From: Zhihao Cheng <chengzhihao1@huawei.com> To: <richard@nod.at>, <miquel.raynal@bootlin.com>, <vigneshr@ti.com>, <mcoquelin.stm32@gmail.com>, <kirill.shutemov@linux.intel.com>, <s.hauer@pengutronix.de> Cc: <linux-mtd@lists.infradead.org>, <linux-kernel@vger.kernel.org> Subject: [PATCH v6 14/15] ubifs: ubifs_releasepage: Remove ubifs_assert(0) to valid this process Date: Mon, 27 Dec 2021 11:22:45 +0800 [thread overview] Message-ID: <20211227032246.2886878-15-chengzhihao1@huawei.com> (raw) In-Reply-To: <20211227032246.2886878-1-chengzhihao1@huawei.com> There are two states for ubifs writing pages: 1. Dirty, Private 2. Not Dirty, Not Private The normal process cannot go to ubifs_releasepage() which means there exists pages being private but not dirty. Reproducer[1] shows that it could occur (which maybe related to [2]) with following process: PA PB PC lock(page)[PA] ubifs_write_end attach_page_private // set Private __set_page_dirty_nobuffers // set Dirty unlock(page) write_cache_pages[PA] lock(page) clear_page_dirty_for_io(page) // clear Dirty ubifs_writepage do_truncation[PB] truncate_setsize i_size_write(inode, newsize) // newsize = 0 i_size = i_size_read(inode) // i_size = 0 end_index = i_size >> PAGE_SHIFT if (page->index > end_index) goto out // jump out: unlock(page) // Private, Not Dirty generic_fadvise[PC] lock(page) invalidate_inode_page try_to_release_page ubifs_releasepage ubifs_assert(c, 0) // bad assertion! unlock(page) truncate_pagecache[PB] Then we may get following assertion failed: UBIFS error (ubi0:0 pid 1683): ubifs_assert_failed [ubifs]: UBIFS assert failed: 0, in fs/ubifs/file.c:1513 UBIFS warning (ubi0:0 pid 1683): ubifs_ro_mode [ubifs]: switched to read-only mode, error -22 CPU: 2 PID: 1683 Comm: aa Not tainted 5.16.0-rc5-00184-g0bca5994cacc-dirty #308 Call Trace: dump_stack+0x13/0x1b ubifs_ro_mode+0x54/0x60 [ubifs] ubifs_assert_failed+0x4b/0x80 [ubifs] ubifs_releasepage+0x67/0x1d0 [ubifs] try_to_release_page+0x57/0xe0 invalidate_inode_page+0xfb/0x130 __invalidate_mapping_pages+0xb9/0x280 invalidate_mapping_pagevec+0x12/0x20 generic_fadvise+0x303/0x3c0 ksys_fadvise64_64+0x4c/0xb0 [1] https://bugzilla.kernel.org/show_bug.cgi?id=215373 [2] https://linux-mtd.infradead.narkive.com/NQoBeT1u/patch-rfc-ubifs-fix-assert-failed-in-ubifs-set-page-dirty Fixes: 1e51764a3c2ac0 ("UBIFS: add new flash file system") Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> --- fs/ubifs/file.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/fs/ubifs/file.c b/fs/ubifs/file.c index 7cc2abcb70ae..4bafcb80d29c 100644 --- a/fs/ubifs/file.c +++ b/fs/ubifs/file.c @@ -1494,14 +1494,23 @@ static int ubifs_releasepage(struct page *page, gfp_t unused_gfp_flags) struct inode *inode = page->mapping->host; struct ubifs_info *c = inode->i_sb->s_fs_info; - /* - * An attempt to release a dirty page without budgeting for it - should - * not happen. - */ if (PageWriteback(page)) return 0; + + /* + * Page is private but not dirty, weird? There is one condition + * making it happened. ubifs_writepage skipped the page because + * page index beyonds isize (for example. truncated by other + * process named A), then the page is invalidated by fadvise64 + * syscall before being truncated by process A. + */ ubifs_assert(c, PagePrivate(page)); - ubifs_assert(c, 0); + if (PageChecked(page)) + release_new_page_budget(c); + else + release_existing_page_budget(c); + + atomic_long_dec(&c->dirty_pg_cnt); detach_page_private(page); ClearPageChecked(page); return 1; -- 2.31.1
WARNING: multiple messages have this Message-ID (diff)
From: Zhihao Cheng <chengzhihao1@huawei.com> To: <richard@nod.at>, <miquel.raynal@bootlin.com>, <vigneshr@ti.com>, <mcoquelin.stm32@gmail.com>, <kirill.shutemov@linux.intel.com>, <s.hauer@pengutronix.de> Cc: <linux-mtd@lists.infradead.org>, <linux-kernel@vger.kernel.org> Subject: [PATCH v6 14/15] ubifs: ubifs_releasepage: Remove ubifs_assert(0) to valid this process Date: Mon, 27 Dec 2021 11:22:45 +0800 [thread overview] Message-ID: <20211227032246.2886878-15-chengzhihao1@huawei.com> (raw) In-Reply-To: <20211227032246.2886878-1-chengzhihao1@huawei.com> There are two states for ubifs writing pages: 1. Dirty, Private 2. Not Dirty, Not Private The normal process cannot go to ubifs_releasepage() which means there exists pages being private but not dirty. Reproducer[1] shows that it could occur (which maybe related to [2]) with following process: PA PB PC lock(page)[PA] ubifs_write_end attach_page_private // set Private __set_page_dirty_nobuffers // set Dirty unlock(page) write_cache_pages[PA] lock(page) clear_page_dirty_for_io(page) // clear Dirty ubifs_writepage do_truncation[PB] truncate_setsize i_size_write(inode, newsize) // newsize = 0 i_size = i_size_read(inode) // i_size = 0 end_index = i_size >> PAGE_SHIFT if (page->index > end_index) goto out // jump out: unlock(page) // Private, Not Dirty generic_fadvise[PC] lock(page) invalidate_inode_page try_to_release_page ubifs_releasepage ubifs_assert(c, 0) // bad assertion! unlock(page) truncate_pagecache[PB] Then we may get following assertion failed: UBIFS error (ubi0:0 pid 1683): ubifs_assert_failed [ubifs]: UBIFS assert failed: 0, in fs/ubifs/file.c:1513 UBIFS warning (ubi0:0 pid 1683): ubifs_ro_mode [ubifs]: switched to read-only mode, error -22 CPU: 2 PID: 1683 Comm: aa Not tainted 5.16.0-rc5-00184-g0bca5994cacc-dirty #308 Call Trace: dump_stack+0x13/0x1b ubifs_ro_mode+0x54/0x60 [ubifs] ubifs_assert_failed+0x4b/0x80 [ubifs] ubifs_releasepage+0x67/0x1d0 [ubifs] try_to_release_page+0x57/0xe0 invalidate_inode_page+0xfb/0x130 __invalidate_mapping_pages+0xb9/0x280 invalidate_mapping_pagevec+0x12/0x20 generic_fadvise+0x303/0x3c0 ksys_fadvise64_64+0x4c/0xb0 [1] https://bugzilla.kernel.org/show_bug.cgi?id=215373 [2] https://linux-mtd.infradead.narkive.com/NQoBeT1u/patch-rfc-ubifs-fix-assert-failed-in-ubifs-set-page-dirty Fixes: 1e51764a3c2ac0 ("UBIFS: add new flash file system") Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> --- fs/ubifs/file.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/fs/ubifs/file.c b/fs/ubifs/file.c index 7cc2abcb70ae..4bafcb80d29c 100644 --- a/fs/ubifs/file.c +++ b/fs/ubifs/file.c @@ -1494,14 +1494,23 @@ static int ubifs_releasepage(struct page *page, gfp_t unused_gfp_flags) struct inode *inode = page->mapping->host; struct ubifs_info *c = inode->i_sb->s_fs_info; - /* - * An attempt to release a dirty page without budgeting for it - should - * not happen. - */ if (PageWriteback(page)) return 0; + + /* + * Page is private but not dirty, weird? There is one condition + * making it happened. ubifs_writepage skipped the page because + * page index beyonds isize (for example. truncated by other + * process named A), then the page is invalidated by fadvise64 + * syscall before being truncated by process A. + */ ubifs_assert(c, PagePrivate(page)); - ubifs_assert(c, 0); + if (PageChecked(page)) + release_new_page_budget(c); + else + release_existing_page_budget(c); + + atomic_long_dec(&c->dirty_pg_cnt); detach_page_private(page); ClearPageChecked(page); return 1; -- 2.31.1 ______________________________________________________ Linux MTD discussion mailing list http://lists.infradead.org/mailman/listinfo/linux-mtd/
