Commit cfdde144 authored Jan 25, 2026 by Sam Edwards Committed by Ilya Dryomov Feb 11, 2026

ceph: assert loop invariants in ceph_writepages_start()



If `locked_pages` is zero, the page array must not be allocated:
ceph_process_folio_batch() uses `locked_pages` to decide when to
allocate `pages`, and redundant allocations trigger
ceph_allocate_page_array()'s BUG_ON(), resulting in a worker oops (and
writeback stall) or even a kernel panic. Consequently, the main loop in
ceph_writepages_start() assumes that the lifetime of `pages` is confined
to a single iteration.

This expectation is currently not clear enough, as evidenced by the
recent patch which fixed an oops caused by `pages` persisting into
the next loop iteration:
- "ceph: do not propagate page array emplacement errors as batch errors"

Use an explicit BUG_ON() at the top of the loop to assert the loop's
preexisting expectation that `pages` is cleaned up by the previous
iteration. Because this is closely tied to `locked_pages`, also make it
the previous iteration's responsibility to guarantee its reset, and
verify with a second new BUG_ON() instead of handling (and masking)
failures to do so.

This patch does not change invariants, behavior, or failure modes.
The added BUG_ON() lines catch conditions that would already trigger oops,
but do so earlier for easier debugging and programmer clarity.

Signed-off-by: Sam Edwards <CFSworks@gmail.com>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>

parent fa589aca

fs/ceph/addr.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -1663,7 +1663,9 @@ static int ceph_writepages_start(struct address_space *mapping,
		tag_pages_for_writeback(mapping, ceph_wbc.index, ceph_wbc.end);

		while (!has_writeback_done(&ceph_wbc)) {
		ceph_wbc.locked_pages = 0;
		BUG_ON(ceph_wbc.locked_pages);
		BUG_ON(ceph_wbc.pages);

		ceph_wbc.max_pages = ceph_wbc.wsize >> PAGE_SHIFT;

		get_more_pages: