Re: [PATCH 0/4 v2] BDI lifetime fix

[Jan Kara <jack@suse.cz>]

On Mon 06-02-17 13:26:53, Thiago Jung Bauermann wrote:
> Am Montag, 6. Februar 2017, 12:48:42 BRST schrieb Thiago Jung Bauermann:
> > 216 static inline void wb_get(struct bdi_writeback *wb)
> > 217 {
> > 218         if (wb != &wb->bdi->wb)
> > 219                 percpu_ref_get(&wb->refcnt);
> > 220 }
> > 
> > So it looks like wb->bdi is NULL.
> 
> Sorry, looking a little deeper, it's actually wb which is NULL:
> 
> ./include/linux/backing-dev.h:
> 371             return inode->i_wb;
>    0xc00000000037999c <+76>:    ld      r31,256(r29)
> 
> ./include/linux/backing-dev-defs.h:
> 218             if (wb != &wb->bdi->wb)
>    0xc0000000003799a0 <+80>:    ld      r9,0(r31)
>    0xc0000000003799a4 <+84>:    addi    r9,r9,88
>    0xc0000000003799a8 <+88>:    cmpld   cr7,r31,r9
>    0xc0000000003799ac <+92>:    beq     cr7,0xc0000000003799e0 
> <locked_inode_to_wb_and_lock_list+144>
> 
> We can see above that inode->i_wb is in r31, and the machine crashed at 
> 0xc0000000003799a0 so it was trying to dereference wb and crashed.
> r31 is NULL in the crash information.

Thanks for report and the analysis. After some looking into the code I see
where the problem is. Writeback code assumes inode->i_wb can never become
invalid once it is set however we still call inode_detach_wb() from
__blkdev_put(). So in a way this is a different problem but closely
related.

It seems to me that instead of calling inode_detach_wb() in __blkdev_put()
we may just switch blkdev inode to bdi->wb (it is now guaranteed to stay
around). That way bdi_unregister() can complete (destroying all writeback
structures except for bdi->wb) while block device inode can still live with
a valid i_wb structure.

CCed Tejun who is more familar with this code to verify my thoughts.

								Honza
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR