lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 25 Aug 2022 16:01:46 +0800
From:   Zhihao Cheng <>
To:     <>, <>,
        <>, <>
CC:     <>, <>,
        <>, <>,
Subject: [PATCH] mm: migrate: buffer_migrate_folio_norefs() fallback migrate not uptodate pages

From: Zhang Yi <>

Recently we notice that ext4 filesystem occasionally fail to read
metadata from disk and report error message, but the disk and block
layer looks fine. After analyse, we lockon commit 88dbcbb3a484
("blkdev: avoid migration stalls for blkdev pages"). It provide a
migration method for the bdev, we could move page that has buffers
without extra users now, but it will lock the buffers on the page, which
breaks a lot of current filesystem's fragile metadata read operations,
like ll_rw_block() for common usage and ext4_read_bh_lock() for ext4,
these helpers just trylock the buffer and skip submit IO if it lock
failed, many callers just wait_on_buffer() and conclude IO error if the
buffer is not uptodate after buffer unlocked.

This issue could be easily reproduced by add some delay just after
buffer_migrate_lock_buffers() in __buffer_migrate_folio() and do
fsstress on ext4 filesystem.

  EXT4-fs error (device pmem1): __ext4_find_entry:1658: inode #73193:
  comm fsstress: reading directory lblock 0
  EXT4-fs error (device pmem1): __ext4_find_entry:1658: inode #75334:
  comm fsstress: reading directory lblock 0

Something like ll_rw_block() should be used carefully and seems could
only be safely used for the readahead case. So the best way is to fix
the read operations in filesystem in the long run, but now let us avoid
this issue first. This patch avoid this issue by fallback to migrate
pages that are not uotodate like fallback_migrate_folio(), those pages
that has buffers may probably do read operation soon.

Fixes: 88dbcbb3a484 ("blkdev: avoid migration stalls for blkdev pages")
Signed-off-by: Zhang Yi <>
Signed-off-by: Zhihao Cheng <>
 mm/migrate.c | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/mm/migrate.c b/mm/migrate.c
index 6a1597c92261..bded69867619 100644
--- a/mm/migrate.c
+++ b/mm/migrate.c
@@ -691,6 +691,38 @@ static int __buffer_migrate_folio(struct address_space *mapping,
 	if (!head)
 		return migrate_folio(mapping, dst, src, mode);
+	/*
+	 * If the mapped buffers on the page are not uptodate and has refcount,
+	 * some others may propably try to lock the buffer and submit read IO
+	 * through ll_rw_block(), but it will not submit IO once it failed to
+	 * lock the buffer, so try to fallback to migrate_folio() to prevent
+	 * false positive EIO.
+	 */
+	if (check_refs) {
+		bool uptodate = true;
+		bool invalidate = false;
+		bh = head;
+		do {
+			if (buffer_mapped(bh) && !buffer_uptodate(bh)) {
+				uptodate = false;
+				if (atomic_read(&bh->b_count)) {
+					invalidate = true;
+					break;
+				}
+			}
+			bh = bh->b_this_page;
+		} while (bh != head);
+		if (!uptodate) {
+			if (invalidate)
+				invalidate_bh_lrus();
+			if (filemap_release_folio(src, GFP_KERNEL))
+				return migrate_folio(mapping, dst, src, mode);
+			return -EAGAIN;
+		}
+	}
 	/* Check whether page does not have extra refs before we do more work */
 	expected_count = folio_expected_refs(mapping, src);
 	if (folio_ref_count(src) != expected_count)

Powered by blists - more mailing lists