From: Joseph Qi <joseph.qi@linux.alibaba.com>
To: Gautham Ananthakrishna <gautham.ananthakrishna@oracle.com>,
ocfs2-devel@oss.oracle.com
Cc: rajesh.sivaramasubramaniom@oracle.com
Subject: Re: [Ocfs2-devel] [PATCH RFC 1/1] ocfs2: race between searching chunks and release journal_head from buffer_head
Date: Fri, 8 Oct 2021 14:39:48 +0800 [thread overview]
Message-ID: <af8792a6-cb2a-b529-1262-b0254b407018@linux.alibaba.com> (raw)
In-Reply-To: <1633434852-26662-1-git-send-email-gautham.ananthakrishna@oracle.com>
Hi Gautham,
On 10/5/21 7:54 PM, Gautham Ananthakrishna wrote:
> Encountered a race between ocfs2_test_bg_bit_allocatable() and
> jbd2_journal_put_journal_head() resulting in the below vmcore.
>
> PID: 106879 TASK: ffff880244ba9c00 CPU: 2 COMMAND: "loop3"
> 0 [ffff8802435ff1c0] panic at ffffffff816ed175
> 1 [ffff8802435ff240] oops_end at ffffffff8101a7c9
> 2 [ffff8802435ff270] no_context at ffffffff8106eccf
> 3 [ffff8802435ff2e0] __bad_area_nosemaphore at ffffffff8106ef9d
> 4 [ffff8802435ff330] bad_area_nosemaphore at ffffffff8106f143
> 5 [ffff8802435ff340] __do_page_fault at ffffffff8106f80b
> 6 [ffff8802435ff3a0] do_page_fault at ffffffff8106fc2f
> 7 [ffff8802435ff3e0] page_fault at ffffffff816fd667
> [exception RIP: ocfs2_block_group_find_clear_bits+316]
> RIP: ffffffffc11ef6fc RSP: ffff8802435ff498 RFLAGS: 00010206
> RAX: 0000000000003918 RBX: 0000000000000001 RCX: 0000000000000018
> RDX: 0000000000003918 RSI: 0000000000000000 RDI: ffff880060194040
> RBP: ffff8802435ff4f8 R8: ffffffffff000000 R9: ffffffffffffffff
> R10: ffff8802435ff730 R11: ffff8802a94e5800 R12: 0000000000000007
> R13: 0000000000007e00 R14: 0000000000003918 R15: ffff88017c973a28
> ORIG_RAX: ffffffffffffffff CS: e030 SS: e02b
> 8 [ffff8802435ff490] ocfs2_block_group_find_clear_bits at ffffffffc11ef680 [ocfs2]
> 9 [ffff8802435ff500] ocfs2_cluster_group_search at ffffffffc11ef916 [ocfs2]
> 10 [ffff8802435ff580] ocfs2_search_chain at ffffffffc11f0fb6 [ocfs2]
> 11 [ffff8802435ff660] ocfs2_claim_suballoc_bits at ffffffffc11f1b1b [ocfs2]
> 12 [ffff8802435ff6f0] __ocfs2_claim_clusters at ffffffffc11f32cb [ocfs2]
> 13 [ffff8802435ff770] ocfs2_claim_clusters at ffffffffc11f5caf [ocfs2]
> 14 [ffff8802435ff780] ocfs2_local_alloc_slide_window at ffffffffc11cc0db [ocfs2]
> 15 [ffff8802435ff820] ocfs2_reserve_local_alloc_bits at ffffffffc11ce53f [ocfs2]
> 16 [ffff8802435ff890] ocfs2_reserve_clusters_with_limit at ffffffffc11f59b5 [ocfs2]
> 17 [ffff8802435ff8e0] ocfs2_reserve_clusters at ffffffffc11f5c88 [ocfs2]
> 18 [ffff8802435ff8f0] ocfs2_lock_refcount_allocators at ffffffffc11dc169 [ocfs2]
> 19 [ffff8802435ff960] ocfs2_make_clusters_writable at ffffffffc11e4274 [ocfs2]
> 20 [ffff8802435ffa50] ocfs2_replace_cow at ffffffffc11e4df1 [ocfs2]
> 21 [ffff8802435ffac0] ocfs2_refcount_cow at ffffffffc11e54b1 [ocfs2]
> 22 [ffff8802435ffb80] ocfs2_file_write_iter at ffffffffc11bf8f4 [ocfs2]
> 23 [ffff8802435ffcd0] lo_rw_aio at ffffffff814a1b5d
> 24 [ffff8802435ffd80] loop_queue_work at ffffffff814a2802
> 25 [ffff8802435ffe60] kthread_worker_fn at ffffffff810a80d2
> 26 [ffff8802435ffec0] kthread at ffffffff810a7afb
> 27 [ffff8802435fff50] ret_from_fork at ffffffff816f7da1
>
> When ocfs2_test_bg_bit_allocatable() called bh2jh(bg_bh), the bg_bh->b_private
> NULL as jbd2_journal_put_journal_head() raced and released the jounal head
> from the buffer head. Needed to take bit lock for the bit 'BH_JournalHead'
> to fix this race.
>
> Signed-off-by: Gautham Ananthakrishna <gautham.ananthakrishna@oracle.com>
> ---
> fs/ocfs2/suballoc.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/fs/ocfs2/suballoc.c b/fs/ocfs2/suballoc.c
> index 8521942..0e4e11b 100644
> --- a/fs/ocfs2/suballoc.c
> +++ b/fs/ocfs2/suballoc.c
> @@ -1256,8 +1256,11 @@ static int ocfs2_test_bg_bit_allocatable(struct buffer_head *bg_bh,
> if (ocfs2_test_bit(nr, (unsigned long *)bg->bg_bitmap))
> return 0;
>
> - if (!buffer_jbd(bg_bh))
> + jbd_lock_bh_journal_head(bg_bh);
> + if (!buffer_jbd(bg_bh)){
> + jbd_unlock_bh_journal_head(bg_bh);
> return 1;
> + }
Seems !buffer_jbd() case we don't have to lock bit BH_JournalHead.
Thanks,
Joseph
>
> jh = bh2jh(bg_bh);
> spin_lock(&jh->b_state_lock);
> @@ -1267,6 +1270,7 @@ static int ocfs2_test_bg_bit_allocatable(struct buffer_head *bg_bh,
> else
> ret = 1;
> spin_unlock(&jh->b_state_lock);
> + jbd_unlock_bh_journal_head(bg_bh);
>
> return ret;
> }
>
_______________________________________________
Ocfs2-devel mailing list
Ocfs2-devel@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/ocfs2-devel
next prev parent reply other threads:[~2021-10-08 6:43 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-05 11:54 [Ocfs2-devel] [PATCH RFC 1/1] ocfs2: race between searching chunks and release journal_head from buffer_head Gautham Ananthakrishna
2021-10-08 6:39 ` Joseph Qi [this message]
2021-10-13 4:08 ` Gautham Ananthakrishna
2021-10-13 8:08 ` Joseph Qi
2021-10-19 14:14 ` Gautham Ananthakrishna
-- strict thread matches above, loose matches on Subject: below --
2021-09-30 6:57 Gautham Ananthakrishna
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=af8792a6-cb2a-b529-1262-b0254b407018@linux.alibaba.com \
--to=joseph.qi@linux.alibaba.com \
--cc=gautham.ananthakrishna@oracle.com \
--cc=ocfs2-devel@oss.oracle.com \
--cc=rajesh.sivaramasubramaniom@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.