[PATCH OLK-6.6 1/2] btrfs: merge btrfs_orig_bbio_end_io() into btrfs_bio_end_io()

19 Nov 2024

From: Qu Wenruo wqu@suse.com
mainline inclusion
from mainline-v6.10-rc2
commit 9ca0e58cb752b09816f56f7a3147a39773d5e831
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB37AG
CVE: CVE-2024-50225
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
There are only two differences between the two functions:
- btrfs_orig_bbio_end_io() does extra error propagation
  This is mostly to allow tolerance for write errors.
- btrfs_orig_bbio_end_io() does extra pending_ios check
  This check can handle both the original bio, or the cloned one.
  (All accounting happens in the original one).
This makes btrfs_orig_bbio_end_io() a much safer call.
In fact we already had a double freeing error due to usage of
btrfs_bio_end_io() in the error path of btrfs_submit_chunk().
So just move the whole content of btrfs_orig_bbio_end_io() into
btrfs_bio_end_io().
For normal paths this brings no change, because they are already calling
btrfs_orig_bbio_end_io() in the first place.
For error paths (not only inside bio.c but also external callers), this
change will introduce extra checks, especially for external callers, as
they will error out without submitting the btrfs bio.
But considering it's already in the error path, such slower but much
safer checks are still an overall win.
Signed-off-by: Qu Wenruo wqu@suse.com
Reviewed-by: David Sterba dsterba@suse.com
Signed-off-by: David Sterba dsterba@suse.com
Conflicts:
    fs/btrfs/bio.c
[conflict due to not merge 02c372e1f016 ("btrfs: add support for
inserting raid stripe extents")]
Signed-off-by: Long Li leo.lilong@huawei.com
---
 fs/btrfs/bio.c | 29 +++++++++++------------------
 1 file changed, 11 insertions(+), 18 deletions(-)

diff --git a/fs/btrfs/bio.c b/fs/btrfs/bio.c
index 650972895652..597a512dfa04 100644
--- a/fs/btrfs/bio.c
+++ b/fs/btrfs/bio.c
@@ -121,12 +121,6 @@ static void __btrfs_bio_end_io(struct btrfs_bio *bbio)
    }
 }
-void btrfs_bio_end_io(struct btrfs_bio *bbio, blk_status_t status)
-{
-	bbio->bio.bi_status = status;
-	__btrfs_bio_end_io(bbio);
-}
-
 static void btrfs_orig_write_end_io(struct bio *bio);
static void btrfs_bbio_propagate_error(struct btrfs_bio *bbio,
@@ -148,8 +142,9 @@ static void btrfs_bbio_propagate_error(struct btrfs_bio *bbio,
    }
 }
-static void btrfs_orig_bbio_end_io(struct btrfs_bio *bbio)
+void btrfs_bio_end_io(struct btrfs_bio *bbio, blk_status_t status)
 {
+	bbio->bio.bi_status = status;
    if (bbio->bio.bi_pool == &btrfs_clone_bioset) {
    	struct btrfs_bio *orig_bbio = bbio->private;
@@ -180,7 +175,7 @@ static int prev_repair_mirror(struct btrfs_failed_bio *fbio, int cur_mirror)
 static void btrfs_repair_done(struct btrfs_failed_bio *fbio)
 {
    if (atomic_dec_and_test(&fbio->repair_count)) {
-		btrfs_orig_bbio_end_io(fbio->bbio);
+		btrfs_bio_end_io(fbio->bbio, fbio->bbio->bio.bi_status);
    	mempool_free(fbio, &btrfs_failed_bio_pool);
    }
 }
@@ -321,7 +316,7 @@ static void btrfs_check_read_bio(struct btrfs_bio *bbio, struct btrfs_device *de
    if (fbio)
    	btrfs_repair_done(fbio);
    else
-		btrfs_orig_bbio_end_io(bbio);
+		btrfs_bio_end_io(bbio, bbio->bio.bi_status);
 }
static void btrfs_log_dev_io_error(struct bio *bio, struct btrfs_device *dev)
@@ -355,7 +350,7 @@ static void btrfs_end_bio_work(struct work_struct *work)
    if (is_data_bbio(bbio))
    	btrfs_check_read_bio(bbio, bbio->bio.bi_private);
    else
-		btrfs_orig_bbio_end_io(bbio);
+		btrfs_bio_end_io(bbio, bbio->bio.bi_status);
 }
static void btrfs_simple_end_io(struct bio *bio)
@@ -375,7 +370,7 @@ static void btrfs_simple_end_io(struct bio *bio)
    } else {
    	if (bio_op(bio) == REQ_OP_ZONE_APPEND && !bio->bi_status)
    		btrfs_record_physical_zoned(bbio);
-		btrfs_orig_bbio_end_io(bbio);
+		btrfs_bio_end_io(bbio, bbio->bio.bi_status);
    }
 }
@@ -389,7 +384,7 @@ static void btrfs_raid56_end_io(struct bio *bio)
    if (bio_op(bio) == REQ_OP_READ && is_data_bbio(bbio))
    	btrfs_check_read_bio(bbio, NULL);
    else
-		btrfs_orig_bbio_end_io(bbio);
+		btrfs_bio_end_io(bbio, bbio->bio.bi_status);
btrfs_put_bioc(bioc);
 }
@@ -416,7 +411,7 @@ static void btrfs_orig_write_end_io(struct bio *bio)
    else
    	bio->bi_status = BLK_STS_OK;
-	btrfs_orig_bbio_end_io(bbio);
+	btrfs_bio_end_io(bbio, bbio->bio.bi_status);
    btrfs_put_bioc(bioc);
 }
@@ -577,7 +572,7 @@ static void run_one_async_done(struct btrfs_work *work)
/* If an error occurred we just want to clean up the bio and move on. */
    if (bio->bi_status) {
-		btrfs_orig_bbio_end_io(async->bbio);
+		btrfs_bio_end_io(async->bbio, async->bbio->bio.bi_status);
    	return;
    }
@@ -729,11 +724,9 @@ static bool btrfs_submit_chunk(struct btrfs_bio *bbio, int mirror_num)
    	ASSERT(bbio->bio.bi_pool == &btrfs_clone_bioset);
    	ASSERT(remaining);
-		remaining->bio.bi_status = ret;
-		btrfs_orig_bbio_end_io(remaining);
+		btrfs_bio_end_io(remaining, ret);
    }
-	bbio->bio.bi_status = ret;
-	btrfs_orig_bbio_end_io(bbio);
+	btrfs_bio_end_io(bbio, ret);
    /* Do not submit another chunk */
    return true;
 }
-- 
2.39.2


    

2024

2023

2022

2021

2020

2019

[PATCH OLK-6.6 1/2] btrfs: merge btrfs_orig_bbio_end_io() into btrfs_bio_end_io()