All of
 help / color / mirror / Atom feed
From: "Theodore Y. Ts'o" <>
To: Linux Filesystem Development List <>,, Andrew Morton <>
Subject: Re: [PATCH -v2] memcg: fix a crash in wb_workfn when a device disappears
Date: Fri, 3 Jan 2020 12:15:17 -0500	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>

On Fri, Dec 27, 2019 at 07:52:11PM -0500, Theodore Ts'o wrote:
> Without memcg, there is a one-to-one mapping between the bdi and
> bdi_writeback structures.  In this world, things are fairly
> straightforward; the first thing bdi_unregister() does is to shutdown
> the bdi_writeback structure (or wb), and part of that writeback
> ensures that no other work queued against the wb, and that the wb is
> fully drained.
> With memcg, however, there is a one-to-many relationship between the
> bdi and bdi_writeback structures; that is, there are multiple wb
> objects which can all point to a single bdi.  There is a refcount
> which prevents the bdi object from being released (and hence,
> unregistered).  So in theory, the bdi_unregister() *should* only get
> called once its refcount goes to zero (bdi_put will drop the refcount,
> and when it is zero, release_bdi gets called, which calls
> bdi_unregister).
> Unfortunately, del_gendisk() in block/gen_hd.c never got the memo
> about the Brave New memcg World, and calls bdi_unregister directly.
> It does this without informing the file system, or the memcg code, or
> anything else.  This causes the root wb associated with the bdi to be
> unregistered, but none of the memcg-specific wb's are shutdown.  So when
> one of these wb's are woken up to do delayed work, they try to
> dereference their wb->bdi->dev to fetch the device name, but
> unfortunately bdi->dev is now NULL, thanks to the bdi_unregister()
> called by del_gendisk().   As a result, *boom*.
> Fortunately, it looks like the rest of the writeback path is perfectly
> happy with bdi->dev and bdi->owner being NULL, so the simplest fix is
> to create a bdi_dev_name() function which can handle bdi->dev being
> NULL.  This also allows us to bulletproof the writeback tracepoints to
> prevent them from dereferencing a NULL pointer and crashing the kernel
> if one is tracing with memcg's enabled, and an iSCSI device dies or a
> USB storage stick is pulled.
> Previous-Version-Link:
> Google-Bug-Id: 145475544
> Tested: fs smoke test
> Signed-off-by: Theodore Ts'o <>
> ---
> Notes:
>     v2: add #include for linux/device.h
>  fs/fs-writeback.c                |  2 +-
>  include/linux/backing-dev.h      | 10 +++++++++
>  include/trace/events/writeback.h | 37 +++++++++++++++-----------------
>  mm/backing-dev.c                 |  1 +
>  4 files changed, 29 insertions(+), 21 deletions(-)


Any comments?  Any objections if I carry this patch[1] in the ext4
tree?  Or would it be better for Andrew to carry it in the linux-mm


						- Ted

  reply	other threads:[~2020-01-03 17:15 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-27 19:48 [PATCH] " Theodore Ts'o
2019-12-27 20:31 ` Theodore Ts'o
2019-12-27 21:16 ` kbuild test robot
2019-12-27 21:16   ` kbuild test robot
2019-12-27 21:19   ` Theodore Y. Ts'o
2019-12-27 21:19     ` Theodore Y. Ts'o
2019-12-27 22:32 ` kbuild test robot
2019-12-27 22:32   ` kbuild test robot
2019-12-28  0:52 ` [PATCH -v2] " Theodore Ts'o
2020-01-03 17:15   ` Theodore Y. Ts'o [this message]
2020-01-03 17:46     ` Chris Mason
2020-01-07 23:33   ` Andrew Morton
2020-01-08  2:12     ` Theodore Y. Ts'o

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \
    --subject='Re: [PATCH -v2] memcg: fix a crash in wb_workfn when a device disappears' \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.