Device removal crash problems

Device removal crash problems

[Anton Altaparmakov]

Hi Christoph,

I think the reason the storage unplug crashes came back in 4.1 kernel after your work in 4.0 kernel to fix them is this commit: 6cd18e711dd8 "block: destroy bdi before blockdev is unregistered."

The fix was to basically violate the lifetime rules/reference counting you put in place and destroy the bdi before the reference count reaches zero which means we are back at square one!  The whole point of the reference count was specifically so that devices are not destroyed before the reference count becomes zero.  Or at least that was my understanding/assumption...

The solution should have perhaps been to fix MD and Loop drivers rather than to break the entire kernel all over again and then patch up ext4 again (commit bdfe0cbd746aa9b2509c2f6d6be17193cf7facd7).

The check in ext4 is not perfect because it is a race condition - if you unplug at same time as the check is happening you can still get the kernel to crash.  I grant you it is a very small race window but it is there.

What do you think?

Best regards,

	Anton
-- 
Anton Altaparmakov <anton at tuxera.com> (replace at with @)
Lead in File System Development, Tuxera Inc., http://www.tuxera.com/
Linux NTFS maintainer

Re: Device removal crash problems

[Christoph Hellwig]

On Mon, Jun 13, 2016 at 01:26:24AM +0000, Anton Altaparmakov wrote:
> Hi Christoph,
> 
> I think the reason the storage unplug crashes came back in 4.1 kernel after your work in 4.0 kernel to fix them is this commit: 6cd18e711dd8 "block: destroy bdi before blockdev is unregistered."
> 
> The fix was to basically violate the lifetime rules/reference counting you put in place and destroy the bdi before the reference count reaches zero which means we are back at square one!  The whole point of the reference count was specifically so that devices are not destroyed before the reference count becomes zero.  Or at least that was my understanding/assumption...

Yes, that area is a mess.  Unfortunately I've been too busy to fight
in in detail - since then the writeback code also got trainwrecked by
the cgroups writeback support and it will take a long time for me to
get back into it.

Re: Device removal crash problems

[NeilBrown]

[-- Attachment #1: Type: text/plain, Size: 1389 bytes --]

On Mon, Jun 13 2016, Anton Altaparmakov wrote:

> Hi Christoph,
>
> I think the reason the storage unplug crashes came back in 4.1 kernel after your work in 4.0 kernel to fix them is this commit: 6cd18e711dd8 "block: destroy bdi before blockdev is unregistered."
>
> The fix was to basically violate the lifetime rules/reference counting you put in place and destroy the bdi before the reference count reaches zero which means we are back at square one!  The whole point of the reference count was specifically so that devices are not destroyed before the reference count becomes zero.  Or at least that was my understanding/assumption...
>
> The solution should have perhaps been to fix MD and Loop drivers rather than to break the entire kernel all over again and then patch up ext4 again (commit bdfe0cbd746aa9b2509c2f6d6be17193cf7facd7).
>
> The check in ext4 is not perfect because it is a race condition - if you unplug at same time as the check is happening you can still get the kernel to crash.  I grant you it is a very small race window but it is there.
>
> What do you think?

Is this problem fixed by

Commit: b02176f30cd3 ("block: don't release bdi while request_queue has live references")

(in 4.3-rc7)?

With that patch the unregistering is done early enough for md and loop,
but the freeing should be done late enough to not inconvenience
filesystems.

Thanks,
NeilBrown

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 818 bytes --]