public inbox for linux-xfs@vger.kernel.org
 help / color / mirror / Atom feed
* [PATCH] xfs: fix forgotten rcu read unlock when skipping inode reclaim
@ 2017-11-14  1:04 Darrick J. Wong
  2017-11-14  6:17 ` Christoph Hellwig
  2017-11-14 18:08 ` Omar Sandoval
  0 siblings, 2 replies; 3+ messages in thread
From: Darrick J. Wong @ 2017-11-14  1:04 UTC (permalink / raw)
  To: xfs; +Cc: Omar Sandoval

From: Darrick J. Wong <darrick.wong@oracle.com>

In commit f2e9ad21 ("xfs: check for race with xfs_reclaim_inode"), we
skip an inode if we're racing with freeing the inode via
xfs_reclaim_inode, but we forgot to release the rcu read lock when
dumping the inode, with the result that we exit to userspace with a lock
held.  Don't do that; generic/320 with a 1k block size fails this
very occasionally.

================================================
WARNING: lock held when returning to user space!
4.14.0-rc6-djwong #4 Tainted: G        W
------------------------------------------------
rm/30466 is leaving the kernel with locks still held!
1 lock held by rm/30466:
 #0:  (rcu_read_lock){....}, at: [<ffffffffa01364d3>] xfs_ifree_cluster.isra.17+0x2c3/0x6f0 [xfs]
------------[ cut here ]------------
WARNING: CPU: 1 PID: 30466 at kernel/rcu/tree_plugin.h:329 rcu_note_context_switch+0x71/0x700
Modules linked in: deadline_iosched dm_snapshot dm_bufio ext4 mbcache jbd2 dm_flakey xfs libcrc32c dax_pmem device_dax nd_pmem sch_fq_codel af_packet [last unloaded: scsi_debug]
CPU: 1 PID: 30466 Comm: rm Tainted: G        W       4.14.0-rc6-djwong #4
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.10.2-1ubuntu1djwong0 04/01/2014
task: ffff880037680000 task.stack: ffffc90001064000
RIP: 0010:rcu_note_context_switch+0x71/0x700
RSP: 0000:ffffc90001067e50 EFLAGS: 00010002
RAX: 0000000000000001 RBX: ffff880037680000 RCX: ffff88003e73d200
RDX: 0000000000000002 RSI: ffffffff819e53e9 RDI: ffffffff819f4375
RBP: 0000000000000000 R08: 0000000000000000 R09: ffff880062c900d0
R10: 0000000000000000 R11: 0000000000000000 R12: ffff880037680000
R13: 0000000000000000 R14: ffffc90001067eb8 R15: ffff880037680690
FS:  00007fa3b8ce8700(0000) GS:ffff88003ec00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f69bf77c000 CR3: 000000002450a000 CR4: 00000000000006e0
Call Trace:
 __schedule+0xb8/0xb10
 schedule+0x40/0x90
 exit_to_usermode_loop+0x6b/0xa0
 prepare_exit_to_usermode+0x7a/0x90
 retint_user+0x8/0x20
RIP: 0033:0x7fa3b87fda87
RSP: 002b:00007ffe41206568 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff02
RAX: 0000000000000000 RBX: 00000000010e88c0 RCX: 00007fa3b87fda87
RDX: 0000000000000000 RSI: 00000000010e89c8 RDI: 0000000000000005
RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000000
R10: 000000000000015e R11: 0000000000000246 R12: 00000000010c8060
R13: 00007ffe41206690 R14: 0000000000000000 R15: 0000000000000000
---[ end trace e88f83bf0cfbd07d ]---

Fixes: f2e9ad212def50bcf4c098c6288779dd97fff0f0
Cc: Omar Sandoval <osandov@fb.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
 fs/xfs/xfs_inode.c |    1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c
index d8226f7..61d1cb7 100644
--- a/fs/xfs/xfs_inode.c
+++ b/fs/xfs/xfs_inode.c
@@ -2357,6 +2357,7 @@ xfs_ifree_cluster(
 				 */
 				if (ip->i_ino != inum + i) {
 					xfs_iunlock(ip, XFS_ILOCK_EXCL);
+					rcu_read_unlock();
 					continue;
 				}
 			}

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] xfs: fix forgotten rcu read unlock when skipping inode reclaim
  2017-11-14  1:04 [PATCH] xfs: fix forgotten rcu read unlock when skipping inode reclaim Darrick J. Wong
@ 2017-11-14  6:17 ` Christoph Hellwig
  2017-11-14 18:08 ` Omar Sandoval
  1 sibling, 0 replies; 3+ messages in thread
From: Christoph Hellwig @ 2017-11-14  6:17 UTC (permalink / raw)
  To: Darrick J. Wong; +Cc: xfs, Omar Sandoval

