diff options
author | Jeff Moyer <jmoyer@redhat.com> | 2012-07-12 09:43:14 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-07-13 11:36:35 -0400 |
commit | 91f68c89d8f35fe98ea04159b9a3b42d0149478f (patch) | |
tree | d62ecd2a9de58a2d5673e4e1765b35eac28faf2c | |
parent | 918227bb1b59444a2c467711fd50cc22bb4a897b (diff) |
block: fix infinite loop in __getblk_slow
Commit 080399aaaf35 ("block: don't mark buffers beyond end of disk as
mapped") exposed a bug in __getblk_slow that causes mount to hang as it
loops infinitely waiting for a buffer that lies beyond the end of the
disk to become uptodate.
The problem was initially reported by Torsten Hilbrich here:
https://lkml.org/lkml/2012/6/18/54
and also reported independently here:
http://www.sysresccd.org/forums/viewtopic.php?f=13&t=4511
and then Richard W.M. Jones and Marcos Mello noted a few separate
bugzillas also associated with the same issue. This patch has been
confirmed to fix:
https://bugzilla.redhat.com/show_bug.cgi?id=835019
The main problem is here, in __getblk_slow:
for (;;) {
struct buffer_head * bh;
int ret;
bh = __find_get_block(bdev, block, size);
if (bh)
return bh;
ret = grow_buffers(bdev, block, size);
if (ret < 0)
return NULL;
if (ret == 0)
free_more_memory();
}
__find_get_block does not find the block, since it will not be marked as
mapped, and so grow_buffers is called to fill in the buffers for the
associated page. I believe the for (;;) loop is there primarily to
retry in the case of memory pressure keeping grow_buffers from
succeeding. However, we also continue to loop for other cases, like the
block lying beond the end of the disk. So, the fix I came up with is to
only loop when grow_buffers fails due to memory allocation issues
(return value of 0).
The attached patch was tested by myself, Torsten, and Rich, and was
found to resolve the problem in call cases.
Signed-off-by: Jeff Moyer <jmoyer@redhat.com>
Reported-and-Tested-by: Torsten Hilbrich <torsten.hilbrich@secunet.com>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
Reviewed-by: Josh Boyer <jwboyer@redhat.com>
Cc: Stable <stable@vger.kernel.org> # 3.0+
[ Jens is on vacation, taking this directly - Linus ]
--
Stable Notes: this patch requires backport to 3.0, 3.2 and 3.3.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | fs/buffer.c | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/fs/buffer.c b/fs/buffer.c index 838a9cf246bd..c7062c896d7c 100644 --- a/fs/buffer.c +++ b/fs/buffer.c | |||
@@ -1036,6 +1036,9 @@ grow_buffers(struct block_device *bdev, sector_t block, int size) | |||
1036 | static struct buffer_head * | 1036 | static struct buffer_head * |
1037 | __getblk_slow(struct block_device *bdev, sector_t block, int size) | 1037 | __getblk_slow(struct block_device *bdev, sector_t block, int size) |
1038 | { | 1038 | { |
1039 | int ret; | ||
1040 | struct buffer_head *bh; | ||
1041 | |||
1039 | /* Size must be multiple of hard sectorsize */ | 1042 | /* Size must be multiple of hard sectorsize */ |
1040 | if (unlikely(size & (bdev_logical_block_size(bdev)-1) || | 1043 | if (unlikely(size & (bdev_logical_block_size(bdev)-1) || |
1041 | (size < 512 || size > PAGE_SIZE))) { | 1044 | (size < 512 || size > PAGE_SIZE))) { |
@@ -1048,20 +1051,21 @@ __getblk_slow(struct block_device *bdev, sector_t block, int size) | |||
1048 | return NULL; | 1051 | return NULL; |
1049 | } | 1052 | } |
1050 | 1053 | ||
1051 | for (;;) { | 1054 | retry: |
1052 | struct buffer_head * bh; | 1055 | bh = __find_get_block(bdev, block, size); |
1053 | int ret; | 1056 | if (bh) |
1057 | return bh; | ||
1054 | 1058 | ||
1059 | ret = grow_buffers(bdev, block, size); | ||
1060 | if (ret == 0) { | ||
1061 | free_more_memory(); | ||
1062 | goto retry; | ||
1063 | } else if (ret > 0) { | ||
1055 | bh = __find_get_block(bdev, block, size); | 1064 | bh = __find_get_block(bdev, block, size); |
1056 | if (bh) | 1065 | if (bh) |
1057 | return bh; | 1066 | return bh; |
1058 | |||
1059 | ret = grow_buffers(bdev, block, size); | ||
1060 | if (ret < 0) | ||
1061 | return NULL; | ||
1062 | if (ret == 0) | ||
1063 | free_more_memory(); | ||
1064 | } | 1067 | } |
1068 | return NULL; | ||
1065 | } | 1069 | } |
1066 | 1070 | ||
1067 | /* | 1071 | /* |