lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <9e1bf022-730d-4b93-872a-259490eb4946@suse.com>
Date: Sat, 31 Jan 2026 12:45:05 +1030
From: Qu Wenruo <wqu@...e.com>
To: JP Kobryn <inwardvessel@...il.com>, boris@....io, clm@...com,
 dsterba@...e.com
Cc: linux-btrfs@...r.kernel.org, linux-kernel@...r.kernel.org,
 kernel-team@...a.com
Subject: Re: [PATCH] btrfs: guard against missing private state in
 lock_delalloc_folios()



在 2026/1/31 12:04, JP Kobryn 写道:
> Users of filemap_lock_folio() need to guard against the situation where
> release_folio() has been invoked during reclaim but the folio was
> ultimately not removed from the page cache. This patch covers one location
> which may have been overlooked.
> 
> After acquiring the folio, use set_folio_extent_mapped() to ensure the
> folio private state is valid. This is especially important in the subpage
> case, where the private field is an allocated struct containing bitmap and
> lock data.
> 
> Failing calls (with -ENOMEM) are treated as transient errors and execution
> will follow the existing "try again" path.
> 
> Signed-off-by: JP Kobryn <inwardvessel@...il.com>
> ---
>   fs/btrfs/extent_io.c | 12 ++++++++++++
>   1 file changed, 12 insertions(+)
> 
> diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
> index 3df399dc8856..573b29f62bc1 100644
> --- a/fs/btrfs/extent_io.c
> +++ b/fs/btrfs/extent_io.c
> @@ -332,6 +332,18 @@ static noinline int lock_delalloc_folios(struct inode *inode,
>   				folio_unlock(folio);
>   				goto out;
>   			}
> +
> +			/*
> +			 * release_folio() could have cleared the folio private data
> +			 * while we were not holding the lock.
> +			 * Reset the mapping if needed so subpage operations can access
> +			 * a valid private folio state.
> +			 */
> +			if (set_folio_extent_mapped(folio)) {
> +				folio_unlock(folio);
> +				goto out;
> +			}

If the folio is released meaning it will not have dirty flag.
Then the above folio_test_dirty() should be triggered and exit with 
-EAGAIN. We will re-search the extent io tree to re-grab a proper 
delalloc range.

And if the folio is still dirty, it means it must still have private set.

Thus I'm afraid this check is a little over-killed.

Thanks,
Qu

> +
>   			range_start = max_t(u64, folio_pos(folio), start);
>   			range_len = min_t(u64, folio_next_pos(folio), end + 1) - range_start;
>   			btrfs_folio_set_lock(fs_info, folio, range_start, range_len);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