On Fri, Nov 10, 2017 at 10:24:25AM +1100, Dave Chinner wrote: > On Wed, Nov 08, 2017 at 10:00:10PM -0800, Darrick J. Wong wrote: > > From: Darrick J. Wong <darrick.wong@xxxxxxxxxx> > > > > When mounting fails, we must force-reclaim inodes (and disable delayed > > reclaim) /after/ the realtime and quota control have let go of the > > realtime and quota inodes. Without this, we corrupt the timer list and > > cause other weird problems. > > > > Found by xfs/376 fuzzing u3.bmbt[0].lastoff on an rmap filesystem to > > force a bogus post-eof extent reclaim that causes the fs to go down. > > > > Signed-off-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx> > > --- > > fs/xfs/xfs_mount.c | 9 +++++++-- > > 1 file changed, 7 insertions(+), 2 deletions(-) > > > > diff --git a/fs/xfs/xfs_mount.c b/fs/xfs/xfs_mount.c > > index e9727d0..a9f0fe9 100644 > > --- a/fs/xfs/xfs_mount.c > > +++ b/fs/xfs/xfs_mount.c > > @@ -1022,10 +1022,15 @@ xfs_mountfs( > > xfs_rtunmount_inodes(mp); > > out_rele_rip: > > IRELE(rip); > > - cancel_delayed_work_sync(&mp->m_reclaim_work); > > - xfs_reclaim_inodes(mp, SYNC_WAIT); > > /* Clean out dquots that might be in memory after quotacheck. */ > > xfs_qm_unmount(mp); > > + /* > > + * Cancel all delayed reclaim work and reclaim the inodes directly. > > + * We have to do this /after/ rtunmount and qm_unmount because those > > + * two will have scheduled delayed reclaim for the rt/quota inodes. > > + */ > > + cancel_delayed_work_sync(&mp->m_reclaim_work); > > + xfs_reclaim_inodes(mp, SYNC_WAIT); > > out_log_dealloc: > > mp->m_flags |= XFS_MOUNT_UNMOUNTING; > > xfs_log_mount_cancel(mp); > > Same bug in xfs_unmountfs(), isn't there? Otherwise this needs > explaining why the order is different to a normal unmount... Slightly different circumstances here. In the unmountfs path we're guaranteed to have called xfs_qm_unmount_quotas (which will irele the quota inodes) before we shut down inode reclaim, but in the mountfs error-out paths we decide to bail out after xfs_qm_newmount but before calling xfs_qm_mount_quotas (e.g. log_mount_finish failure), which means that xfs_qm_unmount is the only chance we have to clean out the quota inodes. --D > Cheers, > > Dave. > -- > Dave Chinner > david@xxxxxxxxxxxxx > -- > To unsubscribe from this list: send the line "unsubscribe linux-xfs" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-xfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
