From: "Darrick J. Wong" <darrick.wong@oracle.com>
To: Brian Foster <bfoster@redhat.com>
Cc: xfs <linux-xfs@vger.kernel.org>, Dave Chinner <david@fromorbit.com>
Subject: Re: quotacheck deadlock?
Date: Fri, 21 Jul 2017 09:21:30 -0700 [thread overview]
Message-ID: <20170721162130.GF23625@magnolia> (raw)
In-Reply-To: <20170721142248.GC44069@bfoster.bfoster>
On Fri, Jul 21, 2017 at 10:22:48AM -0400, Brian Foster wrote:
> On Thu, Jul 20, 2017 at 01:01:29PM -0700, Darrick J. Wong wrote:
> > On Thu, Jul 20, 2017 at 11:58:55AM -0700, Darrick J. Wong wrote:
> > > On Thu, Jul 20, 2017 at 08:38:46AM -0400, Brian Foster wrote:
> > > > On Wed, Jul 19, 2017 at 11:58:04PM -0700, Darrick J. Wong wrote:
> > > > > Hi,
> > > > >
> > > > > I ran the following sequence of commands on 4.13-rc1:
> > > > >
> > > > > # mkfs.xfs -f /dev/sdf
> > > > > # xfs_db -x -c 'sb 0' -c 'addr rootino' -c 'write -d core.uid 4294967295' /dev/sdf
> > > > > # mount /dev/sdf -o usrquota
> > > > >
> > > > > The kernel reports that it's starting quotacheck, but never finishes.
> > > > > echo t > /proc/sysrq produces this for the hung mount command:
> > > > >
> > > > > mount R running task 0 988 895 0x00000000
> > > > > Call Trace:
> > > > > ? sched_clock_cpu+0xa8/0xe0
> > > > > ? xfs_qm_flush_one+0x3c/0x120 [xfs]
> > > > > ? lock_acquire+0xac/0x200
> > > > > ? lock_acquire+0xac/0x200
> > > > > ? xfs_qm_flush_one+0x3c/0x120 [xfs]
> > > > > ? xfs_qm_dquot_walk+0xa1/0x170 [xfs]
> > > > > ? get_lock_stats+0x19/0x60
> > > > > ? get_lock_stats+0x19/0x60
> > > > > ? xfs_qm_dquot_walk+0xa1/0x170 [xfs]
> > > > > ? xfs_qm_dquot_walk+0x125/0x170 [xfs]
> > > > > ? radix_tree_gang_lookup+0xd1/0xf0
> > > > > ? xfs_qm_shrink_count+0x20/0x20 [xfs]
> > > > > ? xfs_qm_dquot_walk+0xbb/0x170 [xfs]
> > > > > ? kfree+0x23f/0x2d0
> > > > > ? kvfree+0x2a/0x40
> > > > > ? xfs_bulkstat+0x315/0x680 [xfs]
> > > > > ? xfs_qm_get_rtblks+0xa0/0xa0 [xfs]
> > > > > ? xfs_qm_quotacheck+0x2bd/0x360 [xfs]
> > > > > ? xfs_qm_mount_quotas+0x106/0x1f0 [xfs]
> > > > > ? xfs_mountfs+0x6f2/0xb00 [xfs]
> > > > > ? xfs_fs_fill_super+0x483/0x610 [xfs]
> > > > > ? mount_bdev+0x180/0x1b0
> > > > > ? xfs_finish_flags+0x150/0x150 [xfs]
> > > > > ? xfs_fs_mount+0x15/0x20 [xfs]
> > > > > ? mount_fs+0x14/0x80
> > > > > ? vfs_kern_mount+0x67/0x170
> > > > > ? do_mount+0x195/0xd00
> > > > > ? kmem_cache_alloc_trace+0x231/0x2a0
> > > > > ? SyS_mount+0x95/0xe0
> > > > > ? entry_SYSCALL_64_fastpath+0x1f/0xbe
> > > > >
> > > > > Any thoughts? I'm not sure what's going on for sure, other than the
> > > > > call stack looks funny and it's midnight so I'm going to sleep. :)
> > > > >
> > > >
> > > > It looks like a problem with the loop in xfs_qm_dquot_walk(). The next
> > > > lookup index is calculated as:
> > > >
> > > > next_index = be32_to_cpu(dqp->q_core.d_id) + 1;
> > > >
> > > > ... each time through the loop. With the uid written above, the +1
> > > > overflows the 32-bit next_index back to zero and the lookup starts over.
