From: Dave Chinner <david@fromorbit.com>
To: Alex Lyakas <alex@zadarastorage.com>
Cc: "Holger Hoffstätte" <holger@applied-asynchrony.com>, xfs@oss.sgi.com
Subject: Re: xfs_vm_releasepage() causing BUG at free_buffer_head()
Date: Wed, 20 Jul 2016 09:05:41 +1000 [thread overview]
Message-ID: <20160719230541.GG16044@dastard> (raw)
In-Reply-To: <EBFD548A4E314321937A5966D9B00808@alyakaslap>
On Tue, Jul 19, 2016 at 11:43:52AM +0300, Alex Lyakas wrote:
> Hello Holger,
>
> Thank you for your response. I see that xfs_finish_page_writeback()
> has been added very recently and is called from xfs_destroy_ioend().
> In my kernel (3.18.19), the xfs_destroy_ioend() is [1]. I think it
> doesn't suffer from the problem of xfs_finish_page_writeback().
> Looking at other usage of "b_this_page" in my kernel, they all seem
> valid, and similar to what Linus's tree has.
>
> Looking at b_private usage to link buffer heads, the only suspicious
> code is in xfs_submit_ioend():
>
> for (bh = ioend->io_buffer_head; bh; bh = bh->b_private) {
>
> if (!bio) {
> retry:
> bio = xfs_alloc_ioend_bio(bh);
> } else if (bh->b_blocknr != lastblock + 1) {
> xfs_submit_ioend_bio(wbc, ioend, bio);
> goto retry;
> }
>
> if (xfs_bio_add_buffer(bio, bh) != bh->b_size) {
> xfs_submit_ioend_bio(wbc, ioend, bio);
> goto retry;
> }
>
> lastblock = bh->b_blocknr;
> }
>
> Can it happen that when the for loop does "bh = bh->b_private", the
> bh has already been completed and freed?
> With this in mind, the "goto retry" also seem suspicious for the
> same reason.
>
> What do you think?
No, because the bh cannot run completion callbacks (via
xfs_destroy_ioend) while there is an active reference on the ioend.
The reference protecting submission is not dropped until after the
entire loop above is finished and xfs_finish_ioend() is called.
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
next prev parent reply other threads:[~2016-07-19 23:06 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-18 18:00 xfs_vm_releasepage() causing BUG at free_buffer_head() Alex Lyakas
2016-07-18 20:18 ` Holger Hoffstätte
2016-07-19 8:43 ` Alex Lyakas
2016-07-19 11:24 ` Holger Hoffstätte
2016-07-19 23:05 ` Dave Chinner [this message]
2016-07-19 23:11 ` Dave Chinner
2016-07-20 9:42 ` Alex Lyakas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160719230541.GG16044@dastard \
--to=david@fromorbit.com \
--cc=alex@zadarastorage.com \
--cc=holger@applied-asynchrony.com \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.