From: Dave Chinner <david@fromorbit.com>
To: xfs@oss.sgi.com
Subject: [PATCH 5/6 V2] xfs: fix buffer shudown reference count mismatch
Date: Fri, 2 Nov 2012 14:23:12 +1100 [thread overview]
Message-ID: <20121102032312.GW29378@dastard> (raw)
In-Reply-To: <20121102024351.GU29378@dastard>
xfs: fix buffer shudown reference count mismatch
From: Dave Chinner <dchinner@redhat.com>
When we shut down the filesystem, we have to unpin and free all the
buffers currently active in the CIL. To do this we unpin and remove
them in one operation as a result of a failed iclogbuf write. For
buffers, we do this removal via a simultated IO completion of after
marking the buffer stale.
At the time we do this, we have two references to the buffer - the
active LRU reference and the buf log item. The LRU reference is
removed by marking the buffer stale, and the active CIL reference is
by the xfs_buf_iodone() callback that is run by
xfs_buf_do_callbacks() during ioend processing (via the bp->b_iodone
callback).
However, ioend processing requires one more reference - that of the
IO that it is completing. We don't have this reference, so we free
the buffer prematurely and use it after it is freed. For buffers
marked with XBF_ASYNC, this leads to assert failures in
xfs_buf_rele() on debug kernels because the b_hold count is zero.
Fix this by making sure we take the necessary IO reference before
starting IO completion processing on the stale buffer, and set the
XBF_ASYNC flag to ensure that IO completion processing removes all
the active references from the buffer to ensure it is fully torn
down.
Cc: <stable@vger.kernel.org>
Signed-off-by: Dave Chinner <dchinner@redhat.com>
---
V2 - add XBF_ASYNC to buffers so last reference is always removed.
Fixes shutdown assert failures due to references from buffers
remaining the perag structures at unmount.
fs/xfs/xfs_buf_item.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/fs/xfs/xfs_buf_item.c b/fs/xfs/xfs_buf_item.c
index a8d0ed9..becf4a9 100644
--- a/fs/xfs/xfs_buf_item.c
+++ b/fs/xfs/xfs_buf_item.c
@@ -526,7 +526,25 @@ xfs_buf_item_unpin(
}
xfs_buf_relse(bp);
} else if (freed && remove) {
+ /*
+ * There are currently two references to the buffer - the active
+ * LRU reference and the buf log item. What we are about to do
+ * here - simulate a failed IO completion - requires 3
+ * references.
+ *
+ * The LRU reference is removed by the xfs_buf_stale() call. The
+ * buf item reference is removed by the xfs_buf_iodone()
+ * callback that is run by xfs_buf_do_callbacks() during ioend
+ * processing (via the bp->b_iodone callback), and then finally
+ * the ioend processing will drop the IO reference if the buffer
+ * is marked XBF_ASYNC.
+ *
+ * Hence we need to take an additional reference here so that IO
+ * completion processing doesn't free the buffer prematurely.
+ */
xfs_buf_lock(bp);
+ xfs_buf_hold(bp);
+ bp->b_flags |= XBF_ASYNC;
xfs_buf_ioerror(bp, EIO);
XFS_BUF_UNDONE(bp);
xfs_buf_stale(bp);
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
next prev parent reply other threads:[~2012-11-02 3:21 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-02 0:38 [PATCH 0/6] xfs: fixes for 3.7-rc3 Dave Chinner
2012-11-02 0:38 ` [PATCH 1/6] xfs: silence uninitialised f.file warning Dave Chinner
2012-11-02 13:04 ` Christoph Hellwig
2012-11-02 21:23 ` Mark Tinguely
2012-11-02 0:38 ` [PATCH 2/6] xfs: growfs: don't read garbage for new secondary superblocks Dave Chinner
2012-11-02 0:38 ` [PATCH 3/6] xfs: invalidate allocbt blocks moved to the free list Dave Chinner
2012-10-09 19:11 ` [PATCH] xfs: report projid32bit feature in geometry call Eric Sandeen
2012-10-09 19:28 ` Carlos Maiolino
2012-10-09 19:45 ` Dave Chinner
2012-10-11 0:02 ` Eric Sandeen
2012-10-30 19:43 ` Ben Myers
2012-10-30 19:44 ` Eric Sandeen
2012-11-08 16:12 ` Ben Myers
2012-11-02 21:23 ` [PATCH 3/6] xfs: invalidate allocbt blocks moved to the free list Mark Tinguely
2012-11-02 0:38 ` [PATCH 4/6] xfs: don't vmap inode cluster buffers during free Dave Chinner
2012-11-02 13:05 ` Christoph Hellwig
2012-11-02 21:24 ` Mark Tinguely
2012-11-02 0:38 ` [PATCH 5/6] xfs: fix buffer shudown reference count mismatch Dave Chinner
2012-11-02 2:43 ` Dave Chinner
2012-11-02 3:23 ` Dave Chinner [this message]
2012-11-02 13:17 ` [PATCH 5/6 V2] " Mark Tinguely
2012-11-02 13:13 ` [PATCH 5/6] " Christoph Hellwig
2012-11-02 17:10 ` Mark Tinguely
2012-11-02 23:47 ` Dave Chinner
2012-11-06 12:59 ` Christoph Hellwig
2012-11-06 19:59 ` Dave Chinner
2012-11-02 0:38 ` [PATCH 6/6] xfs: fix reading of wrapped log data Dave Chinner
2012-11-02 13:07 ` Christoph Hellwig
2012-11-02 23:51 ` Dave Chinner
2012-11-02 21:24 ` Mark Tinguely
2012-11-07 20:56 ` [PATCH 0/6] xfs: fixes for 3.7-rc3 Dave Chinner
2012-11-08 16:34 ` Ben Myers
2012-11-08 16:15 ` Ben Myers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121102032312.GW29378@dastard \
--to=david@fromorbit.com \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox