From: Roman Gushchin <guro@fb.com> To: Andrew Morton <akpm@linux-foundation.org>, Tejun Heo <tj@kernel.org> Cc: <linux-fsdevel@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <linux-mm@kvack.org>, Alexander Viro <viro@zeniv.linux.org.uk>, Jan Kara <jack@suse.cz>, Dennis Zhou <dennis@kernel.org>, Dave Chinner <dchinner@redhat.com>, <cgroups@vger.kernel.org>, Roman Gushchin <guro@fb.com> Subject: [PATCH v9 2/8] writeback, cgroup: add smp_mb() to cgroup_writeback_umount() Date: Tue, 8 Jun 2021 16:02:19 -0700 [thread overview] Message-ID: <20210608230225.2078447-3-guro@fb.com> (raw) In-Reply-To: <20210608230225.2078447-1-guro@fb.com> A full memory barrier is required between clearing SB_ACTIVE flag in generic_shutdown_super() and checking isw_nr_in_flight in cgroup_writeback_umount(), otherwise a new switch operation might be scheduled after atomic_read(&isw_nr_in_flight) returned 0. This would result in a non-flushed isw_wq, and a potential crash. The problem hasn't yet been seen in the real life and was discovered by Jan Kara by looking into the code. Suggested-by: Jan Kara <jack@suse.cz> Signed-off-by: Roman Gushchin <guro@fb.com> Reviewed-by: Jan Kara <jack@suse.cz> --- fs/fs-writeback.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c index 7d2891d7ac12..b6fc13a4962d 100644 --- a/fs/fs-writeback.c +++ b/fs/fs-writeback.c @@ -1000,6 +1000,12 @@ int cgroup_writeback_by_id(u64 bdi_id, int memcg_id, unsigned long nr, */ void cgroup_writeback_umount(void) { + /* + * SB_ACTIVE should be reliably cleared before checking + * isw_nr_in_flight, see generic_shutdown_super(). + */ + smp_mb(); + if (atomic_read(&isw_nr_in_flight)) { /* * Use rcu_barrier() to wait for all pending callbacks to -- 2.31.1
WARNING: multiple messages have this Message-ID (diff)
From: Roman Gushchin <guro@fb.com> To: Andrew Morton <akpm@linux-foundation.org>, Tejun Heo <tj@kernel.org> Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, Alexander Viro <viro@zeniv.linux.org.uk>, Jan Kara <jack@suse.cz>, Dennis Zhou <dennis@kernel.org>, Dave Chinner <dchinner@redhat.com>, cgroups@vger.kernel.org, Roman Gushchin <guro@fb.com> Subject: [PATCH v9 2/8] writeback, cgroup: add smp_mb() to cgroup_writeback_umount() Date: Tue, 8 Jun 2021 16:02:19 -0700 [thread overview] Message-ID: <20210608230225.2078447-3-guro@fb.com> (raw) In-Reply-To: <20210608230225.2078447-1-guro@fb.com> A full memory barrier is required between clearing SB_ACTIVE flag in generic_shutdown_super() and checking isw_nr_in_flight in cgroup_writeback_umount(), otherwise a new switch operation might be scheduled after atomic_read(&isw_nr_in_flight) returned 0. This would result in a non-flushed isw_wq, and a potential crash. The problem hasn't yet been seen in the real life and was discovered by Jan Kara by looking into the code. Suggested-by: Jan Kara <jack@suse.cz> Signed-off-by: Roman Gushchin <guro@fb.com> Reviewed-by: Jan Kara <jack@suse.cz> --- fs/fs-writeback.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c index 7d2891d7ac12..b6fc13a4962d 100644 --- a/fs/fs-writeback.c +++ b/fs/fs-writeback.c @@ -1000,6 +1000,12 @@ int cgroup_writeback_by_id(u64 bdi_id, int memcg_id, unsigned long nr, */ void cgroup_writeback_umount(void) { + /* + * SB_ACTIVE should be reliably cleared before checking + * isw_nr_in_flight, see generic_shutdown_super(). + */ + smp_mb(); + if (atomic_read(&isw_nr_in_flight)) { /* * Use rcu_barrier() to wait for all pending callbacks to -- 2.31.1
next prev parent reply other threads:[~2021-06-08 23:04 UTC|newest] Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-06-08 23:02 [PATCH v9 0/8] cgroup, blkcg: prevent dirty inodes to pin dying memory cgroups Roman Gushchin 2021-06-08 23:02 ` Roman Gushchin 2021-06-08 23:02 ` [PATCH v9 1/8] writeback, cgroup: do not switch inodes with I_WILL_FREE flag Roman Gushchin 2021-06-08 23:02 ` Roman Gushchin 2021-06-08 23:02 ` Roman Gushchin [this message] 2021-06-08 23:02 ` [PATCH v9 2/8] writeback, cgroup: add smp_mb() to cgroup_writeback_umount() Roman Gushchin 2021-06-08 23:02 ` [PATCH v9 3/8] writeback, cgroup: increment isw_nr_in_flight before grabbing an inode Roman Gushchin 2021-06-08 23:02 ` Roman Gushchin 2021-06-09 3:32 ` Ming Lei 2021-06-10 0:21 ` Roman Gushchin 2021-06-10 0:21 ` Roman Gushchin 2021-06-10 6:57 ` Ming Lei 2021-06-10 6:57 ` Ming Lei 2021-06-08 23:02 ` [PATCH v9 4/8] writeback, cgroup: switch to rcu_work API in inode_switch_wbs() Roman Gushchin 2021-06-08 23:02 ` Roman Gushchin 2021-06-08 23:02 ` [PATCH v9 5/8] writeback, cgroup: keep list of inodes attached to bdi_writeback Roman Gushchin 2021-06-08 23:02 ` Roman Gushchin 2021-06-08 23:02 ` [PATCH v9 6/8] writeback, cgroup: split out the functional part of inode_switch_wbs_work_fn() Roman Gushchin 2021-06-08 23:02 ` Roman Gushchin 2021-06-08 23:02 ` [PATCH v9 7/8] writeback, cgroup: support switching multiple inodes at once Roman Gushchin 2021-06-08 23:02 ` Roman Gushchin 2021-06-08 23:02 ` [PATCH v9 8/8] writeback, cgroup: release dying cgwbs by switching attached inodes Roman Gushchin 2021-06-08 23:02 ` Roman Gushchin 2021-06-09 0:12 ` Andrew Morton 2021-06-09 0:12 ` Andrew Morton 2021-06-09 0:23 ` Roman Gushchin 2021-06-09 0:23 ` Roman Gushchin 2021-06-09 0:37 ` Dennis Zhou 2021-06-09 0:37 ` Dennis Zhou 2021-06-09 5:34 ` Andrew Morton 2021-06-09 5:34 ` Andrew Morton 2021-06-09 19:53 ` Roman Gushchin 2021-06-09 19:53 ` Roman Gushchin
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20210608230225.2078447-3-guro@fb.com \ --to=guro@fb.com \ --cc=akpm@linux-foundation.org \ --cc=cgroups@vger.kernel.org \ --cc=dchinner@redhat.com \ --cc=dennis@kernel.org \ --cc=jack@suse.cz \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-mm@kvack.org \ --cc=tj@kernel.org \ --cc=viro@zeniv.linux.org.uk \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.