On Mon, Jul 08, 2024 at 12:00:05PM -0700, Darrick J. Wong wrote: > On Mon, Jul 08, 2024 at 10:40:37AM -0500, Eric Sandeen wrote: > > On 6/24/24 11:03 AM, Darrick J. Wong wrote: > > > On Sat, Jun 22, 2024 at 04:26:31PM +0800, Long Li wrote: > > >> xfs_attr_shortform_list() only called from a non-transactional context, it > > >> hold ilock before alloc memory and maybe trapped in memory reclaim. Since > > >> commit 204fae32d5f7("xfs: clean up remaining GFP_NOFS users") removed > > >> GFP_NOFS flag, lockdep warning will be report as [1]. Eliminate lockdep > > >> false positives by use __GFP_NOLOCKDEP to alloc memory > > >> in xfs_attr_shortform_list(). > > >> > > >> [1] https://lore.kernel.org/linux-xfs/000000000000e33add0616358204@xxxxxxxxxx/ > > >> Reported-by: syzbot+4248e91deb3db78358a2@xxxxxxxxxxxxxxxxxxxxxxxxx > > >> Signed-off-by: Long Li <leo.lilong@xxxxxxxxxx> > > >> --- > > >> fs/xfs/xfs_attr_list.c | 3 ++- > > >> 1 file changed, 2 insertions(+), 1 deletion(-) > > >> > > >> diff --git a/fs/xfs/xfs_attr_list.c b/fs/xfs/xfs_attr_list.c > > >> index 5c947e5ce8b8..8cd6088e6190 100644 > > >> --- a/fs/xfs/xfs_attr_list.c > > >> +++ b/fs/xfs/xfs_attr_list.c > > >> @@ -114,7 +114,8 @@ xfs_attr_shortform_list( > > >> * It didn't all fit, so we have to sort everything on hashval. > > >> */ > > >> sbsize = sf->count * sizeof(*sbuf); > > >> - sbp = sbuf = kmalloc(sbsize, GFP_KERNEL | __GFP_NOFAIL); > > >> + sbp = sbuf = kmalloc(sbsize, > > >> + GFP_KERNEL | __GFP_NOLOCKDEP | __GFP_NOFAIL); > > > > > > Why wouldn't we memalloc_nofs_save any time we take an ILOCK when we're > > > not in transaction context? Surely you'd want to NOFS /any/ allocation > > > when the ILOCK is held, right? > > > > I'm not sure I understand this. AFAICT, this is indeed a false positive, and can > > be fixed by applying exactly the same pattern used elsewhere in > > 94a69db2367e ("xfs: use __GFP_NOLOCKDEP instead of GFP_NOFS") > > > > Using memalloc_nofs_save implies that this really /would/ deadlock without > > GFP_NOFS, right? Is that the case? > > > > I was under the impression that this was simply a missed callsite in 94a69db2367e > > and as Long Li points out, other allocations under xfs_attr_list_ilocked() > > use the exact same (GFP_KERNEL | __GFP_NOLOCKDEP | __GFP_NOFAIL) pattern > > proposed in this change. > > Oh, now I see that the alleged deadlock is between the ILOCK of a > directory that we're accessing, and a different inode that we're trying > to reclaim. Lockdep doesn't know that these two contexts are mutually > exclusive since reclaim cannot target an inode with an active ref. NOFS > is a big hammer, which is why the proposal is to turn off lockdep for > the allocation? Why not fix lockdep's tracking? > > <sees another thread> > https://lore.kernel.org/linux-xfs/Zou8FCgPKqqWXKyS@xxxxxxxxxxxxxxxxxxx/ > > We can't use an ILOCK subclass for the reclaim code because we've run > out of lockdep subclasses. I guess you could abuse lockdep_set_class to > change the lockdep class of an ILOCK when the inode enters reclaim (and > change it back if the inode gets recycled) but that's a bit gross. > > What if we got rid of XFS_ILOCK_RT{BITMAP,SUMMARY} to free up subclass > bits? > > https://lore.kernel.org/linux-xfs/?q=xfs%3A+remove+XFS_ILOCK_RT Yes, that would probably work - all we need is a single subclass for the ilock to say reclaim locking is a different context. There should only be one lock site that we need that annotation for (the final xfs_ilock() in xfs_reclaim_inode() after the inode has been removed from the radix tree), and we don't need nesting because we are only locking a single inode at a time. -Dave. -- Dave Chinner david@xxxxxxxxxxxxx