(io_tree, page_start, page_end, &cached_state);
 
-out_unlock:
        if (!ret2) {
                btrfs_delalloc_release_extents(BTRFS_I(inode), PAGE_SIZE, true);
                sb_end_pagefault(inode->i_sb);
                extent_changeset_free(data_reserved);
                return VM_FAULT_LOCKED;
        }
+
+out_unlock:
        unlock_page(page);
 out:
        btrfs_delalloc_release_extents(BTRFS_I(inode), PAGE_SIZE, (ret != 0));