github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-07 05:55:44 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
84d8949e77
linux/fs/xfs
History
Brian Foster 84d8949e77 xfs: hold buffer across unpin and potential shutdown processing 
The special processing used to simulate a buffer I/O failure on fs
shutdown has a difficult to reproduce race that can result in a use
after free of the associated buffer. Consider a buffer that has been
committed to the on-disk log and thus is AIL resident. The buffer
lands on the writeback delwri queue, but is subsequently locked,
committed and pinned by another transaction before submitted for
I/O. At this point, the buffer is stuck on the delwri queue as it
cannot be submitted for I/O until it is unpinned. A log checkpoint
I/O failure occurs sometime later, which aborts the bli. The unpin
handler is called with the aborted log item, drops the bli reference
count, the pin count, and falls into the I/O failure simulation
path.

The potential problem here is that once the pin count falls to zero
in ->iop_unpin(), xfsaild is free to retry delwri submission of the
buffer at any time, before the unpin handler even completes. If
delwri queue submission wins the race to the buffer lock, it
observes the shutdown state and simulates the I/O failure itself.
This releases both the bli and delwri queue holds and frees the
buffer while xfs_buf_item_unpin() sits on xfs_buf_lock() waiting to
run through the same failure sequence. This problem is rare and
requires many iterations of fstest generic/019 (which simulates disk
I/O failures) to reproduce.

To avoid this problem, grab a hold on the buffer before the log item
is unpinned if the associated item has been aborted and will require
a simulated I/O failure. The hold is already required for the
simulated I/O failure, so the ordering simply guarantees the unpin
handler access to the buffer before it is unpinned and thus
processed by the AIL. This particular ordering is required so long
as the AIL does not acquire a reference on the bli, which is the
long term solution to this problem.

Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
2021-06-21 10:14:24 -07:00
..
libxfs xfs: xfs_log_force_lsn isn't passed a LSN 2021-06-21 10:12:33 -07:00
scrub xfs: initial agnumber -> perag conversions for shrink 2021-06-08 09:13:13 -07:00
Kconfig xfs: fix Kconfig asking about XFS_SUPPORT_V4 when XFS_FS=n 2020-10-16 15:34:28 -07:00
kmem.c xfs: remove kmem_realloc() 2020-09-06 18:05:51 -07:00
kmem.h xfs: Remove kmem_zalloc_large() 2020-09-15 20:52:41 -07:00
Makefile
mrlock.h
xfs_acl.c xfs: support idmapped mounts 2021-01-24 14:43:46 +01:00
xfs_acl.h fs: make helpers idmap mount aware 2021-01-24 14:27:20 +01:00
xfs_aops.c iomap: remove unused private field from ioend 2021-05-04 08:54:29 -07:00
xfs_aops.h
xfs_attr_inactive.c xfs: Add delay ready attr remove routines 2021-06-01 10:49:47 -07:00
xfs_attr_list.c xfs: rename and simplify xfs_bmap_one_block 2021-04-15 09:35:50 -07:00
xfs_bio_io.c xfs: async blkdev cache flush 2021-06-21 10:05:51 -07:00
xfs_bmap_item.c treewide: Change list_sort to use const pointers 2021-04-08 16:04:22 -07:00
xfs_bmap_item.h
xfs_bmap_util.c xfs: remove unnecessary shifts 2021-06-01 12:53:59 -07:00
xfs_bmap_util.h
xfs_buf_item_recover.c xfs: fix finobt btree block recovery ordering 2020-09-30 07:28:52 -07:00
xfs_buf_item.c xfs: hold buffer across unpin and potential shutdown processing 2021-06-21 10:14:24 -07:00
xfs_buf_item.h xfs: move the buffer retry logic to xfs_buf.c 2020-09-15 20:52:38 -07:00
xfs_buf.c xfs: remove xfs_blkdev_issue_flush 2021-06-21 10:05:46 -07:00
xfs_buf.h xfs: remove ->b_offset handling for page backed buffers 2021-06-07 11:49:50 +10:00
xfs_dir2_readdir.c xfs: remove XFS_IFINLINE 2021-04-15 09:35:51 -07:00
xfs_discard.c xfs: convert allocbt cursors to use perags 2021-06-02 10:48:24 +10:00
xfs_discard.h
xfs_dquot_item_recover.c xfs: rename the ondisk dquot d_flags to d_type 2020-07-28 20:24:14 -07:00
xfs_dquot_item.c xfs: xfs_log_force_lsn isn't passed a LSN 2021-06-21 10:12:33 -07:00
xfs_dquot_item.h
xfs_dquot.c xfs: move the XFS_IFEXTENTS check into xfs_iread_extents 2021-04-15 09:35:50 -07:00
xfs_dquot.h xfs: refactor default quota grace period setting code 2020-09-15 20:52:40 -07:00
xfs_error.c xfs: add error injection for per-AG resv failure 2021-03-25 16:47:53 -07:00
xfs_error.h
xfs_export.c xfs: delete duplicated words + other fixes 2020-08-05 08:49:58 -07:00
xfs_export.h
xfs_extent_busy.c xfs: pass perags through to the busy extent code 2021-06-02 10:48:24 +10:00
xfs_extent_busy.h xfs: pass perags through to the busy extent code 2021-06-02 10:48:24 +10:00
xfs_extfree_item.c treewide: Change list_sort to use const pointers 2021-04-08 16:04:22 -07:00
xfs_extfree_item.h
xfs_file.c xfs: xfs_log_force_lsn isn't passed a LSN 2021-06-21 10:12:33 -07:00
xfs_filestream.c xfs: move xfs_perag_get/put to xfs_ag.[ch] 2021-06-02 10:48:24 +10:00
xfs_filestream.h xfs: move the di_flags field to struct xfs_inode 2021-04-07 14:37:05 -07:00
xfs_fsmap.c xfs: remove agno from btree cursor 2021-06-02 10:48:24 +10:00
xfs_fsmap.h xfs: fix deadlock and streamline xfs_getfsmap performance 2020-10-07 08:40:29 -07:00
xfs_fsops.c xfs: shorten the shutdown messages to a single line 2021-06-21 10:14:13 -07:00
xfs_fsops.h xfs: get rid of xfs_growfs_{data,log}_t 2021-02-03 09:18:50 -08:00
xfs_globals.c xfs: consolidate the eofblocks and cowblocks workers 2021-02-03 09:18:49 -08:00
xfs_health.c xfs: drop IDONTCACHE on inodes when we mark them sick 2021-06-08 09:30:20 -07:00
xfs_icache.c xfs: fix type mismatches in the inode reclaim functions 2021-06-21 10:12:46 -07:00
xfs_icache.h xfs: fix type mismatches in the inode reclaim functions 2021-06-21 10:12:46 -07:00
xfs_icreate_item.c xfs: Remove kmem_zone_zalloc() usage 2020-07-28 20:24:14 -07:00
xfs_icreate_item.h
xfs_inode_item_recover.c xfs: rename struct xfs_legacy_ictimestamp 2021-04-22 18:29:25 -07:00
xfs_inode_item.c xfs: xfs_log_force_lsn isn't passed a LSN 2021-06-21 10:12:33 -07:00
xfs_inode_item.h xfs: xfs_log_force_lsn isn't passed a LSN 2021-06-21 10:12:33 -07:00
xfs_inode.c xfs: xfs_log_force_lsn isn't passed a LSN 2021-06-21 10:12:33 -07:00
xfs_inode.h xfs: get rid of xfs_dir_ialloc() 2021-06-02 10:48:24 +10:00
xfs_ioctl.c xfs: rename struct xfs_eofblocks to xfs_icwalk 2021-06-08 09:30:20 -07:00
xfs_ioctl.h xfs: convert to fileattr 2021-04-12 15:04:29 +02:00
xfs_ioctl32.c xfs: convert to fileattr 2021-04-12 15:04:29 +02:00
xfs_ioctl32.h xfs: convert to fileattr 2021-04-12 15:04:29 +02:00
xfs_iomap.c xfs: remove XFS_IFEXTENTS 2021-04-15 09:35:51 -07:00
xfs_iomap.h
xfs_iops.c xfs: clean up open-coded fs block unit conversions 2021-06-01 12:53:59 -07:00
xfs_iops.h xfs: support idmapped mounts 2021-01-24 14:43:46 +01:00
xfs_itable.c xfs: move the di_crtime field to struct xfs_inode 2021-04-07 14:37:05 -07:00
xfs_itable.h xfs: support idmapped mounts 2021-01-24 14:43:46 +01:00
xfs_iwalk.c xfs: use perag for ialloc btree cursors 2021-06-02 10:48:24 +10:00
xfs_iwalk.h
xfs_linux.h xfs: async blkdev cache flush 2021-06-21 10:05:51 -07:00
xfs_log_cil.c xfs: xfs_log_force_lsn isn't passed a LSN 2021-06-21 10:12:33 -07:00
xfs_log_priv.h xfs: add iclog state trace events 2021-06-21 10:12:38 -07:00
