Btrfs: fix unprotected assignment of the target device

We didn't protect the assignment of the target device, it might cause the
problem that the super block update was skipped because we might find wrong
size of the target device during the assignment. Fix it by moving the
assignment sentences into the initialization function of the target device.
And there is another merit that we can check if the target device is suitable
more early.

Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
Signed-off-by: Chris Mason <clm@fb.com>
(cherry picked from commit 1c43366d3b3f0fa6c6e81aaf3aa18e0550245dad)

diff --git a/fs/btrfs/dev-replace.c b/fs/btrfs/dev-replace.c
index df57f108b25f07b8873d34648b0497ba78fc5fea..12444483362d690e3f59474e172419ba247599ba 100644 (file)
--- a/fs/btrfs/dev-replace.c
+++ b/fs/btrfs/dev-replace.c
@@ -330,29 +330,19 @@ int btrfs_dev_replace_start(struct btrfs_root *root,
                return -EINVAL;
 
        mutex_lock(&fs_info->volume_mutex);
-       ret = btrfs_init_dev_replace_tgtdev(root, args->start.tgtdev_name,
-                                           &tgt_device);
-       if (ret) {
-               btrfs_err(fs_info, "target device %s is invalid!",
-                      args->start.tgtdev_name);
-               mutex_unlock(&fs_info->volume_mutex);
-               return -EINVAL;
-       }
-
        ret = btrfs_dev_replace_find_srcdev(root, args->start.srcdevid,
                                            args->start.srcdev_name,
                                            &src_device);
-       mutex_unlock(&fs_info->volume_mutex);
        if (ret) {
-               ret = -EINVAL;
-               goto leave_no_lock;
+               mutex_unlock(&fs_info->volume_mutex);
+               return ret;
        }
 
-       if (tgt_device->total_bytes < src_device->total_bytes) {
-               btrfs_err(fs_info, "target device is smaller than source device!");
-               ret = -EINVAL;
-               goto leave_no_lock;
-       }
+       ret = btrfs_init_dev_replace_tgtdev(root, args->start.tgtdev_name,
+                                           src_device, &tgt_device);
+       mutex_unlock(&fs_info->volume_mutex);
+       if (ret)
+               return ret;
 
        btrfs_dev_replace_lock(dev_replace);
        switch (dev_replace->replace_state) {
@@ -380,10 +370,6 @@ int btrfs_dev_replace_start(struct btrfs_root *root,
                      src_device->devid,
                      rcu_str_deref(tgt_device->name));
 
-       tgt_device->total_bytes = src_device->total_bytes;
-       tgt_device->disk_total_bytes = src_device->disk_total_bytes;
-       tgt_device->bytes_used = src_device->bytes_used;
-
        /*
         * from now on, the writes to the srcdev are all duplicated to
         * go to the tgtdev as well (refer to btrfs_map_block()).
@@ -426,9 +412,7 @@ leave:
        dev_replace->srcdev = NULL;
        dev_replace->tgtdev = NULL;
        btrfs_dev_replace_unlock(dev_replace);
-leave_no_lock:
-       if (tgt_device)
-               btrfs_destroy_dev_replace_tgtdev(fs_info, tgt_device);
+       btrfs_destroy_dev_replace_tgtdev(fs_info, tgt_device);
        return ret;
 }
 

diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
index 83cdca8fc6ecaa5d502ddea3bb7e92c57978b405..bad3dbbe40c6ba40c8922b3604541b9e0fa980f9 100644 (file)
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -2290,6 +2290,7 @@ error:
 }
 
 int btrfs_init_dev_replace_tgtdev(struct btrfs_root *root, char *device_path,
+                                 struct btrfs_device *srcdev,
                                  struct btrfs_device **device_out)
 {
        struct request_queue *q;
@@ -2302,24 +2303,37 @@ int btrfs_init_dev_replace_tgtdev(struct btrfs_root *root, char *device_path,
        int ret = 0;
 
        *device_out = NULL;
-       if (fs_info->fs_devices->seeding)
+       if (fs_info->fs_devices->seeding) {
+               btrfs_err(fs_info, "the filesystem is a seed filesystem!");
                return -EINVAL;
+       }
 
        bdev = blkdev_get_by_path(device_path, FMODE_WRITE | FMODE_EXCL,
                                  fs_info->bdev_holder);
-       if (IS_ERR(bdev))
+       if (IS_ERR(bdev)) {
+               btrfs_err(fs_info, "target device %s is invalid!", device_path);
                return PTR_ERR(bdev);
+       }
 
        filemap_write_and_wait(bdev->bd_inode->i_mapping);
 
        devices = &fs_info->fs_devices->devices;
        list_for_each_entry(device, devices, dev_list) {
                if (device->bdev == bdev) {
+                       btrfs_err(fs_info, "target device is in the filesystem!");
                        ret = -EEXIST;
                        goto error;
                }
        }
 
+
+       if (i_size_read(bdev->bd_inode) < srcdev->total_bytes) {
+               btrfs_err(fs_info, "target device is smaller than source device!");
+               ret = -EINVAL;
+               goto error;
+       }
+
+
        device = btrfs_alloc_device(NULL, &devid, NULL);
        if (IS_ERR(device)) {
                ret = PTR_ERR(device);
@@ -2343,8 +2357,9 @@ int btrfs_init_dev_replace_tgtdev(struct btrfs_root *root, char *device_path,
        device->io_width = root->sectorsize;
        device->io_align = root->sectorsize;
        device->sector_size = root->sectorsize;
-       device->total_bytes = i_size_read(bdev->bd_inode);
-       device->disk_total_bytes = device->total_bytes;
+       device->total_bytes = srcdev->total_bytes;
+       device->disk_total_bytes = srcdev->disk_total_bytes;
+       device->bytes_used = srcdev->bytes_used;
        device->dev_root = fs_info->dev_root;
        device->bdev = bdev;
        device->in_fs_metadata = 1;

diff --git a/fs/btrfs/volumes.h b/fs/btrfs/volumes.h
index 0defd232e29057f0304d6b294a8eccc6290ba6f4..83a6be57be781775239c42ccd221b00cae6993d9 100644 (file)
--- a/fs/btrfs/volumes.h
+++ b/fs/btrfs/volumes.h
@@ -326,6 +326,7 @@ struct btrfs_device *btrfs_find_device(struct btrfs_fs_info *fs_info, u64 devid,
 int btrfs_shrink_device(struct btrfs_device *device, u64 new_size);
 int btrfs_init_new_device(struct btrfs_root *root, char *path);
 int btrfs_init_dev_replace_tgtdev(struct btrfs_root *root, char *device_path,
+                                 struct btrfs_device *srcdev,
                                  struct btrfs_device **device_out);
 int btrfs_balance(struct btrfs_balance_control *bctl,
                  struct btrfs_ioctl_balance_args *bargs);