| Message ID | 20180202175328.GL1121507@devbig577.frc2.facebook.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Fri, Feb 02, 2018 at 09:53:28AM -0800, Tejun Heo wrote: > FUSE has a bug where it fails to clear congestion states if a > connection gets aborted while congested, which can leave > nr_wb_congested[] stuck until reboot causing wait_iff_congested() to > wait spuriously. > > While the bdi owner, FUSE, is primarily responsible for clearing > congestion states before destroying bdi_writebacks, bdi layer can > ensure that congestion states are not leaked beyond bdi_writeback > lifecycle. > > Signed-off-by: Tejun Heo <tj@kernel.org> > Reported-by: Joshua Miller <joshmiller@fb.com> > Cc: Johannes Weiner <hannes@cmpxchg.org> > Cc: Jan Kara <jack@suse.cz> > Cc: stable@vger.kernel.org Acked-by: Johannes Weiner <hannes@cmpxchg.org>
On Fri 02-02-18 09:53:28, Tejun Heo wrote: > FUSE has a bug where it fails to clear congestion states if a > connection gets aborted while congested, which can leave > nr_wb_congested[] stuck until reboot causing wait_iff_congested() to > wait spuriously. > > While the bdi owner, FUSE, is primarily responsible for clearing > congestion states before destroying bdi_writebacks, bdi layer can > ensure that congestion states are not leaked beyond bdi_writeback > lifecycle. > > Signed-off-by: Tejun Heo <tj@kernel.org> > Reported-by: Joshua Miller <joshmiller@fb.com> > Cc: Johannes Weiner <hannes@cmpxchg.org> > Cc: Jan Kara <jack@suse.cz> > Cc: stable@vger.kernel.org Looks good. You can add: Reviewed-by: Jan Kara <jack@suse.cz> Honza > --- > include/linux/backing-dev.h | 14 +++++++++++++- > mm/backing-dev.c | 2 +- > 2 files changed, 14 insertions(+), 2 deletions(-) > > --- a/include/linux/backing-dev.h > +++ b/include/linux/backing-dev.h > @@ -220,6 +220,18 @@ static inline int bdi_sched_wait(void *w > return 0; > } > > +static inline void __wb_congested_free(struct bdi_writeback_congested *congested) > +{ > + /* > + * Make sure congestion states are cleared before freeing to avoid > + * nr_wb_congested() corruption which can lead to misbehaving > + * wait_iff_congested(). > + */ > + clear_wb_congested(congested, BLK_RW_SYNC); > + clear_wb_congested(congested, BLK_RW_ASYNC); > + kfree(congested); > +} > + > #ifdef CONFIG_CGROUP_WRITEBACK > > struct bdi_writeback_congested * > @@ -409,7 +421,7 @@ wb_congested_get_create(struct backing_d > static inline void wb_congested_put(struct bdi_writeback_congested *congested) > { > if (atomic_dec_and_test(&congested->refcnt)) > - kfree(congested); > + __wb_congested_free(congested); > } > > static inline struct bdi_writeback *wb_find_current(struct backing_dev_info *bdi) > --- a/mm/backing-dev.c > +++ b/mm/backing-dev.c > @@ -509,7 +509,7 @@ void wb_congested_put(struct bdi_writeba > } > > spin_unlock_irqrestore(&cgwb_lock, flags); > - kfree(congested); > + __wb_congested_free(congested); > } > > static void cgwb_release_workfn(struct work_struct *work)
--- a/include/linux/backing-dev.h +++ b/include/linux/backing-dev.h @@ -220,6 +220,18 @@ static inline int bdi_sched_wait(void *w return 0; } +static inline void __wb_congested_free(struct bdi_writeback_congested *congested) +{ + /* + * Make sure congestion states are cleared before freeing to avoid + * nr_wb_congested() corruption which can lead to misbehaving + * wait_iff_congested(). + */ + clear_wb_congested(congested, BLK_RW_SYNC); + clear_wb_congested(congested, BLK_RW_ASYNC); + kfree(congested); +} + #ifdef CONFIG_CGROUP_WRITEBACK struct bdi_writeback_congested * @@ -409,7 +421,7 @@ wb_congested_get_create(struct backing_d static inline void wb_congested_put(struct bdi_writeback_congested *congested) { if (atomic_dec_and_test(&congested->refcnt)) - kfree(congested); + __wb_congested_free(congested); } static inline struct bdi_writeback *wb_find_current(struct backing_dev_info *bdi) --- a/mm/backing-dev.c +++ b/mm/backing-dev.c @@ -509,7 +509,7 @@ void wb_congested_put(struct bdi_writeba } spin_unlock_irqrestore(&cgwb_lock, flags); - kfree(congested); + __wb_congested_free(congested); } static void cgwb_release_workfn(struct work_struct *work)
FUSE has a bug where it fails to clear congestion states if a connection gets aborted while congested, which can leave nr_wb_congested[] stuck until reboot causing wait_iff_congested() to wait spuriously. While the bdi owner, FUSE, is primarily responsible for clearing congestion states before destroying bdi_writebacks, bdi layer can ensure that congestion states are not leaked beyond bdi_writeback lifecycle. Signed-off-by: Tejun Heo <tj@kernel.org> Reported-by: Joshua Miller <joshmiller@fb.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Jan Kara <jack@suse.cz> Cc: stable@vger.kernel.org --- include/linux/backing-dev.h | 14 +++++++++++++- mm/backing-dev.c | 2 +- 2 files changed, 14 insertions(+), 2 deletions(-)