* [PATCH] bcachefs: Fix readahead involved deadlock
@ 2025-08-05 14:14 Alan Huang
2025-08-05 15:44 ` Kent Overstreet
0 siblings, 1 reply; 2+ messages in thread
From: Alan Huang @ 2025-08-05 14:14 UTC (permalink / raw)
To: kent.overstreet; +Cc: linux-bcachefs, Alan Huang, syzbot+23e4a7772eb9a9715b85
readahead first lock the folio, then invokes aops->readahead, which
locks the two state lock to block subsequent direct I/O. However,
direct IO or bchfs_fpunch first lock the two state lock to block
subsequent buffered I/O, and then lock the folio to invalidate or
truncate it. Therefore, there is a deadlock:
thread1 thread2
lock folio bch2_pagecache_block_get
bch2_pagecache_add_get lock folio
Reported-by: syzbot+23e4a7772eb9a9715b85@syzkaller.appspotmail.com
Signed-off-by: Alan Huang <mmpgouride@gmail.com>
---
fs/bcachefs/fs-io-buffered.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/bcachefs/fs-io-buffered.c b/fs/bcachefs/fs-io-buffered.c
index c5ed62a11f23..ed8329c6c00d 100644
--- a/fs/bcachefs/fs-io-buffered.c
+++ b/fs/bcachefs/fs-io-buffered.c
@@ -290,7 +290,8 @@ void bch2_readahead(struct readahead_control *ractl)
* scheduling.
*/
blk_start_plug(&plug);
- bch2_pagecache_add_get(inode);
+ if (!bch2_pagecache_add_tryget(inode))
+ goto out;
struct btree_trans *trans = bch2_trans_get(c);
while ((folio = readpage_iter_peek(&readpages_iter))) {
@@ -317,6 +318,7 @@ void bch2_readahead(struct readahead_control *ractl)
bch2_trans_put(trans);
bch2_pagecache_add_put(inode);
+out:
blk_finish_plug(&plug);
darray_exit(&readpages_iter.folios);
}
--
2.49.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] bcachefs: Fix readahead involved deadlock
2025-08-05 14:14 [PATCH] bcachefs: Fix readahead involved deadlock Alan Huang
@ 2025-08-05 15:44 ` Kent Overstreet
0 siblings, 0 replies; 2+ messages in thread
From: Kent Overstreet @ 2025-08-05 15:44 UTC (permalink / raw)
To: Alan Huang; +Cc: linux-bcachefs, syzbot+23e4a7772eb9a9715b85
On Tue, Aug 05, 2025 at 10:14:35PM +0800, Alan Huang wrote:
> readahead first lock the folio, then invokes aops->readahead, which
> locks the two state lock to block subsequent direct I/O. However,
> direct IO or bchfs_fpunch first lock the two state lock to block
> subsequent buffered I/O, and then lock the folio to invalidate or
> truncate it. Therefore, there is a deadlock:
>
> thread1 thread2
> lock folio bch2_pagecache_block_get
> bch2_pagecache_add_get lock folio
>
> Reported-by: syzbot+23e4a7772eb9a9715b85@syzkaller.appspotmail.com
> Signed-off-by: Alan Huang <mmpgouride@gmail.com>
Readahead is allowed to silently fail (we fall back to read_folio), and
if the tryget fails that means another thread doesn't want new data
added to the pagecache, so this looks good.
Applied.
> ---
> fs/bcachefs/fs-io-buffered.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/fs/bcachefs/fs-io-buffered.c b/fs/bcachefs/fs-io-buffered.c
> index c5ed62a11f23..ed8329c6c00d 100644
> --- a/fs/bcachefs/fs-io-buffered.c
> +++ b/fs/bcachefs/fs-io-buffered.c
> @@ -290,7 +290,8 @@ void bch2_readahead(struct readahead_control *ractl)
> * scheduling.
> */
> blk_start_plug(&plug);
> - bch2_pagecache_add_get(inode);
> + if (!bch2_pagecache_add_tryget(inode))
> + goto out;
>
> struct btree_trans *trans = bch2_trans_get(c);
> while ((folio = readpage_iter_peek(&readpages_iter))) {
> @@ -317,6 +318,7 @@ void bch2_readahead(struct readahead_control *ractl)
> bch2_trans_put(trans);
>
> bch2_pagecache_add_put(inode);
> +out:
> blk_finish_plug(&plug);
> darray_exit(&readpages_iter.folios);
> }
> --
> 2.49.0
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-08-05 15:44 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-08-05 14:14 [PATCH] bcachefs: Fix readahead involved deadlock Alan Huang
2025-08-05 15:44 ` Kent Overstreet
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox