* The new invalidate_lock seems to cause a potential deadlock with fscache
@ 2021-09-21 21:55 David Howells
2021-09-22 11:04 ` Jan Kara
2021-12-07 15:58 ` David Howells
0 siblings, 2 replies; 3+ messages in thread
From: David Howells @ 2021-09-21 21:55 UTC (permalink / raw)
To: Jan Kara
Cc: dhowells, Darrick J. Wong, Christoph Hellwig, jlayton, linux-fsdevel
Hi Jan,
It seems the new mapping invalidate_lock causes a potential deadlock with
fscache (see attached trace), though the system didn't actually deadlock.
It's quite possible that it's actually a false positive, since chain #1 below
is holding locks in two different filesystems.
Note that this was with my fscache-iter-2 branch, but the I/O paths in use are
mostly upstream and not much affected by that.
This was found whilst running xfstests over afs with a cache, and I'd reached
generic/346 when it tripped, so it seems to happen under very specific
circumstances. Rerunning generic/346 by itself does reproduce the problem.
I'm wondering if I'm going to need to offload netfs_rreq_do_write_to_cache(),
which initiates the write to the cache, to a worker thread.
David
---
WARNING: possible circular locking dependency detected
5.15.0-rc1-build2+ #292 Not tainted
------------------------------------------------------
holetest/65517 is trying to acquire lock:
ffff88810c81d730 (mapping.invalidate_lock#3){.+.+}-{3:3}, at: filemap_fault+0x276/0x7a5
but task is already holding lock:
ffff8881595b53e8 (&mm->mmap_lock#2){++++}-{3:3}, at: do_user_addr_fault+0x28d/0x59c
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (&mm->mmap_lock#2){++++}-{3:3}:
validate_chain+0x3c4/0x4a8
__lock_acquire+0x89d/0x949
lock_acquire+0x2dc/0x34b
__might_fault+0x87/0xb1
strncpy_from_user+0x25/0x18c
removexattr+0x7c/0xe5
__do_sys_fremovexattr+0x73/0x96
do_syscall_64+0x67/0x7a
entry_SYSCALL_64_after_hwframe+0x44/0xae
-> #1 (sb_writers#10){.+.+}-{0:0}:
validate_chain+0x3c4/0x4a8
__lock_acquire+0x89d/0x949
lock_acquire+0x2dc/0x34b
cachefiles_write+0x2b3/0x4bb
netfs_rreq_do_write_to_cache+0x3b5/0x432
netfs_readpage+0x2de/0x39d
filemap_read_page+0x51/0x94
filemap_get_pages+0x26f/0x413
filemap_read+0x182/0x427
new_sync_read+0xf0/0x161
vfs_read+0x118/0x16e
ksys_read+0xb8/0x12e
do_syscall_64+0x67/0x7a
entry_SYSCALL_64_after_hwframe+0x44/0xae
-> #0 (mapping.invalidate_lock#3){.+.+}-{3:3}:
check_noncircular+0xe4/0x129
check_prev_add+0x16b/0x3a4
validate_chain+0x3c4/0x4a8
__lock_acquire+0x89d/0x949
lock_acquire+0x2dc/0x34b
down_read+0x40/0x4a
filemap_fault+0x276/0x7a5
__do_fault+0x96/0xbf
do_fault+0x262/0x35a
__handle_mm_fault+0x171/0x1b5
handle_mm_fault+0x12a/0x233
do_user_addr_fault+0x3d2/0x59c
exc_page_fault+0x85/0xa5
asm_exc_page_fault+0x1e/0x30
other info that might help us debug this:
Chain exists of:
mapping.invalidate_lock#3 --> sb_writers#10 --> &mm->mmap_lock#2
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&mm->mmap_lock#2);
lock(sb_writers#10);
lock(&mm->mmap_lock#2);
lock(mapping.invalidate_lock#3);
*** DEADLOCK ***
1 lock held by holetest/65517:
#0: ffff8881595b53e8 (&mm->mmap_lock#2){++++}-{3:3}, at: do_user_addr_fault+0x28d/0x59c
stack backtrace:
CPU: 0 PID: 65517 Comm: holetest Not tainted 5.15.0-rc1-build2+ #292
Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014
Call Trace:
dump_stack_lvl+0x45/0x59
check_noncircular+0xe4/0x129
