From 48248693cdae44b8557e2221c81f33996fa47f07 Mon Sep 17 00:00:00 2001 From: Qu Wenruo Date: Fri, 17 May 2019 22:00:03 +0800 Subject: [PATCH] btrfs-progs: check/lowmem: Reset path in repair mode to avoid incorrect item from being passed to lowmem check. In lowmem mode, we check fs roots and free space cache by iterating each root item and inode item, using btrfs_next_item() and a path pointing to the root tree. However in repair mode, check_fs_root() can modify the fs root, thus CoWs the tree root, and the old path in check_fs It could lead to strange behavior, e.g. after repairing a fs tree, the path can point to a fs tree. Since no ROOT_ITEM exists in fs tree, all remaining trees are skipped in repair mode. This bug exists from the early time of lowmem mode repair, and is only exposed by recent free space inode check code. (Fs tree inodes are passed to free space inode check, causing false alerts and repair failure). Signed-off-by: Qu Wenruo Signed-off-by: David Sterba --- check/mode-lowmem.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/check/mode-lowmem.c b/check/mode-lowmem.c index 157a0b70..92b497e0 100644 --- a/check/mode-lowmem.c +++ b/check/mode-lowmem.c @@ -5203,6 +5203,27 @@ int check_fs_roots_lowmem(struct btrfs_fs_info *fs_info) err |= ret; } next: + /* + * In repair mode, our path is no longer reliable as CoW can + * happen. We need to reset our path. + */ + if (repair) { + btrfs_release_path(&path); + ret = btrfs_search_slot(NULL, tree_root, &key, &path, + 0, 0); + if (ret < 0) { + if (!err) + err = ret; + goto out; + } + if (ret > 0) { + /* Key not found, but already at next item */ + if (path.slots[0] < + btrfs_header_nritems(path.nodes[0])) + continue; + /* falls through to next leaf */ + } + } ret = btrfs_next_item(tree_root, &path); if (ret > 0) goto out;