On Mon 04-01-21 16:54:40, Eric Biggers wrote: > From: Eric Biggers > > When lazytime is enabled and an inode with dirty timestamps is being > expired, either due to dirtytime_expire_interval being exceeded or due > to a sync or syncfs system call, we need to inform the filesystem that > the inode is dirty so that the inode's timestamps can be copied out to > the on-disk data structures. That's because if the filesystem supports > lazytime, it will have ignored the ->dirty_inode(inode, I_DIRTY_TIME) > notification when the timestamp was modified in memory. > > Currently this is accomplished by calling mark_inode_dirty_sync() from > __writeback_single_inode(). However, this has the unfortunate side > effect of also putting the inode the writeback list. That's not > appropriate in this case, since the inode is already being written. > > That causes the inode to remain dirty after a sync. Normally that's > just wasteful, as it causes the inode to be written twice. But when > fscrypt is used this bug also partially breaks the > FS_IOC_REMOVE_ENCRYPTION_KEY ioctl, as the ioctl reports that files are > still in-use when they aren't. For more details, see the original > report at https://lore.kernel.org/r/20200306004555.GB225345@gmail.com > > Fix this by calling ->dirty_inode(inode, I_DIRTY_SYNC) directly instead > of mark_inode_dirty_sync(). > > This fixes xfstest generic/580 when lazytime is enabled. > > A later patch will introduce a ->lazytime_expired method to cleanly > separate out the lazytime expiration case, in particular for XFS which > uses the VFS-level dirtiness tracking only for lazytime. But that's > separate from fixing this bug. Also, note that XFS will incorrectly > ignore the I_DIRTY_SYNC notification from __writeback_single_inode() > both before and after this patch, as I_DIRTY_TIME was already cleared in > i_state. Later patches will fix this separate bug. > > Fixes: 0ae45f63d4ef ("vfs: add support for a lazytime mount option") > Cc: stable@vger.kernel.org > Signed-off-by: Eric Biggers Good catch! It could also cause issues with filesystem freezing which kind of assumes that the filesystem will be clean after sync_filesystem() (otherwise writeback threads can get stalled on frozen filesystem while holding some locks and generally the system behavior becomes kind of awkward). > diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c > index acfb55834af23..081e335cdee47 100644 > --- a/fs/fs-writeback.c > +++ b/fs/fs-writeback.c > @@ -1509,11 +1509,22 @@ __writeback_single_inode(struct inode *inode, struct writeback_control *wbc) > > spin_unlock(&inode->i_lock); > > - if (dirty & I_DIRTY_TIME) > - mark_inode_dirty_sync(inode); > /* Don't write the inode if only I_DIRTY_PAGES was set */ > if (dirty & ~I_DIRTY_PAGES) { > - int err = write_inode(inode, wbc); > + int err; > + > + /* > + * If the inode is being written due to a lazytime timestamp > + * expiration, then the filesystem needs to be notified about it > + * so that e.g. the filesystem can update on-disk fields and > + * journal the timestamp update. Just calling write_inode() > + * isn't enough. Don't call mark_inode_dirty_sync(), as that > + * would put the inode back on the dirty list. > + */ > + if ((dirty & I_DIRTY_TIME) && inode->i_sb->s_op->dirty_inode) > + inode->i_sb->s_op->dirty_inode(inode, I_DIRTY_SYNC); > + > + err = write_inode(inode, wbc); > if (ret == 0) > ret = err; > } I have to say I dislike this special call of ->dirty_inode(). It works but it makes me wonder, didn't we forget about something or won't we forget in the future? Because it's very easy to miss this special case... I think attached patch (compile-tested only) should actually fix the problem as well without this special ->dirty_inode() call. It basically only moves the mark_inode_dirty_sync() before inode->i_state clearing. Because conceptually mark_inode_dirty_sync() is IMO the right function to call. It will take care of clearing I_DIRTY_TIME flag (because we are setting I_DIRTY_SYNC), it will also not touch inode->i_io_list if the inode is queued for sync (I_SYNC_QUEUED is set in that case). The only problem with calling it was that it was called *after* clearing dirty bits from i_state... What do you think? Honza -- Jan Kara SUSE Labs, CR