? print_circular_bug+0x207/0x207
? validate_chain+0x461/0x4a8
? add_chain_block+0x88/0xd9
? hlist_add_head_rcu+0x49/0x53
check_prev_add+0x16b/0x3a4
validate_chain+0x3c4/0x4a8
? check_prev_add+0x3a4/0x3a4
? mark_lock+0xa5/0x1c6
__lock_acquire+0x89d/0x949
lock_acquire+0x2dc/0x34b
? filemap_fault+0x276/0x7a5
? rcu_read_unlock+0x59/0x59
? add_to_page_cache_lru+0x13c/0x13c
? lock_is_held_type+0x7b/0xd3
down_read+0x40/0x4a
? filemap_fault+0x276/0x7a5
filemap_fault+0x276/0x7a5
? pagecache_get_page+0x2dd/0x2dd
? __lock_acquire+0x8bc/0x949
? pte_offset_kernel.isra.0+0x6d/0xc3
__do_fault+0x96/0xbf
? do_fault+0x124/0x35a
do_fault+0x262/0x35a
? handle_pte_fault+0x1c1/0x20d
__handle_mm_fault+0x171/0x1b5
? handle_pte_fault+0x20d/0x20d
? __lock_release+0x151/0x254
? mark_held_locks+0x1f/0x78
? rcu_read_unlock+0x3a/0x59
handle_mm_fault+0x12a/0x233
do_user_addr_fault+0x3d2/0x59c
? pgtable_bad+0x70/0x70
? rcu_read_lock_bh_held+0xab/0xab
exc_page_fault+0x85/0xa5
? asm_exc_page_fault+0x8/0x30
asm_exc_page_fault+0x1e/0x30
RIP: 0033:0x40192f
Code: ff 48 89 c3 48 8b 05 50 28 00 00 48 85 ed 7e 23 31 d2 4b 8d 0c 2f eb 0a 0f 1f 00 48 8b 05 39 28 00 00 48 0f af c2 48 83 c2 01 <48> 89 1c 01 48 39 d5 7f e8 8b 0d f2 27 00 00 31 c0 85 c9 74 0e 8b
RSP: 002b:00007f9931867eb0 EFLAGS: 00010202
RAX: 0000000000000000 RBX: 00007f9931868700 RCX: 00007f993206ac00
RDX: 0000000000000001 RSI: 0000000000000000 RDI: 00007ffc13e06ee0
RBP: 0000000000000100 R08: 0000000000000000 R09: 00007f9931868700
R10: 00007f99318689d0 R11: 0000000000000202 R12: 00007ffc13e06ee0
R13: 0000000000000c00 R14: 00007ffc13e06e00 R15: 00007f993206a000
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: The new invalidate_lock seems to cause a potential deadlock with fscache
2021-09-21 21:55 The new invalidate_lock seems to cause a potential deadlock with fscache David Howells
@ 2021-09-22 11:04 ` Jan Kara
2021-12-07 15:58 ` David Howells
1 sibling, 0 replies; 3+ messages in thread
From: Jan Kara @ 2021-09-22 11:04 UTC (permalink / raw)
To: David Howells
Cc: Jan Kara, Darrick J. Wong, Christoph Hellwig, jlayton, linux-fsdevel
Hi David!
On Tue 21-09-21 22:55:29, David Howells wrote:
> It seems the new mapping invalidate_lock causes a potential deadlock with
> fscache (see attached trace), though the system didn't actually deadlock.
>
> It's quite possible that it's actually a false positive, since chain #1
> below is holding locks in two different filesystems.
>
> Note that this was with my fscache-iter-2 branch, but the I/O paths in use are
> mostly upstream and not much affected by that.
>
> This was found whilst running xfstests over afs with a cache, and I'd reached
> generic/346 when it tripped, so it seems to happen under very specific
> circumstances. Rerunning generic/346 by itself does reproduce the problem.
>
> I'm wondering if I'm going to need to offload netfs_rreq_do_write_to_cache(),
> which initiates the write to the cache, to a worker thread.
Indeed, the culprit for lockdep splat seems to be that netfs_readpage()
ends up calling sb_start_write() which ranks above invalidate_lock. I'd
say that calling vfs_iocb_iter_write() from ->readpage() is definitely
violating "standard" locking wisdom we have around :) After some thought
I'd even say there are some theoretical scenarios where this could deadlock.
