Re: RFC: fixing kernel oops on interrupted COMMIT from nfs_commit_file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Apr 13, 2017 at 4:13 PM, Anna Schumaker
<Anna.Schumaker@xxxxxxxxxx> wrote:
>
>
> On 04/13/2017 03:16 PM, Anna Schumaker wrote:
>>
>>
>> On 04/13/2017 03:07 PM, Olga Kornievskaia wrote:
>>> On Thu, Apr 13, 2017 at 2:51 PM, Trond Myklebust
>>> <trondmy@xxxxxxxxxxxxxxx> wrote:
>>>> On Thu, 2017-04-13 at 14:00 -0400, Olga Kornievskaia wrote:
>>>>> Hi folks,
>>>>>
>>>>> Looking for suggestions on how to fix a kernel oops.
>>>>>
>>>>> It's possible that there is a ctrl-c when the COMMIT is send. In case
>>>>> of the COPY, it calls
>>>>> nfs_commit_file() which calls wait_on_commit() that is interrupted by
>>>>> the crtl-c and frees the nfs_page request. So when asynchronous
>>>>> COMMIT
>>>>> rpc comes back it tried to use the nfs_page request and gets the
>>>>> oops.
>>>>>
>>>>
>>>> Is that call to nfs_free_request() in nfs_commit_file() correct?
>>>
>>> yes, nfs_commit_file() creates a new request via nfs_create_request()
>>> and in the end if calls nfs_free_request();
>>>
>>>> It looks to me as if the same request will be freed in
>>>> nfs_commit_release_pages().
>>>
>>> so nfs_commit_release_pages() thru the
>>> nfs_unlock_and_release_request() is going to call
>>> nfs_release_request() from req->wb_kref.. I'm not sure if this is
>>> setup(?) for the copy commit path?
>>>
>>> Otherwise, it would have seem that we'd be doing a double free and I
>>> haven't seen that in testing (not that it can't be true)...
>>
>> I haven't seen any double-free messages during my testing either, so I thought it was okay.  It's possible I'm wrong, though.  I wonder if this is something that memory poisoning can help figure out?
>
> After some experimenting, I can still use the nfs_page after nfs_commit_inode() has returned withotu any memory issues.

I think perhaps nfs_commit_file() needs to call nfs_release_request()
instead of directly calling nfs_free_request(). nfs_release_request
does a put on wb_kref and once it's 0 it'll call release.

So I think with that change my ctrl-c no longer produces the oops
either. I'll test a bit more and I'll send another patch.



>
>>
>> Anna
>>
>>>
>>>
>>>
>>>>
>>>> Anna?
>>>>
>>>> --
>>>> Trond Myklebust
>>>> Linux NFS client maintainer, PrimaryData
>>>> trond.myklebust@xxxxxxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux