On Mon, Jul 08, 2024 at 10:40:37AM -0500, Eric Sandeen wrote:
> On 6/24/24 11:03 AM, Darrick J. Wong wrote:
> > On Sat, Jun 22, 2024 at 04:26:31PM +0800, Long Li wrote:
> >> xfs_attr_shortform_list() only called from a non-transactional context, it
> >> hold ilock before alloc memory and maybe trapped in memory reclaim. Since
> >> commit 204fae32d5f7("xfs: clean up remaining GFP_NOFS users") removed
> >> GFP_NOFS flag, lockdep warning will be report as [1]. Eliminate lockdep
> >> false positives by use __GFP_NOLOCKDEP to alloc memory
> >> in xfs_attr_shortform_list().
> >>
> >> [1] https://lore.kernel.org/linux-xfs/000000000000e33add0616358204@xxxxxxxxxx/
> >> Reported-by: syzbot+4248e91deb3db78358a2@xxxxxxxxxxxxxxxxxxxxxxxxx
> >> Signed-off-by: Long Li <leo.lilong@xxxxxxxxxx>
> >> ---
> >> fs/xfs/xfs_attr_list.c | 3 ++-
> >> 1 file changed, 2 insertions(+), 1 deletion(-)
> >>
> >> diff --git a/fs/xfs/xfs_attr_list.c b/fs/xfs/xfs_attr_list.c
> >> index 5c947e5ce8b8..8cd6088e6190 100644
> >> --- a/fs/xfs/xfs_attr_list.c
> >> +++ b/fs/xfs/xfs_attr_list.c
> >> @@ -114,7 +114,8 @@ xfs_attr_shortform_list(
> >> * It didn't all fit, so we have to sort everything on hashval.
> >> */
> >> sbsize = sf->count * sizeof(*sbuf);
> >> - sbp = sbuf = kmalloc(sbsize, GFP_KERNEL | __GFP_NOFAIL);
> >> + sbp = sbuf = kmalloc(sbsize,
> >> + GFP_KERNEL | __GFP_NOLOCKDEP | __GFP_NOFAIL);
> >
> > Why wouldn't we memalloc_nofs_save any time we take an ILOCK when we're
> > not in transaction context? Surely you'd want to NOFS /any/ allocation
> > when the ILOCK is held, right?
>
> I'm not sure I understand this. AFAICT, this is indeed a false positive, and can
> be fixed by applying exactly the same pattern used elsewhere in
> 94a69db2367e ("xfs: use __GFP_NOLOCKDEP instead of GFP_NOFS")
>
> Using memalloc_nofs_save implies that this really /would/ deadlock without
> GFP_NOFS, right? Is that the case?
>
> I was under the impression that this was simply a missed callsite in 94a69db2367e
> and as Long Li points out, other allocations under xfs_attr_list_ilocked()
> use the exact same (GFP_KERNEL | __GFP_NOLOCKDEP | __GFP_NOFAIL) pattern
> proposed in this change.
Oh, now I see that the alleged deadlock is between the ILOCK of a
directory that we're accessing, and a different inode that we're trying
to reclaim. Lockdep doesn't know that these two contexts are mutually
exclusive since reclaim cannot target an inode with an active ref. NOFS
is a big hammer, which is why the proposal is to turn off lockdep for
the allocation? Why not fix lockdep's tracking?
<sees another thread>
https://lore.kernel.org/linux-xfs/Zou8FCgPKqqWXKyS@xxxxxxxxxxxxxxxxxxx/
We can't use an ILOCK subclass for the reclaim code because we've run
out of lockdep subclasses. I guess you could abuse lockdep_set_class to
change the lockdep class of an ILOCK when the inode enters reclaim (and
change it back if the inode gets recycled) but that's a bit gross.
What if we got rid of XFS_ILOCK_RT{BITMAP,SUMMARY} to free up subclass
bits?
https://lore.kernel.org/linux-xfs/?q=xfs%3A+remove+XFS_ILOCK_RT
--D
> Thanks,
> -Eric
>
