From: Christoph Hellwig <hch@lst.de>
To: David Howells <dhowells@redhat.com>
Cc: mbobrowski@mbobrowski.org, darrick.wong@oracle.com, jack@suse.cz,
hch@lst.de, linux-ext4@vger.kernel.org,
linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org
Subject: Re: Is ext4_dio_read_iter() broken? - and xfs_file_dio_aio_read()
Date: Thu, 12 Mar 2020 11:42:39 +0100 [thread overview]
Message-ID: <20200312104239.GA13235@lst.de> (raw)
In-Reply-To: <1015227.1584007677@warthog.procyon.org.uk>
On Thu, Mar 12, 2020 at 10:07:57AM +0000, David Howells wrote:
> David Howells <dhowells@redhat.com> wrote:
>
> > Is ext4_dio_read_iter() broken? It calls:
> >
> > file_accessed(iocb->ki_filp);
> >
> > at the end of the function - but surely iocb should be expected to have been
> > freed when iocb->ki_complete() was called?
The iocb is refcounted and only completed when the refcount hits zero,
and an extra reference is held until the submission has completed.
Take a look at iocb_put().
> I think it's actually worse than that. You also can't call
> inode_unlock_shared(inode) because you no longer own a ref on the inode since
> ->ki_complete() is expected to call fput() on iocb->ki_filp.
the file reference also hold an inode reference.
>
> Yes, you own a shared lock on it, but unless somewhere along the
> fput-dput-iput chain the inode lock is taken exclusively, the inode can be
> freed whilst you're still holding the lock.
>
> Oh - and ext4_dax_read_iter() is also similarly broken.
In addition to that DAX never executes asynchronously.
> And xfs_file_dio_aio_read() appears to be broken as it touches the inode after
> calling iomap_dio_rw() to unlock it.
Same as above.
next prev parent reply other threads:[~2020-03-12 10:42 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-12 9:19 Is ext4_dio_read_iter() broken? David Howells
2020-03-12 10:07 ` Is ext4_dio_read_iter() broken? - and xfs_file_dio_aio_read() David Howells
2020-03-12 10:26 ` btrfs may be broken too - Re: Is ext4_dio_read_iter() broken? David Howells
2020-03-12 10:42 ` Christoph Hellwig [this message]
2020-03-12 10:49 ` Is ext4_dio_read_iter() broken? - and xfs_file_dio_aio_read() David Howells
2020-03-12 10:53 ` Christoph Hellwig
2020-03-12 10:20 ` Is ext4_dio_read_iter() broken? Matthew Bobrowski
2020-03-12 23:23 ` Dave Chinner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200312104239.GA13235@lst.de \
--to=hch@lst.de \
--cc=darrick.wong@oracle.com \
--cc=dhowells@redhat.com \
--cc=jack@suse.cz \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=mbobrowski@mbobrowski.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.