1
linux/fs
Dave Chinner 5b257b4a1f xfs: fix race in inode cluster freeing failing to stale inodes
When an inode cluster is freed, it needs to mark all inodes in memory as
XFS_ISTALE before marking the buffer as stale. This is eeded because the inodes
have a different life cycle to the buffer, and once the buffer is torn down
during transaction completion, we must ensure none of the inodes get written
back (which is what XFS_ISTALE does).

Unfortunately, xfs_ifree_cluster() has some bugs that lead to inodes not being
marked with XFS_ISTALE. This shows up when xfs_iflush() is called on these
inodes either during inode reclaim or tail pushing on the AIL.  The buffer is
read back, but no longer contains inodes and so triggers assert failures and
shutdowns. This was reproducable with at run.dbench10 invocation from xfstests.

There are two main causes of xfs_ifree_cluster() failing. The first is simple -
it checks in-memory inodes it finds in the per-ag icache to see if they are
clean without holding the flush lock. if they are clean it skips them
completely. However, If an inode is flushed delwri, it will
appear clean, but is not guaranteed to be written back until the flush lock has
been dropped. Hence we may have raced on the clean check and the inode may
actually be dirty. Hence always mark inodes found in memory stale before we
check properly if they are clean.

The second is more complex, and makes the first problem easier to hit.
Basically the in-memory inode scan is done with full knowledge it can be racing
with inode flushing and AIl tail pushing, which means that inodes that it can't
get the flush lock on might not be attached to the buffer after then in-memory
inode scan due to IO completion occurring. This is actually documented in the
code as "needs better interlocking". i.e. this is a zero-day bug.

Effectively, the in-memory scan must be done while the inode buffer is locked
and Io cannot be issued on it while we do the in-memory inode scan. This
ensures that inodes we couldn't get the flush lock on are guaranteed to be
attached to the cluster buffer, so we can then catch all in-memory inodes and
mark them stale.

Now that the inode cluster buffer is locked before the in-memory scan is done,
there is no need for the two-phase update of the in-memory inodes, so simplify
the code into two loops and remove the allocation of the temporary buffer used
to hold locked inodes across the phases.

Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
2010-06-03 16:22:29 +10:00
..
9p 9p: add bdi backing to mount session 2010-04-22 11:42:00 +02:00
adfs include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
affs include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
afs Merge branch 'for-linus' of git://git.kernel.dk/linux-2.6-block 2010-04-28 07:56:05 -07:00
autofs include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
autofs4 autofs4-2.6.34-rc1 - fix link_count usage 2010-05-10 09:48:10 -07:00
befs include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
bfs pass writeback_control to ->write_inode 2010-03-05 13:25:52 -05:00
btrfs Merge git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-unstable 2010-05-15 12:55:31 -07:00
cachefiles CacheFiles: Fix error handling in cachefiles_determine_cache_security() 2010-05-12 18:23:58 -07:00
ceph ceph: preserve seq # on requeued messages after transient transport errors 2010-05-11 21:20:38 -07:00
cifs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6 2010-05-13 10:36:16 -07:00
coda coda: add bdi backing to mount session 2010-04-22 12:12:40 +02:00
configfs Fix the regression created by "set S_DEAD on unlink()..." commit 2010-05-15 07:16:33 -04:00
cramfs
debugfs include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
devpts include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
dlm include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
ecryptfs ecryptfs: add bdi backing to mount session 2010-04-22 12:22:04 +02:00
efs
exofs exofs: Fix "add bdi backing to mount session" fall out 2010-04-29 20:35:29 +02:00
exportfs
ext2 ext2: symlink must be handled via filesystem specific operation 2010-04-12 21:11:25 +02:00
ext3 ext3: symlink must be handled via filesystem specific operation 2010-04-12 21:11:39 +02:00
ext4 Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 2010-04-25 10:01:51 -07:00
fat Merge branch 'master' into export-slabh 2010-04-05 11:37:28 +09:00
freevxfs include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
fscache fs-cache: order the debugfs stats correctly 2010-04-07 08:38:05 -07:00
fuse include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
gfs2 include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
hfs include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
hfsplus include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
hostfs include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
hpfs include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
hppfs hppfs can use existing proc_mnt, no need for do_kern_mount() in there 2010-03-03 14:08:00 -05:00
hugetlbfs
isofs include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
jbd include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
jbd2 include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
jffs2 include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
jfs JFS: Free sbi memory in error path 2010-05-15 07:16:34 -04:00
lockd include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
logfs Fix double-free in logfs 2010-05-15 07:16:33 -04:00
minix include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
ncpfs ncpfs: add bdi backing to mount session 2010-04-22 12:31:11 +02:00
nfs NFS: Fix RCU issues in the NFSv4 delegation code 2010-05-01 12:37:18 -04:00
nfs_common include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
nfsd nfsd4: bug in read_buf 2010-04-26 15:39:08 -04:00
nilfs2 nilfs2: fix sync silent failure 2010-05-03 07:36:01 -07:00
nls
notify Merge branch 'for-linus' of git://git.infradead.org/users/eparis/notify 2010-05-14 11:49:42 -07:00
ntfs include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
ocfs2 ocfs2: Avoid a gcc warning in ocfs2_wipe_inode(). 2010-05-03 19:15:49 -07:00
omfs include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
openpromfs
partitions include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
proc revert "procfs: provide stack information for threads" and its fixup commits 2010-05-11 17:33:41 -07:00
qnx4 fs/qnx4: decrement sizeof size in strncmp 2010-02-04 11:55:46 +01:00
quota quota: Convert __DQUOT_PARANOIA symbol to standard config option 2010-04-20 18:25:25 +02:00
ramfs include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
reiserfs reiserfs: fix corruption during shrinking of xattrs 2010-04-24 11:31:24 -07:00
romfs fix leak in romfs_fill_super() 2010-01-26 22:22:26 -05:00
smbfs smbfs: add bdi backing to mount session 2010-04-22 12:37:07 +02:00
squashfs squashfs: fix potential buffer over-run on 4K block file systems 2010-04-25 02:09:05 +01:00
sysfs include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
sysv fs/sysv: dereferencing ERR_PTR() 2010-05-15 07:16:33 -04:00
ubifs include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
udf udf: add speciffic ->setattr callback 2010-04-08 15:35:20 +02:00
ufs ufs: make solaris fsck happy 2010-03-12 15:52:35 -08:00
xfs xfs: fix race in inode cluster freeing failing to stale inodes 2010-06-03 16:22:29 +10:00
aio.c
anon_inodes.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
attr.c fs: use rlimit helpers 2010-03-06 11:26:29 -08:00
bad_inode.c
binfmt_aout.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
binfmt_elf_fdpic.c Remove redundant check for CONFIG_MMU 2010-04-27 09:01:26 -07:00
binfmt_elf.c coredump: pass mm->flags as a coredump parameter for consistency 2010-03-06 11:26:46 -08:00
binfmt_em86.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
binfmt_flat.c uclinux: error message when FLAT reloc symbol is invalid, v2 2010-04-21 13:28:49 +10:00
binfmt_misc.c
binfmt_script.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
binfmt_som.c Split 'flush_old_exec' into two functions 2010-01-29 08:22:01 -08:00
bio-integrity.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
bio.c Merge branch 'master' into for-linus 2010-03-19 08:05:10 +01:00
block_dev.c fs/block_dev.c: fix performance regression in O_DIRECT|O_SYNC writes to block devices 2010-04-24 11:31:26 -07:00
buffer.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-03-12 16:04:50 -08:00
char_dev.c
compat_binfmt_elf.c elf coredump: replace ELF_CORE_EXTRA_* macros by functions 2010-03-06 11:26:45 -08:00
compat_ioctl.c pktcdvd: improve BKL and compat_ioctl.c usage 2010-04-29 08:44:37 -07:00
compat.c revert "procfs: provide stack information for threads" and its fixup commits 2010-05-11 17:33:41 -07:00
dcache.c fix race in d_splice_alias() 2010-03-03 14:13:08 -05:00
dcookies.c
direct-io.c
drop_caches.c
eventfd.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
eventpoll.c
exec.c revert "procfs: provide stack information for threads" and its fixup commits 2010-05-11 17:33:41 -07:00
fcntl.c fs: use rlimit helpers 2010-03-06 11:26:29 -08:00
fifo.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
file_table.c vfs: take f_lock on modifying f_mode after open time 2010-03-06 11:26:25 -08:00
file.c fs: use rlimit helpers 2010-03-06 11:26:29 -08:00
filesystems.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
fs_struct.c
fs-writeback.c Merge branch 'for-linus' of git://git.kernel.dk/linux-2.6-block 2010-04-09 11:50:29 -07:00
generic_acl.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
inode.c dquot: move dquot initialization responsibility into the filesystem 2010-03-05 00:20:30 +01:00
internal.h Take vfsmount_lock to fs/internal.h 2010-03-03 14:07:59 -05:00
ioctl.c Cleanup generic block based fiemap 2010-04-23 10:39:48 -07:00
ioprio.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
Kconfig Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2010-03-19 09:43:06 -07:00
Kconfig.binfmt
libfs.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
locks.c Merge branch 'for-next' into for-linus 2010-03-08 16:55:37 +01:00
Makefile Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2010-03-19 09:43:06 -07:00
mbcache.c
mpage.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
namei.c Fix the regression created by "set S_DEAD on unlink()..." commit 2010-05-15 07:16:33 -04:00
namespace.c Fix the regression created by "set S_DEAD on unlink()..." commit 2010-05-15 07:16:33 -04:00
nfsctl.c Switch may_open() and break_lease() to passing O_... 2010-03-03 13:00:21 -05:00
no-block.c
open.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
pipe.c
pnode.c Kill CL_PROPAGATION, sanitize fs/pnode.c:get_source() 2010-03-03 13:00:22 -05:00
pnode.h VFS: Clean up shared mount flag propagation 2010-03-03 14:07:55 -05:00
posix_acl.c
read_write.c do_sync_read/write() should set kiocb.ki_nbytes to be consistent 2010-03-24 16:43:29 -07:00
read_write.h
readdir.c
select.c Add generic sys_old_select() 2010-03-12 15:52:32 -08:00
seq_file.c seq_file: fix new kernel-doc warnings 2010-03-07 15:48:26 -08:00
signalfd.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
splice.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
stack.c
stat.c
super.c fs: fs/super.c needs to include backing-dev.h for !CONFIG_BLOCK 2010-04-29 20:33:35 +02:00
sync.c Catch filesystems lacking s_bdi 2010-04-25 08:54:42 +02:00
timerfd.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
utimes.c
xattr_acl.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
xattr.c