btrfs: fix readdir deadlock with pagefault

Readdir does dir_emit while under the btree lock.  dir_emit can trigger
the page fault which means we can deadlock.  Fix this by allocating a
buffer on opening a directory and copying the readdir into this buffer
and doing dir_emit from outside of the tree lock.

Thread A
readdir  <holding tree lock>
  dir_emit
    <page fault>
      down_read(mmap_sem)

Thread B
mmap write
  down_write(mmap_sem)
    page_mkwrite
      wait_ordered_extents

Process C
finish_ordered_extent
  insert_reserved_file_extent
   try to lock leaf <hang>

Signed-off-by: Josef Bacik <jbacik@fb.com>
Reviewed-by: David Sterba <dsterba@suse.com>
[ copy the deadlock scenario to changelog ]
Signed-off-by: David Sterba <dsterba@suse.com>

1 files changed, 8 insertions, 1 deletions

diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c
index 58818cf7f82d..74fd7756cff3 100644
--- a/fs/btrfs/file.c
+++ b/fs/btrfs/file.c
@@ -1990,8 +1990,15 @@ out:
 
 int btrfs_release_file(struct inode *inode, struct file *filp)
 {
-        if (filp->private_data)
+        struct btrfs_file_private *private = filp->private_data;
+
+        if (private && private->trans)
                 btrfs_ioctl_trans_end(filp);
+        if (private && private->filldir_buf)
+                kfree(private->filldir_buf);
+        kfree(private);
+        filp->private_data = NULL;
+
         /*
          * ordered_data_close is set by settattr when we are about to truncate
          * a file from a non-zero size to a zero size.  This tries to