Btrfs: hunting slab corruption
Signed-off-by: Chris Mason <chris.mason@oracle.com>
diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
index 1eb333e..b7f3fcb 100644
--- a/fs/btrfs/ctree.c
+++ b/fs/btrfs/ctree.c
@@ -457,6 +457,8 @@
int ret;
int level;
+ WARN_ON(p->nodes[0] != NULL);
+ WARN_ON(!mutex_is_locked(&root->fs_info->fs_mutex));
again:
b = root->node;
get_bh(b);
diff --git a/fs/btrfs/dir-item.c b/fs/btrfs/dir-item.c
index c18f817..18d3e16 100644
--- a/fs/btrfs/dir-item.c
+++ b/fs/btrfs/dir-item.c
@@ -35,6 +35,8 @@
btrfs_set_dir_name_len(dir_item, name_len);
name_ptr = (char *)(dir_item + 1);
memcpy(name_ptr, name, name_len);
+ if (name_ptr + name_len > path.nodes[0]->b_data + 4096)
+ WARN_ON(1);
mark_buffer_dirty(path.nodes[0]);
out:
btrfs_release_path(root, &path);
diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
index f5db2b9..6c01046 100644
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -3,6 +3,7 @@
#include <linux/blkdev.h>
#include <linux/crypto.h>
#include <linux/scatterlist.h>
+#include <linux/swap.h>
#include "ctree.h"
#include "disk-io.h"
#include "transaction.h"
@@ -50,6 +51,8 @@
} while (bh != head);
out_unlock:
unlock_page(page);
+ if (ret)
+ touch_buffer(ret);
page_cache_release(page);
return ret;
}
@@ -65,6 +68,7 @@
struct buffer_head *head;
struct buffer_head *ret = NULL;
u64 first_block = index << (PAGE_CACHE_SHIFT - blockbits);
+
page = grab_cache_page(mapping, index);
if (!page)
return NULL;
@@ -89,6 +93,8 @@
} while (bh != head);
out_unlock:
unlock_page(page);
+ if (ret)
+ touch_buffer(ret);
page_cache_release(page);
return ret;
}
@@ -139,7 +145,7 @@
desc.flags = 0;
sg_init_one(&sg, data, len);
spin_lock(&root->fs_info->hash_lock);
- ret = crypto_hash_digest(&desc, &sg, len, result);
+ ret = crypto_hash_digest(&desc, &sg, 1, result);
spin_unlock(&root->fs_info->hash_lock);
if (ret) {
printk("sha256 digest failed\n");
@@ -153,6 +159,7 @@
int ret;
struct btrfs_node *node;
+ return 0;
ret = btrfs_csum_data(root, bh->b_data + BTRFS_CSUM_SIZE,
bh->b_size - BTRFS_CSUM_SIZE, result);
if (ret)
@@ -165,17 +172,17 @@
}
} else {
node = btrfs_buffer_node(bh);
- memcpy(&node->header.csum, result, BTRFS_CSUM_SIZE);
+ memcpy(node->header.csum, result, BTRFS_CSUM_SIZE);
}
return 0;
}
static int btree_writepage(struct page *page, struct writeback_control *wbc)
{
+#if 0
struct buffer_head *bh;
struct btrfs_root *root = btrfs_sb(page->mapping->host->i_sb);
struct buffer_head *head;
-
if (!page_has_buffers(page)) {
create_empty_buffers(page, root->fs_info->sb->s_blocksize,
(1 << BH_Dirty)|(1 << BH_Uptodate));
@@ -187,6 +194,7 @@
csum_tree_block(root, bh, 0);
bh = bh->b_this_page;
} while (bh != head);
+#endif
return block_write_full_page(page, btree_get_block, wbc);
}
@@ -312,6 +320,8 @@
fs_info->btree_inode->i_ino = 1;
fs_info->btree_inode->i_size = sb->s_bdev->bd_inode->i_size;
fs_info->btree_inode->i_mapping->a_ops = &btree_aops;
+ insert_inode_hash(fs_info->btree_inode);
+
mapping_set_gfp_mask(fs_info->btree_inode->i_mapping, GFP_NOFS);
fs_info->hash_tfm = crypto_alloc_hash("sha256", 0, CRYPTO_ALG_ASYNC);
spin_lock_init(&fs_info->hash_lock);
diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c
index 0442813..ab5419e 100644
--- a/fs/btrfs/super.c
+++ b/fs/btrfs/super.c
@@ -361,13 +361,16 @@
struct nameidata *nd)
{
struct inode * inode;
+ struct btrfs_root *root = btrfs_sb(dir->i_sb);
ino_t ino;
int ret;
if (dentry->d_name.len > BTRFS_NAME_LEN)
return ERR_PTR(-ENAMETOOLONG);
+ mutex_lock(&root->fs_info->fs_mutex);
ret = btrfs_inode_by_name(dir, dentry, &ino);
+ mutex_unlock(&root->fs_info->fs_mutex);
if (ret < 0)
return ERR_PTR(ret);
inode = NULL;
@@ -395,6 +398,7 @@
unsigned char d_type = DT_UNKNOWN;
int over = 0;
+ mutex_lock(&root->fs_info->fs_mutex);
key.objectid = inode->i_ino;
key.flags = 0;
btrfs_set_key_type(&key, BTRFS_DIR_ITEM_KEY);
@@ -446,6 +450,7 @@
ret = 0;
err:
btrfs_release_path(root, &path);
+ mutex_unlock(&root->fs_info->fs_mutex);
return ret;
}
@@ -667,8 +672,8 @@
inode->i_op = &btrfs_file_inode_operations;
}
dir->i_sb->s_dirt = 1;
- btrfs_end_transaction(trans, root);
out_unlock:
+ btrfs_end_transaction(trans, root);
mutex_unlock(&root->fs_info->fs_mutex);
if (drop_inode) {
inode_dec_link_count(inode);
diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c
index b20fb53..a146463 100644
--- a/fs/btrfs/transaction.c
+++ b/fs/btrfs/transaction.c
@@ -197,8 +197,10 @@
ret = btrfs_del_root(trans, root->fs_info->tree_root,
&snap_key);
- BUG_ON(ret); root->fs_info->generation = root->root_key.offset + 1; ret = btrfs_end_transaction(trans, root); BUG_ON(ret);
- printk("at free, total trans %d\n", total_trans);
+ BUG_ON(ret);
+ root->fs_info->generation = root->root_key.offset + 1;
+ ret = btrfs_end_transaction(trans, root);
+ BUG_ON(ret);
}
return ret;