[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20220525112932.d3gi7nynygkirdpi@quack3.lan>
Date: Wed, 25 May 2022 13:29:32 +0200
From: Jan Kara <jack@...e.cz>
To: Baokun Li <libaokun1@...wei.com>
Cc: Jan Kara <jack@...e.cz>, lczerner@...hat.com,
linux-ext4@...r.kernel.org, tytso@....edu,
adilger.kernel@...ger.ca, ritesh.list@...il.com,
linux-kernel@...r.kernel.org, yi.zhang@...wei.com,
yebin10@...wei.com, yukuai3@...wei.com
Subject: Re: [PATCH 2/2] ext4: correct the judgment of BUG in
ext4_mb_normalize_request
On Tue 24-05-22 21:44:31, Baokun Li wrote:
> 在 2022/5/24 17:30, Jan Kara 写道:
> > On Mon 23-05-22 21:04:16, libaokun (A) wrote:
> > > 在 2022/5/23 17:40, Jan Kara 写道:
> > > > On Sat 21-05-22 21:42:17, Baokun Li wrote:
> > > > > When either of the "start + size <= ac->ac_o_ex.fe_logical" or
> > > > > "start > ac->ac_o_ex.fe_logical" conditions is met, it indicates
> > > > > that the fe_logical is not in the allocated range.
> > > > > In this case, it should be bug_ON.
> > > > >
> > > > > Fixes: dfe076c106f6 ("ext4: get rid of code duplication")
> > > > > Signed-off-by: Baokun Li<libaokun1@...wei.com>
> > > > I think this is actually wrong. The original condition checks whether
> > > > start + size does not overflow the used integer type. Your condition is
> > > > much stronger and I don't think it always has to be true. E.g. allocation
> > > > goal block (start variable) can be pushed to larger values by existing
> > > > preallocation or so.
> > > >
> > > > Honza
> > > >
> > > I think there are two reasons for this:
> > >
> > > First of all, the code here is as follows.
> > > ```
> > > size = end - start;
> > > [...]
> > > if (start + size <= ac->ac_o_ex.fe_logical &&
> > > start > ac->ac_o_ex.fe_logical) {
> > > ext4_msg(ac->ac_sb, KERN_ERR,
> > > "start %lu, size %lu, fe_logical %lu",
> > > (unsigned long) start, (unsigned long) size,
> > > (unsigned long) ac->ac_o_ex.fe_logical);
> > > BUG();
> > > }
> > > BUG_ON(size <= 0 || size > EXT4_BLOCKS_PER_GROUP(ac->ac_sb));
> > > ```
> > > First of all, there is no need to compare with ac_o_ex.fe_logical if it is
> > > to determine whether there is an overflow.
> > > Because the previous logic guarantees start < = ac_o_ex.fe_logical, and
> > How does it guarantee that? The logic:
> >
> > if (ar->pleft && start <= ar->lleft) {
> > size -= ar->lleft + 1 - start;
> > start = ar->lleft + 1;
> > }
> >
> > can move 'start' to further blocks...
> This is not the case. According to the code of the preceding process,
> ar->pleft and ar->pright are assigned values in ext4_ext_map_blocks.
> ar->pleft is the first allocated block found to the left by map->m_lblk
> (that is, fe_logical),
> and ar->pright is the first allocated block found to the right.
> ar->lleft and ar->lright are logical block numbers, so there must be
> "ar->lleft < ac_o_ex.fe_logical < ar->lright".
Right, I've found that out after sending my previous email. Sorry for
confusion.
> > > Secondly, the following code flow also reflects this logic.
> > >
> > > ext4_mb_normalize_request
> > > >>> start + size <= ac->ac_o_ex.fe_logical
> > > ext4_mb_regular_allocator
> > > ext4_mb_simple_scan_group
> > > ext4_mb_use_best_found
> > > ext4_mb_new_preallocation
> > > ext4_mb_new_inode_pa
> > > ext4_mb_use_inode_pa
> > > >>> set ac->ac_b_ex.fe_len <= 0
> > > ext4_mb_mark_diskspace_used
> > > >>> BUG_ON(ac->ac_b_ex.fe_len <= 0);
> > >
> > > In ext4_mb_use_inode_pa, you have the following code.
> > > ```
> > > start = pa->pa_pstart + (ac->ac_o_ex.fe_logical - pa->pa_lstart);
> > > end = min(pa->pa_pstart + EXT4_C2B(sbi, pa->pa_len), start + EXT4_C2B(sbi,
> > > ac->ac_o_ex.fe_len));
> > > len = EXT4_NUM_B2C(sbi, end - start);
> > > ac->ac_b_ex.fe_len = len;
> > > ```
> > > The starting position in ext4_mb_mark_diskspace_used will be assert.
> > > BUG_ON(ac->ac_b_ex.fe_len <= 0);
> > > When end == start + EXT4_C2B(sbi, ac->ac_o_ex.fe_len) is used, the value of
> > > end - start must be greater than 0.
> > > However, when end == pa->pa_pstart + EXT4_C2B(sbi, pa->pa_len) occurs, this
> > > bug_ON may be triggered.
> > > When this bug_ON is triggered, that is,
> > >
> > > ac->ac_b_ex.fe_len <= 0
> > > end - start <= 0
> > > end <= start
> > > pa->pa_pstart + EXT4_C2B(sbi, pa->pa_len) <= pa->pa_pstart +
> > > (ac->ac_o_ex.fe_logical - pa->pa_lstart)
> > > pa->pa_len <= ac->ac_o_ex.fe_logical - pa->pa_lstart
> > > pa->pa_lstart + pa->pa_len <= ac->ac_o_ex.fe_logical
> > > start + size <= ac->ac_o_ex.fe_logical
> > >
> > > So I think that "&&" here should be changed to "||".
> > Sorry, I still disagree. After some more code reading I agree that
> > ac->ac_o_ex.fe_logical is the logical block where we want allocated blocks
> > to be placed in the inode so logical extent of allocated blocks should include
> > ac->ac_o_ex.fe_logical. But I would be reluctant to make assertion you
> > suggest unless we make sure ac->ac_o_ex.fe_logical in unallocated (in which
> > case we can also remove some other code from ext4_mb_normalize_request()).
> >
> > Honza
> >
> What codes are you referring to that can be deleted?
So I though the shifting of 'start' by lleft cannot happen but then I
realized that if 'start' got aligned down, it can now be lower than lleft
so the shifting is indeed needed. So all code is needed there.
Honza
--
Jan Kara <jack@...e.com>
SUSE Labs, CR
Powered by blists - more mailing lists