On 10/6/20 8:21 PM, Darrick J. Wong wrote: > On Tue, Oct 06, 2020 at 09:15:41PM +0200, Pavel Reichl wrote: >> Remove mrlock_t as it does not provide any extra value over >> rw_semaphores. Make i_lock and i_mmaplock native rw_semaphores and >> replace mr*() functions with native rwsem calls. >> >> Release the lock in xfs_btree_split() just before the work-queue >> executing xfs_btree_split_worker() is scheduled and make >> xfs_btree_split_worker() to acquire the lock as a first thing and >> release it just before returning from the function. This it done so the >> ownership of the lock is transfered between kernel threads and thus >> lockdep won't complain about lock being held by a different kernel >> thread. >> >> Signed-off-by: Pavel Reichl <preichl@xxxxxxxxxx> >> --- >> fs/xfs/libxfs/xfs_btree.c | 14 +++++++ >> fs/xfs/mrlock.h | 78 --------------------------------------- >> fs/xfs/xfs_inode.c | 36 ++++++++++-------- >> fs/xfs/xfs_inode.h | 4 +- >> fs/xfs/xfs_iops.c | 4 +- >> fs/xfs/xfs_linux.h | 2 +- >> fs/xfs/xfs_super.c | 6 +-- >> 7 files changed, 41 insertions(+), 103 deletions(-) >> delete mode 100644 fs/xfs/mrlock.h >> >> diff --git a/fs/xfs/libxfs/xfs_btree.c b/fs/xfs/libxfs/xfs_btree.c >> index 2d25bab68764..1d1bb8423688 100644 >> --- a/fs/xfs/libxfs/xfs_btree.c >> +++ b/fs/xfs/libxfs/xfs_btree.c >> @@ -2816,6 +2816,7 @@ xfs_btree_split_worker( >> unsigned long pflags; >> unsigned long new_pflags = PF_MEMALLOC_NOFS; >> >> + rwsem_acquire(&args->cur->bc_ino.ip->i_lock.dep_map, 0, 0, _RET_IP_); > These calls also need a comment explaining just what they're doing. > >> /* >> * we are in a transaction context here, but may also be doing work >> * in kswapd context, and hence we may need to inherit that state >> @@ -2832,6 +2833,7 @@ xfs_btree_split_worker( >> complete(args->done); >> >> current_restore_flags_nested(&pflags, new_pflags); >> + rwsem_release(&args->cur->bc_ino.ip->i_lock.dep_map, _THIS_IP_); > Note that as soon as you call complete(), xfs_btree_split can wake up > and return, which means that *args could now point to reclaimed stack > space. This leads to crashes and memory corruption in generic/562 on > a 1k block filesystem (though in principle this can happen anywhere): What's the right way out of this; store *ip when we enter the function and use that to get to the map, rather than args i guess? Thanks, -Eric
