Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit af09abfe authored by Chris Mason's avatar Chris Mason
Browse files

Btrfs: make sure compressed bios don't complete too soon 



When writing a compressed extent, a number of bios are created that
point to a single struct compressed_bio.  At end_io time an atomic counter in
the compressed_bio struct makes sure that all of the bios have finished
before final end_io processing is done.

But when multiple bios are needed to write a compressed extent, the
counter was being incremented after the first bio was sent to submit_bio.
It is possible the bio will complete before the counter is incremented,
making the end_io handler free the compressed_bio struct before
processing is finished.

The fix is to increment the atomic counter before bio submission,
both for compressed reads and writes.

Signed-off-by: default avatarChris Mason <chris.mason@oracle.com>
parent 4366211c

fs/btrfs/compression.c

+15 −2
Original line number Diff line number Diff line
@@ -314,6 +314,13 @@ int btrfs_submit_compressed_write(struct inode *inode, u64 start, 
		    PAGE_CACHE_SIZE) {

			bio_get(bio);



			/*

			 * inc the count before we submit the bio so

			 * we know the end IO handler won't happen before

			 * we inc the count.  Otherwise, the cb might get

			 * freed before we're done setting it up

			 */

			atomic_inc(&cb->pending_bios);

			ret = btrfs_bio_wq_end_io(root->fs_info, bio, 0);

			BUG_ON(ret);
@@ -323,7 +330,6 @@ int btrfs_submit_compressed_write(struct inode *inode, u64 start, 
			bio_put(bio);



			bio = compressed_bio_alloc(bdev, first_byte, GFP_NOFS);

			atomic_inc(&cb->pending_bios);

			bio->bi_private = cb;

			bio->bi_end_io = end_compressed_bio_write;

			bio_add_page(bio, page, PAGE_CACHE_SIZE, 0);
@@ -573,6 +579,14 @@ int btrfs_submit_compressed_read(struct inode *inode, struct bio *bio, 
			ret = btrfs_bio_wq_end_io(root->fs_info, comp_bio, 0);

			BUG_ON(ret);



			/*

			 * inc the count before we submit the bio so

			 * we know the end IO handler won't happen before

			 * we inc the count.  Otherwise, the cb might get

			 * freed before we're done setting it up

			 */

			atomic_inc(&cb->pending_bios);



			ret = btrfs_map_bio(root, READ, comp_bio, 0, 0);

			BUG_ON(ret);
@@ -580,7 +594,6 @@ int btrfs_submit_compressed_read(struct inode *inode, struct bio *bio, 


			comp_bio = compressed_bio_alloc(bdev, cur_disk_byte,

							GFP_NOFS);

			atomic_inc(&cb->pending_bios);

			comp_bio->bi_private = cb;

			comp_bio->bi_end_io = end_compressed_bio_read;