From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jan Kara Subject: Re: [RFC][PATCH] fs: Prevent syncing frozen file system Date: Mon, 13 Jul 2015 10:47:51 +0200 Message-ID: <20150713084751.GB6239@quack.suse.cz> References: <1436463945-12556-1-git-send-email-lczerner@redhat.com> <20150709234012.GI3902@dastard> <20150710142525.GA31525@quack.suse.cz> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: QUOTED-PRINTABLE Cc: Jan Kara , Dave Chinner , viro@ZenIV.linux.org.uk, bfields@fieldses.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org To: =?utf-8?B?THVrw6HFoQ==?= Czerner Return-path: Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org On Fri 10-07-15 22:42:40, Luk=C3=A1=C5=A1 Czerner wrote: > On Fri, 10 Jul 2015, Jan Kara wrote: >=20 > > Date: Fri, 10 Jul 2015 16:25:25 +0200 > > From: Jan Kara > > To: Dave Chinner > > Cc: Lukas Czerner , viro@ZenIV.linux.org.uk, > > bfields@fieldses.org, linux-kernel@vger.kernel.org, > > linux-fsdevel@vger.kernel.org > > Subject: Re: [RFC][PATCH] fs: Prevent syncing frozen file system > >=20 > > On Fri 10-07-15 09:40:12, Dave Chinner wrote: > > > On Thu, Jul 09, 2015 at 07:45:45PM +0200, Lukas Czerner wrote: > > > > Currently we can end up in a deadlock because of broken > > > > sb_start_write -> s_umount ordering. > > > >=20 > > > > The race goes like this: > > > >=20 > > > > - write the file > > > > - unlink the file - final_iput will not be calles as file is o= pened > > > > - freeze the file system > > > > - Now simultaneously close the file and call sync (or syncfs o= n that > > > > particular file system). Sync will get to wait_sb_inodes() w= here it will > > > > grab the referece to the inode (__iget()) and later to call = iput(). > > >=20 > > > This problem goes away with the sync scalability patchset that jo= sef > > > has been trying to get merged: > > >=20 > > > git://git.kernel.org/pub/scm/linux/kernel/git/josef/btrfs-next.gi= t superblock-scaling > > >=20 > > > That patchset removes the full sb inodes list walk in > > > wait_sb_inodes() and replaces it with a walk of inodes cleaned > > > during the sync, which will be an empty list in the case of sync > > > running on an empty filesystem. This commit does the work: > > >=20 > > > https://git.kernel.org/cgit/linux/kernel/git/josef/btrfs-next.git= /commit/?h=3Dsuperblock-scaling&id=3D9bea30d5f4521db674203f365b1e097058= 8b2650 > > >=20 > > > > > that there are now several outstanding issues that it fixes in on= e > > > go?> > >=20 > > Not sure where that got stuck - oh, maybe on Tejun's memcg writebac= k series > > which was clashing with it. Josef? > >=20 > > > > If we manage to close the file and drop the reference in bet= ween those > > > > calls sync will attempt to do a iput_final() because the ino= de is now > > > > unlinked and we're holding the last reference to it. This wi= ll > > > > however block on a frozen file system (ext4_delete_inode for > > > > example). > > > >=20 > > > > Note that I've not been able to reproduce the issue, I've only = seen this > > > > happen once. However with some instrumentation (like msleep() i= n the > > > > wait_sb_inodes() it can be achieved. > > > >=20 > > > > Fix this by properly doing sb_start_write/sb_end_write to preve= nt us > > > > from fsfreeze. > > > >=20 > > > > Note that with this patch syncfs will block on the frozen file = system > > > > which is probably ok, but sync will block if any file system ha= ppens to > > > > be frozen - not sure if that's a problem, but it's certainly di= fferent > > > > from what we've been used to. > > >=20 > > > sync should not block on frozen fileystems. By definition, a froz= en > > > filesystem is a clean filesystem, and so sync should really just = be > > > skipping over them. > >=20 > > Just for record I agree with Dave. Sync on frozen fs should just re= turn. > > And freeze protection in iterate_supers() looks just wrong. >=20 > Sure, that's why it's rfc. Anyway with the change Dave mentioned the > deadlock should not be possible anymore. However anywhere where we > take s_umount before sb_start_write we could deadlock, so it might > be worth adding a warning into sb_start_write() maybe ? Lockdep should warn you about that since fs freezing is properly hooked into it... Honza > > > > +++ b/fs/super.c > > > > @@ -514,10 +514,17 @@ void iterate_supers(void (*f)(struct supe= r_block *, void *), void *arg) > > > > sb->s_count++; > > > > spin_unlock(&sb_lock); > > > > =20 > > > > + /* > > > > + * Whatever we're going to do to the file system we have to > > > > + * make sure that we'll not end up blocking on frozen file > > > > + * system. > > > > + */ > > > > + sb_start_write(sb); > > > > down_read(&sb->s_umount); > > > > if (sb->s_root && (sb->s_flags & MS_BORN)) > > > > f(sb, arg); > > > > up_read(&sb->s_umount); > > > > + sb_end_write(sb); > > > > =20 > > > > spin_lock(&sb_lock); > > > > if (p) > > >=20 > > > That deadlocks sysrq-j (emergency thaw)... > > >=20 > > > Cheers, > > >=20 > > > Dave. > > > --=20 > > > Dave Chinner > > > david@fromorbit.com > > > -- > > > To unsubscribe from this list: send the line "unsubscribe linux-f= sdevel" in > > > the body of a message to majordomo@vger.kernel.org > > > More majordomo info at http://vger.kernel.org/majordomo-info.htm= l > >=20 --=20 Jan Kara SUSE Labs, CR