[PATCH 4.16 012/272] Btrfs: fix error handling in btrfs_truncate()

From: Greg Kroah-Hartman
Date: Mon May 28 2018 - 07:05:32 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.16 035/272] kasan: free allocated shadow memory on MEM_CANCEL_ONLINE"
Previous message: Greg Kroah-Hartman: "[PATCH 4.16 029/272] sr: pass down correctly sized SCSI sense buffer"
In reply to: Greg Kroah-Hartman: "[PATCH 4.16 029/272] sr: pass down correctly sized SCSI sense buffer"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.16 035/272] kasan: free allocated shadow memory on MEM_CANCEL_ONLINE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

4.16-stable review patch. If anyone has any objections, please let me know.

------------------

From: Omar Sandoval <osandov@xxxxxx>

commit d50147381aa0c9725d63a677c138c47f55d6d3bc upstream.

Jun Wu at Facebook reported that an internal service was seeing a return
value of 1 from ftruncate() on Btrfs in some cases. This is coming from
the NEED_TRUNCATE_BLOCK return value from btrfs_truncate_inode_items().

btrfs_truncate() uses two variables for error handling, ret and err.
When btrfs_truncate_inode_items() returns non-zero, we set err to the
return value. However, NEED_TRUNCATE_BLOCK is not an error. Make sure we
only set err if ret is an error (i.e., negative).

To reproduce the issue: mount a filesystem with -o compress-force=zstd
and the following program will encounter return value of 1 from
ftruncate:

int main(void) {
char buf[256] = { 0 };
int ret;
int fd;

fd = open("test", O_CREAT | O_WRONLY | O_TRUNC, 0666);
if (fd == -1) {
perror("open");
return EXIT_FAILURE;
}

if (write(fd, buf, sizeof(buf)) != sizeof(buf)) {
perror("write");
close(fd);
return EXIT_FAILURE;
}

if (fsync(fd) == -1) {
perror("fsync");
close(fd);
return EXIT_FAILURE;
}

ret = ftruncate(fd, 128);
if (ret) {
printf("ftruncate() returned %d\n", ret);
close(fd);
return EXIT_FAILURE;
}

close(fd);
return EXIT_SUCCESS;
}

Fixes: ddfae63cc8e0 ("btrfs: move btrfs_truncate_block out of trans handle")
CC: stable@xxxxxxxxxxxxxxx # 4.15+
Reported-by: Jun Wu <quark@xxxxxx>
Signed-off-by: Omar Sandoval <osandov@xxxxxx>
Signed-off-by: David Sterba <dsterba@xxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
fs/btrfs/inode.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -9238,7 +9238,8 @@ static int btrfs_truncate(struct inode *
BTRFS_EXTENT_DATA_KEY);
trans->block_rsv = &fs_info->trans_block_rsv;
if (ret != -ENOSPC && ret != -EAGAIN) {
- err = ret;
+ if (ret < 0)
+ err = ret;
break;
}

Next message: Greg Kroah-Hartman: "[PATCH 4.16 035/272] kasan: free allocated shadow memory on MEM_CANCEL_ONLINE"
Previous message: Greg Kroah-Hartman: "[PATCH 4.16 029/272] sr: pass down correctly sized SCSI sense buffer"
In reply to: Greg Kroah-Hartman: "[PATCH 4.16 029/272] sr: pass down correctly sized SCSI sense buffer"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.16 035/272] kasan: free allocated shadow memory on MEM_CANCEL_ONLINE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]