xfs_log_recover.c xfs: force the log offline when log intent item recovery fails 2021-06-21 10:14:24 -07:00
xfs_log.c xfs: force the log offline when log intent item recovery fails 2021-06-21 10:14:24 -07:00
xfs_log.h xfs: xfs_log_force_lsn isn't passed a LSN 2021-06-21 10:12:33 -07:00
xfs_message.c
xfs_message.h xfs: validate extsz hints against rt extent size when rtinherit is set 2021-05-24 18:01:04 -07:00
xfs_mount.c xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes 2021-06-21 10:14:24 -07:00
xfs_mount.h xfs: move perag structure and setup to libxfs/xfs_ag.[ch] 2021-06-02 10:48:24 +10:00
xfs_mru_cache.c xfs: set WQ_SYSFS on all workqueues in debug mode 2021-02-03 09:18:49 -08:00
xfs_mru_cache.h
xfs_ondisk.h xfs: rename struct xfs_legacy_ictimestamp 2021-04-22 18:29:25 -07:00
xfs_pnfs.c xfs: move the di_size field to struct xfs_inode 2021-04-07 14:37:03 -07:00
xfs_pnfs.h
xfs_pwork.c xfs: increase the default parallelism levels of pwork clients 2021-02-03 09:18:49 -08:00
xfs_pwork.h xfs: increase the default parallelism levels of pwork clients 2021-02-03 09:18:49 -08:00
xfs_qm_bhv.c xfs: move the di_projid field to struct xfs_inode 2021-04-07 14:37:03 -07:00
xfs_qm_syscalls.c xfs: move the quotaoff dqrele inode walk into xfs_icache.c 2021-06-03 15:56:02 -07:00
xfs_qm.c xfs: get rid of xfs_dir_ialloc() 2021-06-02 10:48:24 +10:00
xfs_qm.h xfs: move the quotaoff dqrele inode walk into xfs_icache.c 2021-06-03 15:56:02 -07:00
xfs_quota.h xfs: remove xfs_qm_vop_chown_reserve 2021-02-03 09:18:49 -08:00
xfs_quotaops.c xfs: move the di_nblocks field to struct xfs_inode 2021-04-07 14:37:03 -07:00
xfs_refcount_item.c treewide: Change list_sort to use const pointers 2021-04-08 16:04:22 -07:00
xfs_refcount_item.h
xfs_reflink.c xfs: convert refcount btree cursor to use perags 2021-06-02 10:48:24 +10:00
xfs_reflink.h xfs: move helpers that lock and unlock two inodes against userspace IO 2020-07-06 10:46:57 -07:00
xfs_rmap_item.c treewide: Change list_sort to use const pointers 2021-04-08 16:04:22 -07:00
xfs_rmap_item.h
xfs_rtalloc.c xfs: move the di_flags field to struct xfs_inode 2021-04-07 14:37:05 -07:00
xfs_rtalloc.h xfs: remove xfs_buf_t typedef 2020-12-16 16:07:34 -08:00
xfs_stats.c xfs: periodically relog deferred intent items 2020-10-07 08:40:28 -07:00
xfs_stats.h xfs: periodically relog deferred intent items 2020-10-07 08:40:28 -07:00
xfs_super.c xfs: remove xfs_blkdev_issue_flush 2021-06-21 10:05:46 -07:00
xfs_super.h xfs: remove xfs_blkdev_issue_flush 2021-06-21 10:05:46 -07:00
xfs_symlink.c xfs: get rid of xfs_dir_ialloc() 2021-06-02 10:48:24 +10:00
xfs_symlink.h xfs: support idmapped mounts 2021-01-24 14:43:46 +01:00
xfs_sysctl.c xfs: restore speculative_cow_prealloc_lifetime sysctl 2021-02-24 10:16:08 -08:00
xfs_sysctl.h xfs: consolidate the eofblocks and cowblocks workers 2021-02-03 09:18:49 -08:00
xfs_sysfs.c
xfs_sysfs.h xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init 2020-08-07 11:50:17 -07:00
xfs_trace.c xfs: move perag structure and setup to libxfs/xfs_ag.[ch] 2021-06-02 10:48:24 +10:00
xfs_trace.h xfs: fix type mismatches in the inode reclaim functions 2021-06-21 10:12:46 -07:00
xfs_trans_ail.c xfs: delete duplicated words + other fixes 2020-08-05 08:49:58 -07:00
xfs_trans_buf.c xfs: remove xfs_buf_t typedef 2020-12-16 16:07:34 -08:00
xfs_trans_dquot.c xfs: shut down the filesystem if we screw up quota reservation 2021-02-03 09:18:49 -08:00
xfs_trans_priv.h
xfs_trans.c xfs: xfs_log_force_lsn isn't passed a LSN 2021-06-21 10:12:33 -07:00
xfs_trans.h xfs: xfs_log_force_lsn isn't passed a LSN 2021-06-21 10:12:33 -07:00
xfs_xattr.c xfs: prevent metadata files from being inactivated 2021-03-25 16:47:50 -07:00
xfs.h