diff options
| author | Filipe Manana <fdmanana@suse.com> | 2015-01-16 08:24:40 -0500 |
|---|---|---|
| committer | Chris Mason <clm@fb.com> | 2015-01-19 16:05:45 -0500 |
| commit | 75c68e9fbbdfc04467c9edcac76be998beaa630b (patch) | |
| tree | 90744350470ba845aa065952de640cbaf52bddd3 | |
| parent | 379d6854a2092e38b6e56a8067d922e31461b7e2 (diff) | |
Btrfs: fix race deleting block group from space_info->ro_bgs list
When removing a block group we were deleting it from its space_info's
ro_bgs list without the correct protection - the space info's spinlock.
Fix this by doing the list delete while holding the spinlock of the
corresponding space info, which is the correct lock for any operation
on that list.
This issue was introduced in the 3.19 kernel by the following change:
Btrfs: move read only block groups onto their own list V2
commit 633c0aad4c0243a506a3e8590551085ad78af82d
I ran into a kernel crash while a task was running statfs, which iterates
the space_info->ro_bgs list while holding the space info's spinlock,
and another task was deleting it from the same list, without holding that
spinlock, as part of the block group remove operation (while running the
function btrfs_remove_block_group). This happened often when running the
stress test xfstests/generic/038 I recently made.
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Chris Mason <clm@fb.com>
| -rw-r--r-- | fs/btrfs/ctree.h | 1 | ||||
| -rw-r--r-- | fs/btrfs/extent-tree.c | 2 |
2 files changed, 2 insertions, 1 deletions
diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h index 7e607416755a..0b180708bf79 100644 --- a/fs/btrfs/ctree.h +++ b/fs/btrfs/ctree.h | |||
| @@ -1171,6 +1171,7 @@ struct btrfs_space_info { | |||
| 1171 | struct percpu_counter total_bytes_pinned; | 1171 | struct percpu_counter total_bytes_pinned; |
| 1172 | 1172 | ||
| 1173 | struct list_head list; | 1173 | struct list_head list; |
| 1174 | /* Protected by the spinlock 'lock'. */ | ||
| 1174 | struct list_head ro_bgs; | 1175 | struct list_head ro_bgs; |
| 1175 | 1176 | ||
| 1176 | struct rw_semaphore groups_sem; | 1177 | struct rw_semaphore groups_sem; |
diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index 15116585e714..a684086c3c81 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c | |||
| @@ -9422,7 +9422,6 @@ int btrfs_remove_block_group(struct btrfs_trans_handle *trans, | |||
| 9422 | * are still on the list after taking the semaphore | 9422 | * are still on the list after taking the semaphore |
| 9423 | */ | 9423 | */ |
| 9424 | list_del_init(&block_group->list); | 9424 | list_del_init(&block_group->list); |
| 9425 | list_del_init(&block_group->ro_list); | ||
| 9426 | if (list_empty(&block_group->space_info->block_groups[index])) { | 9425 | if (list_empty(&block_group->space_info->block_groups[index])) { |
| 9427 | kobj = block_group->space_info->block_group_kobjs[index]; | 9426 | kobj = block_group->space_info->block_group_kobjs[index]; |
| 9428 | block_group->space_info->block_group_kobjs[index] = NULL; | 9427 | block_group->space_info->block_group_kobjs[index] = NULL; |
| @@ -9464,6 +9463,7 @@ int btrfs_remove_block_group(struct btrfs_trans_handle *trans, | |||
| 9464 | btrfs_remove_free_space_cache(block_group); | 9463 | btrfs_remove_free_space_cache(block_group); |
| 9465 | 9464 | ||
| 9466 | spin_lock(&block_group->space_info->lock); | 9465 | spin_lock(&block_group->space_info->lock); |
| 9466 | list_del_init(&block_group->ro_list); | ||
| 9467 | block_group->space_info->total_bytes -= block_group->key.offset; | 9467 | block_group->space_info->total_bytes -= block_group->key.offset; |
| 9468 | block_group->space_info->bytes_readonly -= block_group->key.offset; | 9468 | block_group->space_info->bytes_readonly -= block_group->key.offset; |
| 9469 | block_group->space_info->disk_total -= block_group->key.offset * factor; | 9469 | block_group->space_info->disk_total -= block_group->key.offset * factor; |