From patchwork Mon Jan 16 06:42:20 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zhen Ren X-Patchwork-Id: 9518115 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 459E96020B for ; Mon, 16 Jan 2017 06:44:18 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0C2C728386 for ; Mon, 16 Jan 2017 06:44:18 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id F34C72838E; Mon, 16 Jan 2017 06:44:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=unavailable version=3.3.1 Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 4F1DF28386 for ; Mon, 16 Jan 2017 06:44:17 +0000 (UTC) Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id v0G6i6t6012394 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 16 Jan 2017 06:44:06 GMT Received: from oss.oracle.com (oss-old-reserved.oracle.com [137.254.22.2]) by aserv0021.oracle.com (8.13.8/8.14.4) with ESMTP id v0G6i5cq022935 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 16 Jan 2017 06:44:05 GMT Received: from localhost ([127.0.0.1] helo=lb-oss.oracle.com) by oss.oracle.com with esmtp (Exim 4.63) (envelope-from ) id 1cT11R-0007Cp-Md; Sun, 15 Jan 2017 22:44:05 -0800 Received: from aserv0022.oracle.com ([141.146.126.234]) by oss.oracle.com with esmtp (Exim 4.63) (envelope-from ) id 1cT10p-0007BH-UM for ocfs2-devel@oss.oracle.com; Sun, 15 Jan 2017 22:43:27 -0800 Received: from aserp1020.oracle.com (aserp1020.oracle.com [141.146.126.67]) by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id v0G6hRxL010672 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Mon, 16 Jan 2017 06:43:27 GMT Received: from userp2030.oracle.com (userp2030.oracle.com [156.151.31.89]) by aserp1020.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id v0G6hRwi024218 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 16 Jan 2017 06:43:27 GMT Received: from pps.filterd (userp2030.oracle.com [127.0.0.1]) by userp2030.oracle.com (8.16.0.17/8.16.0.17) with SMTP id v0G6g3kS020557 for ; Mon, 16 Jan 2017 06:43:27 GMT Authentication-Results: oracle.com; spf=pass smtp.mailfrom=zren@suse.com Received: from prv3-mh.provo.novell.com (victor.provo.novell.com [137.65.250.26]) by userp2030.oracle.com with ESMTP id 280rab8ymf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 16 Jan 2017 06:43:26 +0000 Received: from laptop.apac.novell.com (prv-ext-foundry1int.gns.novell.com [137.65.251.240]) by prv3-mh.provo.novell.com with ESMTP (TLS encrypted); Sun, 15 Jan 2017 23:43:14 -0700 From: Eric Ren To: ocfs2-devel@oss.oracle.com Date: Mon, 16 Jan 2017 14:42:20 +0800 Message-Id: <20170116064220.23720-3-zren@suse.com> X-Mailer: git-send-email 2.10.2 In-Reply-To: <20170116064220.23720-1-zren@suse.com> References: <20170116064220.23720-1-zren@suse.com> X-PDR: PASS X-ServerName: victor.provo.novell.com X-Proofpoint-SPF-Result: pass X-Proofpoint-SPF-Record: v=spf1 include:microfocus.com ~all X-Proofpoint-Virus-Version: vendor=nai engine=5800 definitions=8409 signatures=670800 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=1 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1612050000 definitions=main-1701160105 Cc: sfr@canb.auug.org.au, linux-kernel@vger.kernel.org Subject: [Ocfs2-devel] [PATCH v2 2/2] ocfs2: fix deadlock issue when taking inode lock at vfs entry points X-BeenThere: ocfs2-devel@oss.oracle.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ocfs2-devel-bounces@oss.oracle.com Errors-To: ocfs2-devel-bounces@oss.oracle.com X-Source-IP: aserv0021.oracle.com [141.146.126.233] X-Virus-Scanned: ClamAV using ClamSMTP Commit 743b5f1434f5 ("ocfs2: take inode lock in ocfs2_iop_set/get_acl()") results in a deadlock, as the author "Tariq Saeed" realized shortly after the patch was merged. The discussion happened here (https://oss.oracle.com/pipermail/ocfs2-devel/2015-September/011085.html). The reason why taking cluster inode lock at vfs entry points opens up a self deadlock window, is explained in the previous patch of this series. So far, we have seen two different code paths that have this issue. 1. do_sys_open may_open inode_permission ocfs2_permission ocfs2_inode_lock() <=== take PR generic_permission get_acl ocfs2_iop_get_acl ocfs2_inode_lock() <=== take PR 2. fchmod|fchmodat chmod_common notify_change ocfs2_setattr <=== take EX posix_acl_chmod get_acl ocfs2_iop_get_acl <=== take PR ocfs2_iop_set_acl <=== take EX Fixes them by adding the tracking logic (in the previous patch) for these funcs above, ocfs2_permission(), ocfs2_iop_[set|get]_acl(), ocfs2_setattr(). Changes since v1: 1. Let ocfs2_is_locked_by_me() just return true/false to indicate if the process gets the cluster lock - suggested by: Joseph Qi and Junxiao Bi . 2. Change "struct ocfs2_holder" to a more meaningful name "ocfs2_lock_holder", suggested by: Junxiao Bi . 3. Add debugging output at ocfs2_setattr() and ocfs2_permission() to catch exceptional cases, suggested by: Junxiao Bi . Signed-off-by: Eric Ren --- fs/ocfs2/acl.c | 39 +++++++++++++++++++++++++---- fs/ocfs2/file.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++++-------- 2 files changed, 100 insertions(+), 15 deletions(-) diff --git a/fs/ocfs2/acl.c b/fs/ocfs2/acl.c index bed1fcb..3e47262 100644 --- a/fs/ocfs2/acl.c +++ b/fs/ocfs2/acl.c @@ -284,16 +284,31 @@ int ocfs2_iop_set_acl(struct inode *inode, struct posix_acl *acl, int type) { struct buffer_head *bh = NULL; int status = 0; - - status = ocfs2_inode_lock(inode, &bh, 1); + int arg_flags = 0, has_locked; + struct ocfs2_lock_holder oh; + struct ocfs2_lock_res *lockres; + + lockres = &OCFS2_I(inode)->ip_inode_lockres; + has_locked = ocfs2_is_locked_by_me(lockres); + if (has_locked) + arg_flags = OCFS2_META_LOCK_GETBH; + status = ocfs2_inode_lock_full(inode, &bh, 1, arg_flags); if (status < 0) { if (status != -ENOENT) mlog_errno(status); return status; } + if (!has_locked) + ocfs2_add_holder(lockres, &oh); + status = ocfs2_set_acl(NULL, inode, bh, type, acl, NULL, NULL); - ocfs2_inode_unlock(inode, 1); + + if (!has_locked) { + ocfs2_remove_holder(lockres, &oh); + ocfs2_inode_unlock(inode, 1); + } brelse(bh); + return status; } @@ -303,21 +318,35 @@ struct posix_acl *ocfs2_iop_get_acl(struct inode *inode, int type) struct buffer_head *di_bh = NULL; struct posix_acl *acl; int ret; + int arg_flags = 0, has_locked; + struct ocfs2_lock_holder oh; + struct ocfs2_lock_res *lockres; osb = OCFS2_SB(inode->i_sb); if (!(osb->s_mount_opt & OCFS2_MOUNT_POSIX_ACL)) return NULL; - ret = ocfs2_inode_lock(inode, &di_bh, 0); + + lockres = &OCFS2_I(inode)->ip_inode_lockres; + has_locked = ocfs2_is_locked_by_me(lockres); + if (has_locked) + arg_flags = OCFS2_META_LOCK_GETBH; + ret = ocfs2_inode_lock_full(inode, &di_bh, 0, arg_flags); if (ret < 0) { if (ret != -ENOENT) mlog_errno(ret); return ERR_PTR(ret); } + if (!has_locked) + ocfs2_add_holder(lockres, &oh); acl = ocfs2_get_acl_nolock(inode, type, di_bh); - ocfs2_inode_unlock(inode, 0); + if (!has_locked) { + ocfs2_remove_holder(lockres, &oh); + ocfs2_inode_unlock(inode, 0); + } brelse(di_bh); + return acl; } diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c index c488965..b620c25 100644 --- a/fs/ocfs2/file.c +++ b/fs/ocfs2/file.c @@ -1138,6 +1138,9 @@ int ocfs2_setattr(struct dentry *dentry, struct iattr *attr) handle_t *handle = NULL; struct dquot *transfer_to[MAXQUOTAS] = { }; int qtype; + int arg_flags = 0, had_lock; + struct ocfs2_lock_holder oh; + struct ocfs2_lock_res *lockres; trace_ocfs2_setattr(inode, dentry, (unsigned long long)OCFS2_I(inode)->ip_blkno, @@ -1173,13 +1176,41 @@ int ocfs2_setattr(struct dentry *dentry, struct iattr *attr) } } - status = ocfs2_inode_lock(inode, &bh, 1); + lockres = &OCFS2_I(inode)->ip_inode_lockres; + had_lock = ocfs2_is_locked_by_me(lockres); + if (had_lock) { + arg_flags = OCFS2_META_LOCK_GETBH; + + /* + * As far as we know, ocfs2_setattr() could only be the first + * VFS entry point in the call chain of recursive cluster + * locking issue. + * + * For instance: + * chmod_common() + * notify_change() + * ocfs2_setattr() + * posix_acl_chmod() + * ocfs2_iop_get_acl() + * + * But, we're not 100% sure if it's always true, because the + * ordering of the VFS entry points in the call chain is out + * of our control. So, we'd better dump the stack here to + * catch the other cases of recursive locking. + */ + mlog(ML_ERROR, "Another case of recursive locking:\n"); + dump_stack(); + } + status = ocfs2_inode_lock_full(inode, &bh, 1, arg_flags); if (status < 0) { if (status != -ENOENT) mlog_errno(status); goto bail_unlock_rw; } - inode_locked = 1; + if (!had_lock) { + ocfs2_add_holder(lockres, &oh); + inode_locked = 1; + } if (size_change) { status = inode_newsize_ok(inode, attr->ia_size); @@ -1260,7 +1291,8 @@ int ocfs2_setattr(struct dentry *dentry, struct iattr *attr) bail_commit: ocfs2_commit_trans(osb, handle); bail_unlock: - if (status) { + if (status && inode_locked) { + ocfs2_remove_holder(lockres, &oh); ocfs2_inode_unlock(inode, 1); inode_locked = 0; } @@ -1278,8 +1310,10 @@ int ocfs2_setattr(struct dentry *dentry, struct iattr *attr) if (status < 0) mlog_errno(status); } - if (inode_locked) + if (inode_locked) { + ocfs2_remove_holder(lockres, &oh); ocfs2_inode_unlock(inode, 1); + } brelse(bh); return status; @@ -1321,20 +1355,42 @@ int ocfs2_getattr(struct vfsmount *mnt, int ocfs2_permission(struct inode *inode, int mask) { int ret; + int has_locked; + struct ocfs2_lock_holder oh; + struct ocfs2_lock_res *lockres; if (mask & MAY_NOT_BLOCK) return -ECHILD; - ret = ocfs2_inode_lock(inode, NULL, 0); - if (ret) { - if (ret != -ENOENT) - mlog_errno(ret); - goto out; + lockres = &OCFS2_I(inode)->ip_inode_lockres; + has_locked = ocfs2_is_locked_by_me(lockres); + if (!has_locked) { + ret = ocfs2_inode_lock(inode, NULL, 0); + if (ret) { + if (ret != -ENOENT) + mlog_errno(ret); + goto out; + } + ocfs2_add_holder(lockres, &oh); + } else { + /* See comments in ocfs2_setattr() for details. + * The call chain of this case could be: + * do_sys_open() + * may_open() + * inode_permission() + * ocfs2_permission() + * ocfs2_iop_get_acl() + */ + mlog(ML_ERROR, "Another case of recursive locking:\n"); + dump_stack(); } ret = generic_permission(inode, mask); - ocfs2_inode_unlock(inode, 0); + if (!has_locked) { + ocfs2_remove_holder(lockres, &oh); + ocfs2_inode_unlock(inode, 0); + } out: return ret; }