Looks fine:

Reviewed-by: Christoph Hellwig <hch@lst.de>

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] xfs: fix forgotten rcu read unlock when skipping inode reclaim
  2017-11-14  1:04 [PATCH] xfs: fix forgotten rcu read unlock when skipping inode reclaim Darrick J. Wong
  2017-11-14  6:17 ` Christoph Hellwig
@ 2017-11-14 18:08 ` Omar Sandoval
  1 sibling, 0 replies; 3+ messages in thread
From: Omar Sandoval @ 2017-11-14 18:08 UTC (permalink / raw)
  To: Darrick J. Wong; +Cc: xfs, Omar Sandoval

On Mon, Nov 13, 2017 at 05:04:26PM -0800, Darrick J. Wong wrote:
> From: Darrick J. Wong <darrick.wong@oracle.com>
> 
> In commit f2e9ad21 ("xfs: check for race with xfs_reclaim_inode"), we
> skip an inode if we're racing with freeing the inode via
> xfs_reclaim_inode, but we forgot to release the rcu read lock when
> dumping the inode, with the result that we exit to userspace with a lock
> held.  Don't do that; generic/320 with a 1k block size fails this
> very occasionally.
> 
> ================================================
> WARNING: lock held when returning to user space!
> 4.14.0-rc6-djwong #4 Tainted: G        W
> ------------------------------------------------
> rm/30466 is leaving the kernel with locks still held!
> 1 lock held by rm/30466:
>  #0:  (rcu_read_lock){....}, at: [<ffffffffa01364d3>] xfs_ifree_cluster.isra.17+0x2c3/0x6f0 [xfs]
> ------------[ cut here ]------------
> WARNING: CPU: 1 PID: 30466 at kernel/rcu/tree_plugin.h:329 rcu_note_context_switch+0x71/0x700
> Modules linked in: deadline_iosched dm_snapshot dm_bufio ext4 mbcache jbd2 dm_flakey xfs libcrc32c dax_pmem device_dax nd_pmem sch_fq_codel af_packet [last unloaded: scsi_debug]
> CPU: 1 PID: 30466 Comm: rm Tainted: G        W       4.14.0-rc6-djwong #4
> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.10.2-1ubuntu1djwong0 04/01/2014
> task: ffff880037680000 task.stack: ffffc90001064000
> RIP: 0010:rcu_note_context_switch+0x71/0x700
> RSP: 0000:ffffc90001067e50 EFLAGS: 00010002
> RAX: 0000000000000001 RBX: ffff880037680000 RCX: ffff88003e73d200
> RDX: 0000000000000002 RSI: ffffffff819e53e9 RDI: ffffffff819f4375
> RBP: 0000000000000000 R08: 0000000000000000 R09: ffff880062c900d0
> R10: 0000000000000000 R11: 0000000000000000 R12: ffff880037680000
> R13: 0000000000000000 R14: ffffc90001067eb8 R15: ffff880037680690
> FS:  00007fa3b8ce8700(0000) GS:ffff88003ec00000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 00007f69bf77c000 CR3: 000000002450a000 CR4: 00000000000006e0
> Call Trace:
>  __schedule+0xb8/0xb10
>  schedule+0x40/0x90
>  exit_to_usermode_loop+0x6b/0xa0
>  prepare_exit_to_usermode+0x7a/0x90
>  retint_user+0x8/0x20
> RIP: 0033:0x7fa3b87fda87
> RSP: 002b:00007ffe41206568 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff02
> RAX: 0000000000000000 RBX: 00000000010e88c0 RCX: 00007fa3b87fda87
> RDX: 0000000000000000 RSI: 00000000010e89c8 RDI: 0000000000000005
> RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000000
> R10: 000000000000015e R11: 0000000000000246 R12: 00000000010c8060
> R13: 00007ffe41206690 R14: 0000000000000000 R15: 0000000000000000
> ---[ end trace e88f83bf0cfbd07d ]---
> 
> Fixes: f2e9ad212def50bcf4c098c6288779dd97fff0f0
> Cc: Omar Sandoval <osandov@fb.com>
> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>

Thanks, Darrick.

Reviewed-by: Omar Sandoval <osandov@fb.com>

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-11-14 18:08 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-11-14  1:04 [PATCH] xfs: fix forgotten rcu read unlock when skipping inode reclaim Darrick J. Wong
2017-11-14  6:17 ` Christoph Hellwig
2017-11-14 18:08 ` Omar Sandoval

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox