[PATCH v2] block, writeback: wait for writeback to finish before detaching wb

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Tahsin Erdogan <tahsin@google.com>
To: Alexander Viro <viro@zeniv.linux.org.uk>,
	Ilya Dryomov <idryomov@gmail.com>, Jens Axboe <axboe@fb.com>,
	Raghavendra K T <raghavendra.kt@linux.vnet.ibm.com>,
	Tejun Heo <tj@kernel.org>, Jan Kara <jack@suse.cz>
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
	stable@vger.kernel.org, Tahsin Erdogan <tahsin@google.com>
Subject: [PATCH v2] block, writeback: wait for writeback to finish before detaching wb
Date: Thu,  9 Mar 2017 15:46:08 -0800	[thread overview]
Message-ID: <20170309234608.12738-1-tahsin@google.com> (raw)
In-Reply-To: <20170309182645.GD28982@htj.duckdns.org>

__blkdev_put() could surprise writeback thread by detaching the
wb object from an inode that hasn't cleared the I_SYNC flag yet.
This causes a NULL pointer dereference as seen below:

  BUG: unable to handle kernel NULL pointer dereference at (null)
  IP: locked_inode_to_wb_and_lock_list+0x38/0x440
  PGD 0
  Oops: 0000 [#1] SMP
  CPU: 0 PID: 34 Comm: kworker/u8:1 Not tainted 4.11.0-rc1+ #202
  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
  Workqueue: writeback wb_workfn (flush-8:16)
  task: ffff88013aa780c0 task.stack: ffffc9000012c000
  RIP: 0010:locked_inode_to_wb_and_lock_list+0x38/0x440
  RSP: 0018:ffffc9000012fb70 EFLAGS: 00010202
  RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000018
  RDX: ffff88013aa780c0 RSI: ffff880139a478f8 RDI: ffff88013aa788b8
  RBP: ffffc9000012fba0 R08: 0000000000000001 R09: 0000000000000000
  R10: 00000000969da8e2 R11: 0000000000000000 R12: ffff880139a47858
  R13: ffff880139a478e0 R14: ffff880139a478f8 R15: ffff8801371f4058
  FS:  0000000000000000(0000) GS:ffff88013ae00000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 0000000000000000 CR3: 0000000001012000 CR4: 00000000000006f0
  Call Trace:
   writeback_sb_inodes+0x3e1/0x7a0
   __writeback_inodes_wb+0x87/0xc0
   wb_writeback+0x2e7/0x5c0
   wb_workfn+0x2d1/0x9c0
   process_one_work+0x1d3/0x620
   worker_thread+0x126/0x4a0
   kthread+0x10a/0x140
   ret_from_fork+0x2e/0x40
  RIP: locked_inode_to_wb_and_lock_list+0x38/0x440 RSP: ffffc9000012fb70
  CR2: 0000000000000000
  ---[ end trace e0ea8a2695f4c86c ]---

Make __blkdev_put() wait for the I_SYNC flag to clear before detaching
wb.

Fixes: 43d1c0eb7e11 ("block: detach bdev inode from its wb in __blkdev_put()")
Signed-off-by: Tahsin Erdogan <tahsin@google.com>
---
v2:
  Removed white space clean up changes

 fs/block_dev.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/block_dev.c b/fs/block_dev.c
index 2eca00ec4370..fdc71f9f8003 100644
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -1880,7 +1880,10 @@ static void __blkdev_put(struct block_device *bdev, fmode_t mode, int for_part)
 		 * Detaching bdev inode from its wb in __destroy_inode()
 		 * is too late: the queue which embeds its bdi (along with
 		 * root wb) can be gone as soon as we put_disk() below.
+		 * Before detaching wb, wait for any writeback activity for
+		 * inode to settle.
 		 */
+		inode_wait_for_writeback(bdev->bd_inode);
 		inode_detach_wb(bdev->bd_inode);
 	}
 	if (bdev->bd_contains == bdev) {
-- 
2.12.0.246.ga2ecc84866-goog

next prev parent reply	other threads:[~2017-03-09 23:46 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-03-09  2:19 [PATCH] block, writeback: wait for writeback to finish before detaching wb Tahsin Erdogan
2017-03-09 18:26 ` Tejun Heo
2017-03-09 23:46   ` Tahsin Erdogan [this message]
2017-03-09 23:53     ` [PATCH v2] " Tahsin Erdogan
2017-03-09 23:53   ` [PATCH] " Jan Kara

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:2eca00ec437 dfblob:fdc71f9f800 )
 OR (
bs:"[PATCH v2] block, writeback: wait for writeback to finish before detaching wb" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170309234608.12738-1-tahsin@google.com \
    --to=tahsin@google.com \
    --cc=axboe@fb.com \
    --cc=idryomov@gmail.com \
    --cc=jack@suse.cz \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=raghavendra.kt@linux.vnet.ibm.com \
    --cc=stable@vger.kernel.org \
    --cc=tj@kernel.org \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox