bcache: Data corruption fix
authorKent Overstreet <kmo@daterainc.com>
Wed, 18 Dec 2013 01:51:02 +0000 (17:51 -0800)
committerKent Overstreet <kmo@daterainc.com>
Wed, 8 Jan 2014 21:05:06 +0000 (13:05 -0800)
The code that handles overlapping extents that we've just read back in from disk
was depending on the behaviour of the code that handles overlapping extents as
we're inserting into a btree node in the case of an insert that forced an
existing extent to be split: on insert, if we had to split we'd also insert a
new extent to represent the top part of the old extent - and then that new
extent would get written out.

The code that read the extents back in thus not bother with splitting extents -
if it saw an extent that ovelapped in the middle of an older extent, it would
trim the old extent to only represent the bottom part, assuming that the
original insert would've inserted a new extent to represent the top part.

I still haven't figured out _how_ it can happen, but I'm now pretty convinced
(and testing has confirmed) that there's some kind of an obscure corner case
(probably involving extent merging, and multiple overwrites in different sets)
that breaks this. The fix is to change the mergesort fixup code to split extents
itself when required.

Signed-off-by: Kent Overstreet <kmo@daterainc.com>
Cc: linux-stable <stable@vger.kernel.org> # >= v3.10
drivers/md/bcache/bset.c

index 7d388b8..1695870 100644 (file)
@@ -955,7 +955,7 @@ static void sort_key_next(struct btree_iter *iter,
                *i = iter->data[--iter->used];
 }
 
-static void btree_sort_fixup(struct btree_iter *iter)
+static struct bkey *btree_sort_fixup(struct btree_iter *iter, struct bkey *tmp)
 {
        while (iter->used > 1) {
                struct btree_iter_set *top = iter->data, *i = top + 1;
@@ -983,9 +983,22 @@ static void btree_sort_fixup(struct btree_iter *iter)
                } else {
                        /* can't happen because of comparison func */
                        BUG_ON(!bkey_cmp(&START_KEY(top->k), &START_KEY(i->k)));
-                       bch_cut_back(&START_KEY(i->k), top->k);
+
+                       if (bkey_cmp(i->k, top->k) < 0) {
+                               bkey_copy(tmp, top->k);
+
+                               bch_cut_back(&START_KEY(i->k), tmp);
+                               bch_cut_front(i->k, top->k);
+                               heap_sift(iter, 0, btree_iter_cmp);
+
+                               return tmp;
+                       } else {
+                               bch_cut_back(&START_KEY(i->k), top->k);
+                       }
                }
        }
+
+       return NULL;
 }
 
 static void btree_mergesort(struct btree *b, struct bset *out,
@@ -993,15 +1006,20 @@ static void btree_mergesort(struct btree *b, struct bset *out,
                            bool fixup, bool remove_stale)
 {
        struct bkey *k, *last = NULL;
+       BKEY_PADDED(k) tmp;
        bool (*bad)(struct btree *, const struct bkey *) = remove_stale
                ? bch_ptr_bad
                : bch_ptr_invalid;
 
        while (!btree_iter_end(iter)) {
                if (fixup && !b->level)
-                       btree_sort_fixup(iter);
+                       k = btree_sort_fixup(iter, &tmp.k);
+               else
+                       k = NULL;
+
+               if (!k)
+                       k = bch_btree_iter_next(iter);
 
-               k = bch_btree_iter_next(iter);
                if (bad(b, k))
                        continue;