From: Dave Chinner <david@fromorbit.com>
To: Christoph Hellwig <hch@infradead.org>
Cc: linux-xfs@vger.kernel.org
Subject: Re: [PATCH 7/9] xfs: separate out log shutdown callback processing
Date: Mon, 5 Jul 2021 11:46:53 +1000 [thread overview]
Message-ID: <20210705014653.GJ664593@dread.disaster.area> (raw)
In-Reply-To: <YN7QDC8j7YEl02JJ@infradead.org>
On Fri, Jul 02, 2021 at 09:36:28AM +0100, Christoph Hellwig wrote:
> On Wed, Jun 30, 2021 at 04:38:11PM +1000, Dave Chinner wrote:
> > From: Dave Chinner <dchinner@redhat.com>
> >
> > The iclog callback processing done during a forced log shutdown has
> > different logic to normal runtime IO completion callback processing.
> > Separate out eh shutdown callbacks into their own function and call
> > that from the shutdown code instead.
> >
> > We don't need this shutdown specific logic in the normal runtime
> > completion code - we'll always run the shutdown version on shutdown,
> > and it will do what shutdown needs regardless of whether there are
> > racing IO completion callbacks scheduled or in progress. Hence we
> > can also simplify the normal IO completion callpath and only abort
> > if shutdown occurred while we actively were processing callbacks.
>
> What prevents a log shutdown from coming in during the callback
> processing? Or is there a reason why we simply don't care for that
> case?
We simpy don't care. IO completion based callbacks can already race
with shutdown driven callbacks. RIght now, both cases will process
all iclogs, so it just depends on which one gets to the iclog first
as to which one runs the callbacks. We don't actually pass the
shutdown state to the callbacks, so the callbacks are none-the-wiser
for whether they are being called from shutdown or IO completion
when they see the shutdown state.
With the code as per this patch, a racing shutdown will result in
the callbacks from IO completion seeing the shutdown state, but IO
completion will now avoid processing iclogs out of order/statei
because the shutdown state is set. Hence by taking out the shutdown
check from IO completion, we avoid having IO completion based
callbacks racing with referenced iclogs that have just attached
callbacks to the iclog but haven't yet released their reference and
submitted the iclog for IO...
IOWs, it's not just the callbacks running from shutdown that trigger
the UAF problems with callbacks, it can also occur from IO
completion, too. Hence we really need to separate out the
shutdown case from the IO completion path to avoid it from having
the same problem(s) as the shutdown path...
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
next prev parent reply other threads:[~2021-07-05 1:46 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-30 6:38 [PATCH 0/9] xfs: shutdown is a racy mess Dave Chinner
2021-06-30 6:38 ` [PATCH 1/9] xfs: convert XLOG_FORCED_SHUTDOWN() to xlog_is_shutdown() Dave Chinner
2021-06-30 16:10 ` Darrick J. Wong
2021-07-02 7:48 ` Christoph Hellwig
2021-07-02 8:45 ` Dave Chinner
2021-07-02 9:27 ` Christoph Hellwig
2021-06-30 6:38 ` [PATCH 2/9] xfs: XLOG_STATE_IOERROR must die Dave Chinner
2021-06-30 15:22 ` kernel test robot
2021-06-30 15:22 ` [PATCH] xfs: fix semicolon.cocci warnings kernel test robot
2021-07-02 8:00 ` [PATCH 2/9] xfs: XLOG_STATE_IOERROR must die Christoph Hellwig
2021-07-02 8:55 ` Dave Chinner
2021-06-30 6:38 ` [PATCH 3/9] xfs: move recovery needed state updates to xfs_log_mount_finish Dave Chinner
2021-07-02 8:10 ` Christoph Hellwig
2021-06-30 6:38 ` [PATCH 4/9] xfs: convert log flags to an operational state field Dave Chinner
2021-07-02 8:15 ` Christoph Hellwig
2021-07-09 4:33 ` Darrick J. Wong
2021-06-30 6:38 ` [PATCH 5/9] xfs: make forced shutdown processing atomic Dave Chinner
2021-07-02 8:24 ` Christoph Hellwig
2021-07-05 1:28 ` Dave Chinner
2021-07-09 4:40 ` Darrick J. Wong
2021-07-14 3:15 ` Dave Chinner
2021-07-14 5:02 ` Darrick J. Wong
2021-06-30 6:38 ` [PATCH 6/9] xfs: reowrk up xlog_state_do_callback Dave Chinner
2021-07-02 8:28 ` Christoph Hellwig
2021-07-09 4:42 ` Darrick J. Wong
2021-06-30 6:38 ` [PATCH 7/9] xfs: separate out log shutdown callback processing Dave Chinner
2021-07-02 8:36 ` Christoph Hellwig
2021-07-05 1:46 ` Dave Chinner [this message]
2021-06-30 6:38 ` [PATCH 8/9] xfs: don't run shutdown callbacks on active iclogs Dave Chinner
2021-07-02 8:48 ` Christoph Hellwig
2021-07-05 2:04 ` Dave Chinner
2021-06-30 6:38 ` [PATCH 9/9] xfs: log head and tail aren't reliable during shutdown Dave Chinner
2021-07-02 8:53 ` Christoph Hellwig
2021-07-05 2:22 ` Dave Chinner
2021-07-14 3:19 [PATCH 0/9 v2] xfs: shutdown is a racy mess Dave Chinner
2021-07-14 3:19 ` [PATCH 7/9] xfs: separate out log shutdown callback processing Dave Chinner
2021-07-14 6:17 ` Christoph Hellwig
2021-07-14 22:00 ` Darrick J. Wong
2021-08-10 5:18 [PATCH 0/9 v3] xfs: shutdown is a racy mess Dave Chinner
2021-08-10 5:18 ` [PATCH 7/9] xfs: separate out log shutdown callback processing Dave Chinner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210705014653.GJ664593@dread.disaster.area \
--to=david@fromorbit.com \
--cc=hch@infradead.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).