next prev parent reply other threads:[~2021-12-27 3:12 UTC|newest] Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-12-27 3:22 [PATCH v6 00/15] Some bugfixs for ubi/ubifs Zhihao Cheng 2021-12-27 3:22 ` Zhihao Cheng 2021-12-27 3:22 ` [PATCH v6 01/15] ubifs: rename_whiteout: Fix double free for whiteout_ui->data Zhihao Cheng 2021-12-27 3:22 ` Zhihao Cheng 2021-12-27 3:22 ` [PATCH v6 02/15] ubifs: Fix deadlock in concurrent rename whiteout and inode writeback Zhihao Cheng 2021-12-27 3:22 ` Zhihao Cheng 2021-12-27 3:22 ` [PATCH v6 03/15] ubifs: Fix wrong number of inodes locked by ui_mutex in ubifs_inode comment Zhihao Cheng 2021-12-27 3:22 ` Zhihao Cheng 2021-12-27 3:22 ` [PATCH v6 04/15] ubifs: Add missing iput if do_tmpfile() failed in rename whiteout Zhihao Cheng 2021-12-27 3:22 ` Zhihao Cheng 2021-12-27 3:22 ` [PATCH v6 05/15] ubifs: Rename whiteout atomically Zhihao Cheng 2021-12-27 3:22 ` Zhihao Cheng 2022-01-09 21:14 ` Richard Weinberger 2022-01-09 21:14 ` Richard Weinberger 2022-01-10 9:35 ` Zhihao Cheng 2022-01-10 9:35 ` Zhihao Cheng 2022-01-10 10:14 ` Richard Weinberger 2022-01-10 10:14 ` Richard Weinberger 2022-01-10 20:58 ` Richard Weinberger 2022-01-10 20:58 ` Richard Weinberger 2021-12-27 3:22 ` [PATCH v6 06/15] ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback work Zhihao Cheng 2021-12-27 3:22 ` Zhihao Cheng 2021-12-27 3:22 ` [PATCH v6 07/15] ubifs: Rectify space amount budget for mkdir/tmpfile operations Zhihao Cheng 2021-12-27 3:22 ` Zhihao Cheng 2021-12-27 3:22 ` [PATCH v6 08/15] ubifs: setflags: Make dirtied_ino_d 8 bytes aligned Zhihao Cheng 2021-12-27 3:22 ` Zhihao Cheng 2021-12-27 3:22 ` [PATCH v6 09/15] ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() Zhihao Cheng 2021-12-27 3:22 ` Zhihao Cheng 2021-12-27 3:22 ` [PATCH v6 10/15] ubifs: Fix to add refcount once page is set private Zhihao Cheng 2021-12-27 3:22 ` Zhihao Cheng 2021-12-27 3:22 ` [PATCH v6 11/15] ubi: fastmap: Return error code if memory allocation fails in add_aeb() Zhihao Cheng 2021-12-27 3:22 ` Zhihao Cheng 2021-12-27 3:22 ` [PATCH v6 12/15] ubi: fastmap: Add all fastmap pebs into 'ai->fastmap' when fm->used_blocks>=2 Zhihao Cheng 2021-12-27 3:22 ` Zhihao Cheng 2022-01-10 23:23 ` Richard Weinberger 2022-01-10 23:23 ` Richard Weinberger 2022-01-11 2:48 ` Zhihao Cheng 2022-01-11 2:48 ` Zhihao Cheng 2022-01-11 7:27 ` Richard Weinberger 2022-01-11 7:27 ` Richard Weinberger 2022-01-11 11:44 ` Zhihao Cheng 2022-01-11 11:44 ` Zhihao Cheng 2022-01-11 11:57 ` Richard Weinberger 2022-01-11 11:57 ` Richard Weinberger 2022-01-11 13:23 ` Zhihao Cheng 2022-01-11 13:23 ` Zhihao Cheng 2022-01-11 13:56 ` Richard Weinberger 2022-01-11 13:56 ` Richard Weinberger 2022-01-12 3:46 ` Zhihao Cheng 2022-01-12 3:46 ` Zhihao Cheng 2022-01-14 18:45 ` Richard Weinberger 2022-01-14 18:45 ` Richard Weinberger 2022-01-15 8:22 ` Zhihao Cheng 2022-01-15 8:22 ` Zhihao Cheng 2022-01-15 8:46 ` Zhihao Cheng 2022-01-15 8:46 ` Zhihao Cheng 2022-01-15 10:01 ` Richard Weinberger 2022-01-15 10:01 ` Richard Weinberger 2022-01-17 1:31 ` Zhihao Cheng 2022-01-17 1:31 ` Zhihao Cheng 2022-01-17 2:52 ` Zhihao Cheng 2022-01-17 2:52 ` Zhihao Cheng 2021-12-27 3:22 ` [PATCH v6 13/15] ubifs: ubifs_writepage: Mark page dirty after writing inode failed Zhihao Cheng 2021-12-27 3:22 ` Zhihao Cheng 2021-12-27 3:22 ` Zhihao Cheng [this message] 2021-12-27 3:22 ` [PATCH v6 14/15] ubifs: ubifs_releasepage: Remove ubifs_assert(0) to valid this process Zhihao Cheng 2021-12-27 3:22 ` [PATCH v6 15/15] ubi: fastmap: Fix high cpu usage of ubi_bgt by making sure wl_pool not empty Zhihao Cheng 2021-12-27 3:22 ` Zhihao Cheng 2022-01-17 1:40 ` Zhihao Cheng 2022-01-17 1:40 ` Zhihao Cheng 2021-12-27 10:13 ` [PATCH v6 00/15] Some bugfixs for ubi/ubifs Richard Weinberger 2021-12-27 10:13 ` Richard Weinberger 2021-12-27 12:19 ` Zhihao Cheng 2021-12-27 12:19 ` Zhihao Cheng 2021-12-27 13:00 ` Richard Weinberger 2021-12-27 13:00 ` Richard Weinberger
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20211227032246.2886878-15-chengzhihao1@huawei.com \ --to=chengzhihao1@huawei.com \ --cc=kirill.shutemov@linux.intel.com \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-mtd@lists.infradead.org \ --cc=mcoquelin.stm32@gmail.com \ --cc=miquel.raynal@bootlin.com \ --cc=richard@nod.at \ --cc=s.hauer@pengutronix.de \ --cc=vigneshr@ti.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.