> > > > I suppose a simple fix might be to do something like the following.
> > > > Thoughts?
> > > >
> > > > --- 8< ---
> > > >
> > > > diff --git a/fs/xfs/xfs_qm.c b/fs/xfs/xfs_qm.c
> > > > index 6ce948c..f013c893 100644
> > > > --- a/fs/xfs/xfs_qm.c
> > > > +++ b/fs/xfs/xfs_qm.c
> > > > @@ -111,6 +111,8 @@ xfs_qm_dquot_walk(
> > > > skipped = 0;
> > > > break;
> > > > }
> > > > + if (!next_index)
> > > > + break;
> > >
> > > Well, this /does/ fix the quotacheck lockup... but leads me straight
> > > into the next problem, which is that xfs_quota -x -c 'report -i' just
> > > goes into an infinite loop:
> > >
> > > root 3 0 0 00 [--------]
> > > #4294967295 1 0 0 00 [--------]
> > > <repeats>
> > >
>
> That's a different codepath, right? Do we have a similar problem
> somewhere else..?
I think it's a bug in quota/report.c.
> > > That said, the userland APIs *chown/set*uid return -EINVAL if you pass
> > > in a userid of -1U, so one could argue that it's not a valid id anyway.
> > > Via stat(), the kernel squashes -1U down to 65534 (nobody), which
> > > implies that (Linux, anyway) doesn't consider -1U to be a valid id.
> > > ISTR XFS treats uids as a mostly opaque value that we get from and pass
> > > to the VFS without a whole lot of interpretation...?
> >
>
> That's my understanding. At least, I just looked at the size of the id
> and assumed anything therein was valid. I'd still probably want to fix
> the loop in quotacheck either way just to avoid leaving around a
> landmine.
Ok, want to package that up into a patch?
> > Poking around in include/linux/uidgid.h, it seems that uid_valid()
> > thinks that -1U is not a valid user id, so perhaps the inode verifier
> > should chck for that. Ditto for gid_valid().
> >
>
> Seems reasonable, assuming that has always been the case.
>
> > But then there's project id -- xfs_quota won't let us set a projid of
> > 4294967295, though I don't see anything in the kernel that prohibits
> > that. chattr -p 4294967295 succeeds in setting the project id, which
> > means that we probably can't just ban it retroactively(??)
> >
> > Thoughts?
> >
>
> Not sure.. any idea why the xfs_quota command fails if chattr does not?
xfs_quota explicitly disallows -1U, but chattr just treats it as an
arbitrary 32-bit value. I'd like to amend _dinode_verify to look for
[ugp]id of -1U, but I'm having trouble figuring out if they're /really/
invalid, at least from the perspective of the disk format.
(Maybe Dave knows something? :))
--D
>
> Brian
>
> > --D
> >
> > >
> > > --D
> > >
> > > > }
> > > >
> > > > if (skipped) {
> > > > --
> > > > To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> > > > the body of a message to majordomo@vger.kernel.org
> > > > More majordomo info at http://vger.kernel.org/majordomo-info.html
> > > --
> > > To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> > > the body of a message to majordomo@vger.kernel.org
> > > More majordomo info at http://vger.kernel.org/majordomo-info.html
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
prev parent reply other threads:[~2017-07-21 16:21 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-20 6:58 quotacheck deadlock? Darrick J. Wong
2017-07-20 12:38 ` Brian Foster
2017-07-20 18:58 ` Darrick J. Wong
2017-07-20 20:01 ` Darrick J. Wong
2017-07-21 14:22 ` Brian Foster
2017-07-21 16:21 ` Darrick J. Wong [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170721162130.GF23625@magnolia \
--to=darrick.wong@oracle.com \
--cc=bfoster@redhat.com \
--cc=david@fromorbit.com \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).