diff options
| author | Jan Kara <jack@suse.cz> | 2016-10-30 12:42:04 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2016-10-30 13:09:42 -0400 |
| commit | 70fe2f48152e60664809e2fed76bbb50c9fa2aa3 (patch) | |
| tree | c5797bacdc9175af6658c9548387b52749cda6ee /fs | |
| parent | 89319d31d2d097da8e27fb0e0ae9d532f4f16827 (diff) | |
aio: fix freeze protection of aio writes
Currently we dropped freeze protection of aio writes just after IO was
submitted. Thus aio write could be in flight while the filesystem was
frozen and that could result in unexpected situation like aio completion
wanting to convert extent type on frozen filesystem. Testcase from
Dmitry triggering this is like:
for ((i=0;i<60;i++));do fsfreeze -f /mnt ;sleep 1;fsfreeze -u /mnt;done &
fio --bs=4k --ioengine=libaio --iodepth=128 --size=1g --direct=1 \
--runtime=60 --filename=/mnt/file --name=rand-write --rw=randwrite
Fix the problem by dropping freeze protection only once IO is completed
in aio_complete().
Reported-by: Dmitry Monakhov <dmonakhov@openvz.org>
Signed-off-by: Jan Kara <jack@suse.cz>
[hch: forward ported on top of various VFS and aio changes]
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/aio.c | 19 |
1 files changed, 18 insertions, 1 deletions
| @@ -1078,6 +1078,17 @@ static void aio_complete(struct kiocb *kiocb, long res, long res2) | |||
| 1078 | unsigned tail, pos, head; | 1078 | unsigned tail, pos, head; |
| 1079 | unsigned long flags; | 1079 | unsigned long flags; |
| 1080 | 1080 | ||
| 1081 | if (kiocb->ki_flags & IOCB_WRITE) { | ||
| 1082 | struct file *file = kiocb->ki_filp; | ||
| 1083 | |||
| 1084 | /* | ||
| 1085 | * Tell lockdep we inherited freeze protection from submission | ||
| 1086 | * thread. | ||
| 1087 | */ | ||
| 1088 | __sb_writers_acquired(file_inode(file)->i_sb, SB_FREEZE_WRITE); | ||
| 1089 | file_end_write(file); | ||
| 1090 | } | ||
| 1091 | |||
| 1081 | /* | 1092 | /* |
| 1082 | * Special case handling for sync iocbs: | 1093 | * Special case handling for sync iocbs: |
| 1083 | * - events go directly into the iocb for fast handling | 1094 | * - events go directly into the iocb for fast handling |
| @@ -1473,9 +1484,15 @@ static ssize_t aio_write(struct kiocb *req, struct iocb *iocb, bool vectored, | |||
| 1473 | return ret; | 1484 | return ret; |
| 1474 | ret = rw_verify_area(WRITE, file, &req->ki_pos, iov_iter_count(&iter)); | 1485 | ret = rw_verify_area(WRITE, file, &req->ki_pos, iov_iter_count(&iter)); |
| 1475 | if (!ret) { | 1486 | if (!ret) { |
| 1487 | req->ki_flags |= IOCB_WRITE; | ||
| 1476 | file_start_write(file); | 1488 | file_start_write(file); |
| 1477 | ret = aio_ret(req, file->f_op->write_iter(req, &iter)); | 1489 | ret = aio_ret(req, file->f_op->write_iter(req, &iter)); |
| 1478 | file_end_write(file); | 1490 | /* |
| 1491 | * We release freeze protection in aio_complete(). Fool lockdep | ||
| 1492 | * by telling it the lock got released so that it doesn't | ||
| 1493 | * complain about held lock when we return to userspace. | ||
| 1494 | */ | ||
| 1495 | __sb_writers_release(file_inode(file)->i_sb, SB_FREEZE_WRITE); | ||
| 1479 | } | 1496 | } |
| 1480 | kfree(iovec); | 1497 | kfree(iovec); |
| 1481 | return ret; | 1498 | return ret; |