On Fri, Apr 07, 2017 at 08:02:30AM -0400, Brian Foster wrote:
> On Thu, Apr 06, 2017 at 03:39:21PM -0700, Darrick J. Wong wrote:
> > On Fri, Feb 24, 2017 at 02:53:19PM -0500, Brian Foster wrote:
> > > The quotacheck error handling of the delwri buffer list assumes the
> > > resident buffers are locked and doesn't clear the _XBF_DELWRI_Q flag
> > > on the buffers that are dequeued. This can lead to assert failures
> > > on buffer release and possibly other locking problems.
> > >
> > > Update the error handling code to lock each buffer as it is removed
> > > from the buffer list and clear the delwri queue flag.
> > >
> > > Signed-off-by: Brian Foster <bfoster@xxxxxxxxxx>
> > > ---
> > > fs/xfs/xfs_buf.c | 2 ++
> > > fs/xfs/xfs_qm.c | 2 ++
> > > 2 files changed, 4 insertions(+)
> > >
> > > diff --git a/fs/xfs/xfs_buf.c b/fs/xfs/xfs_buf.c
> > > index ac3b4db..e566510 100644
> > > --- a/fs/xfs/xfs_buf.c
> > > +++ b/fs/xfs/xfs_buf.c
> > > @@ -1078,6 +1078,8 @@ void
> > > xfs_buf_unlock(
> > > struct xfs_buf *bp)
> > > {
> > > + ASSERT(xfs_buf_islocked(bp));
> > > +
> > > XB_CLEAR_OWNER(bp);
> > > up(&bp->b_sema);
> > >
> > > diff --git a/fs/xfs/xfs_qm.c b/fs/xfs/xfs_qm.c
> > > index b669b12..4ff993c 100644
> > > --- a/fs/xfs/xfs_qm.c
> > > +++ b/fs/xfs/xfs_qm.c
> > > @@ -1387,6 +1387,8 @@ xfs_qm_quotacheck(
> > > while (!list_empty(&buffer_list)) {
> > > struct xfs_buf *bp =
> > > list_first_entry(&buffer_list, struct xfs_buf, b_list);
> > > + xfs_buf_lock(bp);
> > > + bp->b_flags &= ~_XBF_DELWRI_Q;
> > > list_del_init(&bp->b_list);
> > > xfs_buf_relse(bp);
> >
> > Hmm, was this the only place we ever _buf_unlock'd an unlocked buffer?
> >
>
> I'm not aware of any other places (otherwise I would try to fix them :).
> Or perhaps I'm not following the question...
>
> I do recall a similar problem with flush locks fixed in commit 98efe8a
> ("xfs: fix unbalanced inode reclaim flush locking").
So... the previous quotacheck code reads the buffer, fiddles with it,
and _buf_relse's the buffer, which unlocks it. When we end up in this
error path, we've previously been unlocking an already unlocked buffer,
right? So have we just been screwing up the semaphore all this time and
just never noticed because quotacheck probably doesn't fail all that
often? I think it's a good idea (in general) to check for unlocking
buffers that are already unlocked, but I worry about the side effects.
Granted, if there /are/ other places in the regular code path where we
screw up the buffer locking I imagine we'd have noticed; and if there
are bugs lurking, better to ASSERT them into the light. I ran the
auto group and didn't see anything, so perhaps we're ok enough?
--D
>
> Brian
>
> > --D
> >
> > > }
> > > --
> > > 2.7.4
> > >
> > > --
> > > To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> > > the body of a message to majordomo@xxxxxxxxxxxxxxx
> > > More majordomo info at http://vger.kernel.org/majordomo-info.html
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> > the body of a message to majordomo@xxxxxxxxxxxxxxx
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
> --
> To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
