Re: [PATCH] xfs: eliminate lockdep false positives in xfs_attr_shortform_list

["Darrick J. Wong" <djwong@kernel.org>]

On Mon, Jul 08, 2024 at 10:40:37AM -0500, Eric Sandeen wrote:
> On 6/24/24 11:03 AM, Darrick J. Wong wrote:
> > On Sat, Jun 22, 2024 at 04:26:31PM +0800, Long Li wrote:
> >> xfs_attr_shortform_list() only called from a non-transactional context, it
> >> hold ilock before alloc memory and maybe trapped in memory reclaim. Since
> >> commit 204fae32d5f7("xfs: clean up remaining GFP_NOFS users") removed
> >> GFP_NOFS flag, lockdep warning will be report as [1]. Eliminate lockdep
> >> false positives by use __GFP_NOLOCKDEP to alloc memory
> >> in xfs_attr_shortform_list().
> >>
> >> [1] https://lore.kernel.org/linux-xfs/000000000000e33add0616358204@google.com/
> >> Reported-by: syzbot+4248e91deb3db78358a2@syzkaller.appspotmail.com
> >> Signed-off-by: Long Li <leo.lilong@huawei.com>
> >> ---
> >>  fs/xfs/xfs_attr_list.c | 3 ++-
> >>  1 file changed, 2 insertions(+), 1 deletion(-)
> >>
> >> diff --git a/fs/xfs/xfs_attr_list.c b/fs/xfs/xfs_attr_list.c
> >> index 5c947e5ce8b8..8cd6088e6190 100644
> >> --- a/fs/xfs/xfs_attr_list.c
> >> +++ b/fs/xfs/xfs_attr_list.c
> >> @@ -114,7 +114,8 @@ xfs_attr_shortform_list(
> >>  	 * It didn't all fit, so we have to sort everything on hashval.
> >>  	 */
> >>  	sbsize = sf->count * sizeof(*sbuf);
> >> -	sbp = sbuf = kmalloc(sbsize, GFP_KERNEL | __GFP_NOFAIL);
> >> +	sbp = sbuf = kmalloc(sbsize,
> >> +			GFP_KERNEL | __GFP_NOLOCKDEP | __GFP_NOFAIL);
> > 
> > Why wouldn't we memalloc_nofs_save any time we take an ILOCK when we're
> > not in transaction context?  Surely you'd want to NOFS /any/ allocation
> > when the ILOCK is held, right?
> 
> I'm not sure I understand this. AFAICT, this is indeed a false positive, and can
> be fixed by applying exactly the same pattern used elsewhere in
> 94a69db2367e ("xfs: use __GFP_NOLOCKDEP instead of GFP_NOFS")
> 
> Using memalloc_nofs_save implies that this really /would/ deadlock without
> GFP_NOFS, right? Is that the case?
> 
> I was under the impression that this was simply a missed callsite in 94a69db2367e
> and as Long Li points out, other allocations under xfs_attr_list_ilocked()
> use the exact same (GFP_KERNEL | __GFP_NOLOCKDEP | __GFP_NOFAIL) pattern
> proposed in this change.

Oh, now I see that the alleged deadlock is between the ILOCK of a
directory that we're accessing, and a different inode that we're trying
to reclaim.  Lockdep doesn't know that these two contexts are mutually
exclusive since reclaim cannot target an inode with an active ref.  NOFS
is a big hammer, which is why the proposal is to turn off lockdep for
the allocation?  Why not fix lockdep's tracking?

<sees another thread>
https://lore.kernel.org/linux-xfs/Zou8FCgPKqqWXKyS@dread.disaster.area/

We can't use an ILOCK subclass for the reclaim code because we've run
out of lockdep subclasses.  I guess you could abuse lockdep_set_class to
change the lockdep class of an ILOCK when the inode enters reclaim (and
change it back if the inode gets recycled) but that's a bit gross.

What if we got rid of XFS_ILOCK_RT{BITMAP,SUMMARY} to free up subclass
bits?

https://lore.kernel.org/linux-xfs/?q=xfs%3A+remove+XFS_ILOCK_RT

--D

> Thanks,
> -Eric
>