Like:
We have filesystems F1 & F2, where F1 is the network fs and F2 is the cache
fs.
Thread 1 Thread 2 Thread 3 Thread 4
write (F2)
sb_start_write() (F2)
prepares write
copy_from_user()
freeze_super (F2)
- blocks waiting for Thread 2
fault (F1)
grabs mmap_lock
munmap()
grab mmap_lock exclusively
- blocks on Thread 1
filemap_fault()
netfs_readpage()
sb_start_write() (F2)
- blocks waiting for Thread 3
Thread 2 continues
fault()
grabs mmap_lock
- blocks waiting for Thread 4. RIP.
The core of the problem is that SB_FREEZE_WRITE protection must never be
acquired from under mmap_lock. That's why we have the additional
SB_FREEZE_PAGEFAULT after all.
And I think we could come up also other deadlocks. Simply depending on
write(2) to be safe when already holding mmap_lock and page lock is IMHO
very dangerous and will not fly very well.
Honza
> WARNING: possible circular locking dependency detected
> 5.15.0-rc1-build2+ #292 Not tainted
> ------------------------------------------------------
> holetest/65517 is trying to acquire lock:
> ffff88810c81d730 (mapping.invalidate_lock#3){.+.+}-{3:3}, at: filemap_fault+0x276/0x7a5
>
> but task is already holding lock:
> ffff8881595b53e8 (&mm->mmap_lock#2){++++}-{3:3}, at: do_user_addr_fault+0x28d/0x59c
>
> which lock already depends on the new lock.
>
>
> the existing dependency chain (in reverse order) is:
>
> -> #2 (&mm->mmap_lock#2){++++}-{3:3}:
> validate_chain+0x3c4/0x4a8
> __lock_acquire+0x89d/0x949
> lock_acquire+0x2dc/0x34b
> __might_fault+0x87/0xb1
> strncpy_from_user+0x25/0x18c
> removexattr+0x7c/0xe5
> __do_sys_fremovexattr+0x73/0x96
> do_syscall_64+0x67/0x7a
> entry_SYSCALL_64_after_hwframe+0x44/0xae
>
> -> #1 (sb_writers#10){.+.+}-{0:0}:
> validate_chain+0x3c4/0x4a8
> __lock_acquire+0x89d/0x949
> lock_acquire+0x2dc/0x34b
> cachefiles_write+0x2b3/0x4bb
> netfs_rreq_do_write_to_cache+0x3b5/0x432
> netfs_readpage+0x2de/0x39d
> filemap_read_page+0x51/0x94
> filemap_get_pages+0x26f/0x413
> filemap_read+0x182/0x427
> new_sync_read+0xf0/0x161
> vfs_read+0x118/0x16e
> ksys_read+0xb8/0x12e
> do_syscall_64+0x67/0x7a
> entry_SYSCALL_64_after_hwframe+0x44/0xae
>
> -> #0 (mapping.invalidate_lock#3){.+.+}-{3:3}:
> check_noncircular+0xe4/0x129
> check_prev_add+0x16b/0x3a4
> validate_chain+0x3c4/0x4a8
> __lock_acquire+0x89d/0x949
> lock_acquire+0x2dc/0x34b
> down_read+0x40/0x4a
> filemap_fault+0x276/0x7a5
> __do_fault+0x96/0xbf
> do_fault+0x262/0x35a
> __handle_mm_fault+0x171/0x1b5
> handle_mm_fault+0x12a/0x233
> do_user_addr_fault+0x3d2/0x59c
> exc_page_fault+0x85/0xa5
> asm_exc_page_fault+0x1e/0x30
>
> other info that might help us debug this:
>
> Chain exists of:
> mapping.invalidate_lock#3 --> sb_writers#10 --> &mm->mmap_lock#2
>
> Possible unsafe locking scenario:
>
> CPU0 CPU1
> ---- ----
> lock(&mm->mmap_lock#2);
> lock(sb_writers#10);
> lock(&mm->mmap_lock#2);
> lock(mapping.invalidate_lock#3);
>
> *** DEADLOCK ***
>
> 1 lock held by holetest/65517:
> #0: ffff8881595b53e8 (&mm->mmap_lock#2){++++}-{3:3}, at: do_user_addr_fault+0x28d/0x59c
>
> stack backtrace:
> CPU: 0 PID: 65517 Comm: holetest Not tainted 5.15.0-rc1-build2+ #292
> Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014
> Call Trace:
> dump_stack_lvl+0x45/0x59
> check_noncircular+0xe4/0x129
> ? print_circular_bug+0x207/0x207
> ? validate_chain+0x461/0x4a8
> ? add_chain_block+0x88/0xd9
> ? hlist_add_head_rcu+0x49/0x53
> check_prev_add+0x16b/0x3a4
> validate_chain+0x3c4/0x4a8
> ? check_prev_add+0x3a4/0x3a4
> ? mark_lock+0xa5/0x1c6
> __lock_acquire+0x89d/0x949
> lock_acquire+0x2dc/0x34b
> ? filemap_fault+0x276/0x7a5
> ? rcu_read_unlock+0x59/0x59
> ? add_to_page_cache_lru+0x13c/0x13c
> ? lock_is_held_type+0x7b/0xd3
> down_read+0x40/0x4a
> ? filemap_fault+0x276/0x7a5
> filemap_fault+0x276/0x7a5
> ? pagecache_get_page+0x2dd/0x2dd
> ? __lock_acquire+0x8bc/0x949
> ? pte_offset_kernel.isra.0+0x6d/0xc3
> __do_fault+0x96/0xbf
> ? do_fault+0x124/0x35a
> do_fault+0x262/0x35a
> ? handle_pte_fault+0x1c1/0x20d
> __handle_mm_fault+0x171/0x1b5
> ? handle_pte_fault+0x20d/0x20d
> ? __lock_release+0x151/0x254
> ? mark_held_locks+0x1f/0x78
> ? rcu_read_unlock+0x3a/0x59
> handle_mm_fault+0x12a/0x233
> do_user_addr_fault+0x3d2/0x59c
> ? pgtable_bad+0x70/0x70
> ? rcu_read_lock_bh_held+0xab/0xab
> exc_page_fault+0x85/0xa5
> ? asm_exc_page_fault+0x8/0x30
> asm_exc_page_fault+0x1e/0x30
> RIP: 0033:0x40192f
> Code: ff 48 89 c3 48 8b 05 50 28 00 00 48 85 ed 7e 23 31 d2 4b 8d 0c 2f eb 0a 0f 1f 00 48 8b 05 39 28 00 00 48 0f af c2 48 83 c2 01 <48> 89 1c 01 48 39 d5 7f e8 8b 0d f2 27 00 00 31 c0 85 c9 74 0e 8b
> RSP: 002b:00007f9931867eb0 EFLAGS: 00010202
> RAX: 0000000000000000 RBX: 00007f9931868700 RCX: 00007f993206ac00
> RDX: 0000000000000001 RSI: 0000000000000000 RDI: 00007ffc13e06ee0
> RBP: 0000000000000100 R08: 0000000000000000 R09: 00007f9931868700
> R10: 00007f99318689d0 R11: 0000000000000202 R12: 00007ffc13e06ee0
> R13: 0000000000000c00 R14: 00007ffc13e06e00 R15: 00007f993206a000
>
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: The new invalidate_lock seems to cause a potential deadlock with fscache
2021-09-21 21:55 The new invalidate_lock seems to cause a potential deadlock with fscache David Howells
2021-09-22 11:04 ` Jan Kara
@ 2021-12-07 15:58 ` David Howells
1 sibling, 0 replies; 3+ messages in thread
From: David Howells @ 2021-12-07 15:58 UTC (permalink / raw)
To: Jan Kara
Cc: dhowells, Darrick J. Wong, Christoph Hellwig, jlayton, linux-fsdevel
Jan Kara <jack@suse.cz> wrote:
> We have filesystems F1 & F2, where F1 is the network fs and F2 is the cache
> fs.
>
> Thread 1 Thread 2 Thread 3 Thread 4
> write (F2)
> sb_start_write() (F2)
> prepares write
> copy_from_user()
> ...
> Thread 2 continues
> fault()
cachefilesd is only doing I/O to/from kernel resident pages. It shouldn't
fault there. I'm not sure it's even going to call copy_from_user() since
it'll be using ITER_XARRAY.
David
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-12-07 15:59 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-21 21:55 The new invalidate_lock seems to cause a potential deadlock with fscache David Howells
2021-09-22 11:04 ` Jan Kara
2021-12-07 15:58 ` David Howells
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.