From: Dave Chinner <david@fromorbit.com>
To: xfs@oss.sgi.com
Subject: [PATCH 7/8] xfs: fix inode lookup race
Date: Fri, 2 Mar 2012 15:11:46 +1100 [thread overview]
Message-ID: <1330661507-1121-8-git-send-email-david@fromorbit.com> (raw)
In-Reply-To: <1330661507-1121-1-git-send-email-david@fromorbit.com>
From: Dave Chinner <dchinner@redhat.com>
From: Dave Chinner <dchinner@redhat.com>
When we get concurrent lookups of the same inode that is not in the
per-AG inode cache, there is a race condition that triggers warnings
in unlock_new_inode() indicating that we are initialising an inode
that isn't in a the correct state for a new inode.
When we do an inode lookup via a file handle or a bulkstat, we don't
serialise lookups at a higher level through the dentry cache (i.e.
pathless lookup), and so we can get concurrent lookups of the same
inode.
The race condition is between the insertion of the inode into the
cache in the case of a cache miss and a concurrently lookup:
Thread 1 Thread 2
xfs_iget()
xfs_iget_cache_miss()
xfs_iread()
lock radix tree
radix_tree_insert()
rcu_read_lock
radix_tree_lookup
lock inode flags
XFS_INEW not set
igrab()
unlock inode flags
rcu_read_unlock
use uninitialised inode
.....
lock inode flags
set XFS_INEW
unlock inode flags
unlock radix tree
xfs_setup_inode()
inode flags = I_NEW
unlock_new_inode()
WARNING as inode flags != I_NEW
This can lead to inode corruption, inode list corruption, etc, and
is generally a bad thing to occur.
Fix this by setting XFS_INEW before inserting the inode into the
radix tree. This will ensure any concurrent lookup will find the new
inode with XFS_INEW set and that forces the lookup to wait until the
XFS_INEW flag is removed before allowing the lookup to succeed.
cc: <stable@vger.kernel.org> # for 3.0.x, 3.2.x
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Ben Myers <bpm@sgi.com>
---
fs/xfs/xfs_iget.c | 18 ++++++++++++------
1 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/fs/xfs/xfs_iget.c b/fs/xfs/xfs_iget.c
index 37f22da..93fc1dc 100644
--- a/fs/xfs/xfs_iget.c
+++ b/fs/xfs/xfs_iget.c
@@ -350,9 +350,20 @@ xfs_iget_cache_miss(
BUG();
}
- spin_lock(&pag->pag_ici_lock);
+ /*
+ * These values must be set before inserting the inode into the radix
+ * tree as the moment it is inserted a concurrent lookup (allowed by the
+ * RCU locking mechanism) can find it and that lookup must see that this
+ * is an inode currently under construction (i.e. that XFS_INEW is set).
+ * The ip->i_flags_lock that protects the XFS_INEW flag forms the
+ * memory barrier that ensures this detection works correctly at lookup
+ * time.
+ */
+ ip->i_udquot = ip->i_gdquot = NULL;
+ xfs_iflags_set(ip, XFS_INEW);
/* insert the new inode */
+ spin_lock(&pag->pag_ici_lock);
error = radix_tree_insert(&pag->pag_ici_root, agino, ip);
if (unlikely(error)) {
WARN_ON(error != -EEXIST);
@@ -360,11 +371,6 @@ xfs_iget_cache_miss(
error = EAGAIN;
goto out_preload_end;
}
-
- /* These values _must_ be set before releasing the radix tree lock! */
- ip->i_udquot = ip->i_gdquot = NULL;
- xfs_iflags_set(ip, XFS_INEW);
-
spin_unlock(&pag->pag_ici_lock);
radix_tree_preload_end();
--
1.7.9
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
next prev parent reply other threads:[~2012-03-02 4:13 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-02 4:11 [PATCH 0/8] xfs: bug fixes for 3.4 Dave Chinner
2012-03-02 4:11 ` [PATCH 1/8] xfs: clean up minor sparse warnings Dave Chinner
2012-03-02 7:46 ` Christoph Hellwig
2012-03-02 7:59 ` Dave Chinner
2012-03-02 4:11 ` [PATCH 2/8] xfs: Fix open flag handling in open_by_handle code Dave Chinner
2012-03-02 7:47 ` Christoph Hellwig
2012-03-02 4:11 ` [PATCH 3/8] xfs: handle kmalloc failure when reading attrs Dave Chinner
2012-03-02 7:49 ` Christoph Hellwig
2012-03-02 9:49 ` Dave Chinner
2012-03-02 10:31 ` Christoph Hellwig
2012-03-02 4:11 ` [PATCH 4/8] xfs: avoid memory allocation failures in xfs_getbmap Dave Chinner
2012-03-02 7:49 ` Christoph Hellwig
2012-03-02 4:11 ` [PATCH 5/8] xfs: introduce an allocation workqueue Dave Chinner
2012-03-02 4:11 ` [PATCH 6/8] xfs: remove remaining scraps of struct xfs_iomap Dave Chinner
2012-03-02 4:11 ` Dave Chinner [this message]
2012-03-02 4:11 ` [PATCH 8/8] xfs: add a shrinker for quotacheck Dave Chinner
2012-03-02 7:51 ` Christoph Hellwig
2012-03-02 10:04 ` Dave Chinner
2012-03-02 10:38 ` Christoph Hellwig
2012-03-02 11:14 ` Christoph Hellwig
2012-03-05 1:49 ` Dave Chinner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1330661507-1121-8-git-send-email-david@fromorbit.com \
--to=david@fromorbit.com \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox