| Message ID | 20201103131754.94949-3-laoar.shao@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | avoid xfs transaction reservation recursion | expand |
On Tue, Nov 03, 2020 at 09:17:54PM +0800, Yafang Shao wrote: > PF_FSTRANS which is used to avoid transaction reservation recursion, is > dropped since commit 9070733b4efa ("xfs: abstract PF_FSTRANS to > PF_MEMALLOC_NOFS") and commit 7dea19f9ee63 ("mm: introduce > memalloc_nofs_{save,restore} API") and replaced by PF_MEMALLOC_NOFS which > means to avoid filesystem reclaim recursion. That change is subtle. > Let's take the exmple of the check of WARN_ON_ONCE(current->flags & > PF_MEMALLOC_NOFS)) to explain why this abstraction from PF_FSTRANS to > PF_MEMALLOC_NOFS is not proper. > Below comment is quoted from Dave, > > It wasn't for memory allocation recursion protection in XFS - it was for > > transaction reservation recursion protection by something trying to flush > > data pages while holding a transaction reservation. Doing > > this could deadlock the journal because the existing reservation > > could prevent the nested reservation for being able to reserve space > > in the journal and that is a self-deadlock vector. > > IOWs, this check is not protecting against memory reclaim recursion > > bugs at all (that's the previous check [1]). This check is > > protecting against the filesystem calling writepages directly from a > > context where it can self-deadlock. > > So what we are seeing here is that the PF_FSTRANS -> > > PF_MEMALLOC_NOFS abstraction lost all the actual useful information > > about what type of error this check was protecting against. > > As a result, we should reintroduce PF_FSTRANS. As current->journal_info > isn't used in XFS, we can reuse it to indicate whehter the task is in > fstrans or not, Per Willy. To achieve that, four new helpers are introduce > in this patch, per Dave: > - xfs_trans_context_set() > Used in xfs_trans_alloc() > - xfs_trans_context_clear() > Used in xfs_trans_commit() and xfs_trans_cancel() > - xfs_trans_context_update() > Used in xfs_trans_roll() > - xfs_trans_context_active() > To check whehter current is in fs transcation or not > [1]. Below check is to avoid memory reclaim recursion. > if (WARN_ON_ONCE((current->flags & (PF_MEMALLOC|PF_KSWAPD)) == > PF_MEMALLOC)) > goto redirty; > > Signed-off-by: Yafang Shao <laoar.shao@gmail.com> > Reviewed-by: Matthew Wilcox (Oracle) <willy@infradead.org> > Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Urrrrk, I found some problems with this patch while testing. xfs/141 blows up with: XFS: Assertion failed: current->journal_info == tp, file: fs/xfs/xfs_trans.h, line: 289 The call trace is very garbled, but I think it is: +[ 1815.870749] __xfs_trans_commit+0x4df/0x680 [xfs] +[ 1815.871342] xfs_symlink+0x5ec/0xac0 [xfs] +[ 1815.871834] ? lock_release+0x20d/0x450 +[ 1815.872280] ? get_cached_acl+0x32/0x250 +[ 1815.872847] xfs_vn_symlink+0x8d/0x1b0 [xfs] +[ 1815.873742] vfs_symlink+0xc7/0x150 +[ 1815.874356] do_symlinkat+0x83/0x110 +[ 1815.874788] do_syscall_64+0x31/0x40 +[ 1815.875204] entry_SYSCALL_64_after_hwframe+0x44/0xa9 +[ 1815.875781] RIP: 0033:0x7f2317fc6d7b > diff --git a/fs/xfs/xfs_trans.c b/fs/xfs/xfs_trans.c > index c94e71f..b272d07 100644 > --- a/fs/xfs/xfs_trans.c > +++ b/fs/xfs/xfs_trans.c > @@ -153,8 +153,6 @@ > int error = 0; > bool rsvd = (tp->t_flags & XFS_TRANS_RESERVE) != 0; > > - /* Mark this thread as being in a transaction */ > - current_set_flags_nested(&tp->t_pflags, PF_MEMALLOC_NOFS); > > /* > * Attempt to reserve the needed disk blocks by decrementing > @@ -163,10 +161,8 @@ > */ > if (blocks > 0) { > error = xfs_mod_fdblocks(mp, -((int64_t)blocks), rsvd); > - if (error != 0) { > - current_restore_flags_nested(&tp->t_pflags, PF_MEMALLOC_NOFS); > + if (error != 0) > return -ENOSPC; > - } > tp->t_blk_res += blocks; > } > > @@ -241,8 +237,6 @@ > tp->t_blk_res = 0; > } > > - current_restore_flags_nested(&tp->t_pflags, PF_MEMALLOC_NOFS); > - > return error; > } > > @@ -284,6 +278,8 @@ > INIT_LIST_HEAD(&tp->t_dfops); > tp->t_firstblock = NULLFSBLOCK; > > + /* Mark this thread as being in a transaction */ > + xfs_trans_context_set(tp); > error = xfs_trans_reserve(tp, resp, blocks, rtextents); > if (error) { > xfs_trans_cancel(tp); You're missing a xfs_trans_context_clear() call here. > @@ -878,7 +874,8 @@ > > xfs_log_commit_cil(mp, tp, &commit_lsn, regrant); > > - current_restore_flags_nested(&tp->t_pflags, PF_MEMALLOC_NOFS); > + if (!regrant) > + xfs_trans_context_clear(tp); > xfs_trans_free(tp); > > /* > @@ -910,7 +907,8 @@ > xfs_log_ticket_ungrant(mp->m_log, tp->t_ticket); > tp->t_ticket = NULL; > } > - current_restore_flags_nested(&tp->t_pflags, PF_MEMALLOC_NOFS); > + > + xfs_trans_context_clear(tp); > xfs_trans_free_items(tp, !!error); > xfs_trans_free(tp); > > @@ -971,7 +969,7 @@ > } > > /* mark this thread as no longer being in a transaction */ > - current_restore_flags_nested(&tp->t_pflags, PF_MEMALLOC_NOFS); > + xfs_trans_context_clear(tp); > > xfs_trans_free_items(tp, dirty); > xfs_trans_free(tp); > @@ -1013,6 +1011,7 @@ > if (error) > return error; > > + xfs_trans_context_update(trans, *tpp); Two bugs here: First, xfs_trans_commit freed @trans, which means that the assertion commits a UAF error. Second, if the transaction is synchronous and the xfs_log_force_lsn at the bottom of __xfs_trans_commit fails, we'll abort everything without clearing current->journal_info or restoring the memalloc flags. Personally I think you should just clear the context from xfs_trans_free if current->journal_info points to the transaction being freed. I /think/ you could fix this with the attached patch; what do you think? --D diff --git a/fs/xfs/xfs_trans.c b/fs/xfs/xfs_trans.c index b272d0767c87..09ae5c181299 100644 --- a/fs/xfs/xfs_trans.c +++ b/fs/xfs/xfs_trans.c @@ -67,6 +67,11 @@ xfs_trans_free( xfs_extent_busy_sort(&tp->t_busy); xfs_extent_busy_clear(tp->t_mountp, &tp->t_busy, false); + /* Detach the transaction from this thread. */ + ASSERT(current->journal_info != NULL); + if (current->journal_info == tp) + xfs_trans_context_clear(tp); + trace_xfs_trans_free(tp, _RET_IP_); if (!(tp->t_flags & XFS_TRANS_NO_WRITECOUNT)) sb_end_intwrite(tp->t_mountp->m_super); @@ -119,7 +124,11 @@ xfs_trans_dup( ntp->t_rtx_res = tp->t_rtx_res - tp->t_rtx_res_used; tp->t_rtx_res = tp->t_rtx_res_used; + + /* Associate the new transaction with this thread. */ + ASSERT(current->journal_info == tp); ntp->t_pflags = tp->t_pflags; + current->journal_info = ntp; /* move deferred ops over to the new tp */ xfs_defer_move(ntp, tp); @@ -874,8 +883,6 @@ __xfs_trans_commit( xfs_log_commit_cil(mp, tp, &commit_lsn, regrant); - if (!regrant) - xfs_trans_context_clear(tp); xfs_trans_free(tp); /* @@ -908,7 +915,6 @@ __xfs_trans_commit( tp->t_ticket = NULL; } - xfs_trans_context_clear(tp); xfs_trans_free_items(tp, !!error); xfs_trans_free(tp); @@ -968,9 +974,6 @@ xfs_trans_cancel( tp->t_ticket = NULL; } - /* mark this thread as no longer being in a transaction */ - xfs_trans_context_clear(tp); - xfs_trans_free_items(tp, dirty); xfs_trans_free(tp); } @@ -1011,7 +1014,6 @@ xfs_trans_roll( if (error) return error; - xfs_trans_context_update(trans, *tpp); /* * Reserve space in the log for the next transaction. * This also pushes items in the "AIL", the list of logged items, diff --git a/fs/xfs/xfs_trans.h b/fs/xfs/xfs_trans.h index c4877afcb8b9..ceb530bf5c4b 100644 --- a/fs/xfs/xfs_trans.h +++ b/fs/xfs/xfs_trans.h @@ -276,13 +276,6 @@ xfs_trans_context_set(struct xfs_trans *tp) tp->t_pflags = memalloc_nofs_save(); } -static inline void -xfs_trans_context_update(struct xfs_trans *old, struct xfs_trans *new) -{ - ASSERT(current->journal_info == old); - current->journal_info = new; -} - static inline void xfs_trans_context_clear(struct xfs_trans *tp) {
On Wed, Nov 4, 2020 at 8:18 AM Darrick J. Wong <darrick.wong@oracle.com> wrote: > > On Tue, Nov 03, 2020 at 09:17:54PM +0800, Yafang Shao wrote: > > PF_FSTRANS which is used to avoid transaction reservation recursion, is > > dropped since commit 9070733b4efa ("xfs: abstract PF_FSTRANS to > > PF_MEMALLOC_NOFS") and commit 7dea19f9ee63 ("mm: introduce > > memalloc_nofs_{save,restore} API") and replaced by PF_MEMALLOC_NOFS which > > means to avoid filesystem reclaim recursion. That change is subtle. > > Let's take the exmple of the check of WARN_ON_ONCE(current->flags & > > PF_MEMALLOC_NOFS)) to explain why this abstraction from PF_FSTRANS to > > PF_MEMALLOC_NOFS is not proper. > > Below comment is quoted from Dave, > > > It wasn't for memory allocation recursion protection in XFS - it was for > > > transaction reservation recursion protection by something trying to flush > > > data pages while holding a transaction reservation. Doing > > > this could deadlock the journal because the existing reservation > > > could prevent the nested reservation for being able to reserve space > > > in the journal and that is a self-deadlock vector. > > > IOWs, this check is not protecting against memory reclaim recursion > > > bugs at all (that's the previous check [1]). This check is > > > protecting against the filesystem calling writepages directly from a > > > context where it can self-deadlock. > > > So what we are seeing here is that the PF_FSTRANS -> > > > PF_MEMALLOC_NOFS abstraction lost all the actual useful information > > > about what type of error this check was protecting against. > > > > As a result, we should reintroduce PF_FSTRANS. As current->journal_info > > isn't used in XFS, we can reuse it to indicate whehter the task is in > > fstrans or not, Per Willy. To achieve that, four new helpers are introduce > > in this patch, per Dave: > > - xfs_trans_context_set() > > Used in xfs_trans_alloc() > > - xfs_trans_context_clear() > > Used in xfs_trans_commit() and xfs_trans_cancel() > > - xfs_trans_context_update() > > Used in xfs_trans_roll() > > - xfs_trans_context_active() > > To check whehter current is in fs transcation or not > > [1]. Below check is to avoid memory reclaim recursion. > > if (WARN_ON_ONCE((current->flags & (PF_MEMALLOC|PF_KSWAPD)) == > > PF_MEMALLOC)) > > goto redirty; > > > > Signed-off-by: Yafang Shao <laoar.shao@gmail.com> > > Reviewed-by: Matthew Wilcox (Oracle) <willy@infradead.org> > > Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> > > Urrrrk, I found some problems with this patch while testing. xfs/141 > blows up with: > > XFS: Assertion failed: current->journal_info == tp, file: > fs/xfs/xfs_trans.h, line: 289 > > The call trace is very garbled, but I think it is: > > +[ 1815.870749] __xfs_trans_commit+0x4df/0x680 [xfs] > +[ 1815.871342] xfs_symlink+0x5ec/0xac0 [xfs] > +[ 1815.871834] ? lock_release+0x20d/0x450 > +[ 1815.872280] ? get_cached_acl+0x32/0x250 > +[ 1815.872847] xfs_vn_symlink+0x8d/0x1b0 [xfs] > +[ 1815.873742] vfs_symlink+0xc7/0x150 > +[ 1815.874356] do_symlinkat+0x83/0x110 > +[ 1815.874788] do_syscall_64+0x31/0x40 > +[ 1815.875204] entry_SYSCALL_64_after_hwframe+0x44/0xa9 > +[ 1815.875781] RIP: 0033:0x7f2317fc6d7b > > > > diff --git a/fs/xfs/xfs_trans.c b/fs/xfs/xfs_trans.c > > index c94e71f..b272d07 100644 > > --- a/fs/xfs/xfs_trans.c > > +++ b/fs/xfs/xfs_trans.c > > @@ -153,8 +153,6 @@ > > int error = 0; > > bool rsvd = (tp->t_flags & XFS_TRANS_RESERVE) != 0; > > > > - /* Mark this thread as being in a transaction */ > > - current_set_flags_nested(&tp->t_pflags, PF_MEMALLOC_NOFS); > > > > /* > > * Attempt to reserve the needed disk blocks by decrementing > > @@ -163,10 +161,8 @@ > > */ > > if (blocks > 0) { > > error = xfs_mod_fdblocks(mp, -((int64_t)blocks), rsvd); > > - if (error != 0) { > > - current_restore_flags_nested(&tp->t_pflags, PF_MEMALLOC_NOFS); > > + if (error != 0) > > return -ENOSPC; > > - } > > tp->t_blk_res += blocks; > > } > > > > @@ -241,8 +237,6 @@ > > tp->t_blk_res = 0; > > } > > > > - current_restore_flags_nested(&tp->t_pflags, PF_MEMALLOC_NOFS); > > - > > return error; > > } > > > > @@ -284,6 +278,8 @@ > > INIT_LIST_HEAD(&tp->t_dfops); > > tp->t_firstblock = NULLFSBLOCK; > > > > + /* Mark this thread as being in a transaction */ > > + xfs_trans_context_set(tp); > > error = xfs_trans_reserve(tp, resp, blocks, rtextents); > > if (error) { > > xfs_trans_cancel(tp); > > You're missing a xfs_trans_context_clear() call here. > > > @@ -878,7 +874,8 @@ > > > > xfs_log_commit_cil(mp, tp, &commit_lsn, regrant); > > > > - current_restore_flags_nested(&tp->t_pflags, PF_MEMALLOC_NOFS); > > + if (!regrant) > > + xfs_trans_context_clear(tp); > > xfs_trans_free(tp); > > > > /* > > @@ -910,7 +907,8 @@ > > xfs_log_ticket_ungrant(mp->m_log, tp->t_ticket); > > tp->t_ticket = NULL; > > } > > - current_restore_flags_nested(&tp->t_pflags, PF_MEMALLOC_NOFS); > > + > > + xfs_trans_context_clear(tp); > > xfs_trans_free_items(tp, !!error); > > xfs_trans_free(tp); > > > > @@ -971,7 +969,7 @@ > > } > > > > /* mark this thread as no longer being in a transaction */ > > - current_restore_flags_nested(&tp->t_pflags, PF_MEMALLOC_NOFS); > > + xfs_trans_context_clear(tp); > > > > xfs_trans_free_items(tp, dirty); > > xfs_trans_free(tp); > > @@ -1013,6 +1011,7 @@ > > if (error) > > return error; > > > > + xfs_trans_context_update(trans, *tpp); > > Two bugs here: First, xfs_trans_commit freed @trans, which means that > the assertion commits a UAF error. Second, if the transaction is > synchronous and the xfs_log_force_lsn at the bottom of > __xfs_trans_commit fails, we'll abort everything without clearing > current->journal_info or restoring the memalloc flags. > > Personally I think you should just clear the context from xfs_trans_free > if current->journal_info points to the transaction being freed. I > /think/ you could fix this with the attached patch; what do you think? > Thanks for catching this issue and the fix for it. I will run xfstests with your fix. > --D > > diff --git a/fs/xfs/xfs_trans.c b/fs/xfs/xfs_trans.c > index b272d0767c87..09ae5c181299 100644 > --- a/fs/xfs/xfs_trans.c > +++ b/fs/xfs/xfs_trans.c > @@ -67,6 +67,11 @@ xfs_trans_free( > xfs_extent_busy_sort(&tp->t_busy); > xfs_extent_busy_clear(tp->t_mountp, &tp->t_busy, false); > > + /* Detach the transaction from this thread. */ > + ASSERT(current->journal_info != NULL); > + if (current->journal_info == tp) > + xfs_trans_context_clear(tp); > + > trace_xfs_trans_free(tp, _RET_IP_); > if (!(tp->t_flags & XFS_TRANS_NO_WRITECOUNT)) > sb_end_intwrite(tp->t_mountp->m_super); > @@ -119,7 +124,11 @@ xfs_trans_dup( > > ntp->t_rtx_res = tp->t_rtx_res - tp->t_rtx_res_used; > tp->t_rtx_res = tp->t_rtx_res_used; > + > + /* Associate the new transaction with this thread. */ > + ASSERT(current->journal_info == tp); > ntp->t_pflags = tp->t_pflags; > + current->journal_info = ntp; > > /* move deferred ops over to the new tp */ > xfs_defer_move(ntp, tp); > @@ -874,8 +883,6 @@ __xfs_trans_commit( > > xfs_log_commit_cil(mp, tp, &commit_lsn, regrant); > > - if (!regrant) > - xfs_trans_context_clear(tp); > xfs_trans_free(tp); > > /* > @@ -908,7 +915,6 @@ __xfs_trans_commit( > tp->t_ticket = NULL; > } > > - xfs_trans_context_clear(tp); > xfs_trans_free_items(tp, !!error); > xfs_trans_free(tp); > > @@ -968,9 +974,6 @@ xfs_trans_cancel( > tp->t_ticket = NULL; > } > > - /* mark this thread as no longer being in a transaction */ > - xfs_trans_context_clear(tp); > - > xfs_trans_free_items(tp, dirty); > xfs_trans_free(tp); > } > @@ -1011,7 +1014,6 @@ xfs_trans_roll( > if (error) > return error; > > - xfs_trans_context_update(trans, *tpp); > /* > * Reserve space in the log for the next transaction. > * This also pushes items in the "AIL", the list of logged items, > diff --git a/fs/xfs/xfs_trans.h b/fs/xfs/xfs_trans.h > index c4877afcb8b9..ceb530bf5c4b 100644 > --- a/fs/xfs/xfs_trans.h > +++ b/fs/xfs/xfs_trans.h > @@ -276,13 +276,6 @@ xfs_trans_context_set(struct xfs_trans *tp) > tp->t_pflags = memalloc_nofs_save(); > } > > -static inline void > -xfs_trans_context_update(struct xfs_trans *old, struct xfs_trans *new) > -{ > - ASSERT(current->journal_info == old); > - current->journal_info = new; > -} > - > static inline void > xfs_trans_context_clear(struct xfs_trans *tp) > {
diff --git a/fs/iomap/buffered-io.c b/fs/iomap/buffered-io.c index 8180061..2f090b6 100644 --- a/fs/iomap/buffered-io.c +++ b/fs/iomap/buffered-io.c @@ -1469,13 +1469,6 @@ static void iomap_writepage_end_bio(struct bio *bio) goto redirty; /* - * Given that we do not allow direct reclaim to call us, we should - * never be called in a recursive filesystem reclaim context. - */ - if (WARN_ON_ONCE(current->flags & PF_MEMALLOC_NOFS)) - goto redirty; - - /* * Is this page beyond the end of the file? * * The page index is less than the end_index, adjust the end_offset diff --git a/fs/xfs/xfs_aops.c b/fs/xfs/xfs_aops.c index 55d126d..b25196a 100644 --- a/fs/xfs/xfs_aops.c +++ b/fs/xfs/xfs_aops.c @@ -62,7 +62,8 @@ static inline bool xfs_ioend_is_append(struct iomap_ioend *ioend) * We hand off the transaction to the completion thread now, so * clear the flag here. */ - current_restore_flags_nested(&tp->t_pflags, PF_MEMALLOC_NOFS); + xfs_trans_context_clear(tp); + return 0; } @@ -125,7 +126,7 @@ static inline bool xfs_ioend_is_append(struct iomap_ioend *ioend) * thus we need to mark ourselves as being in a transaction manually. * Similarly for freeze protection. */ - current_set_flags_nested(&tp->t_pflags, PF_MEMALLOC_NOFS); + xfs_trans_context_set(tp); __sb_writers_acquired(VFS_I(ip)->i_sb, SB_FREEZE_FS); /* we abort the update if there was an IO error */ @@ -564,6 +565,16 @@ static inline bool xfs_ioend_needs_workqueue(struct iomap_ioend *ioend) { struct xfs_writepage_ctx wpc = { }; + /* + * Given that we do not allow direct reclaim to call us, we should + * never be called while in a filesystem transaction. + */ + if (xfs_trans_context_active()) { + redirty_page_for_writepage(wbc, page); + unlock_page(page); + return 0; + } + return iomap_writepage(page, wbc, &wpc.ctx, &xfs_writeback_ops); } @@ -575,6 +586,14 @@ static inline bool xfs_ioend_needs_workqueue(struct iomap_ioend *ioend) struct xfs_writepage_ctx wpc = { }; xfs_iflags_clear(XFS_I(mapping->host), XFS_ITRUNCATED); + + /* + * Given that we do not allow direct reclaim to call us, we should + * never be called while in a filesystem transaction. + */ + if (xfs_trans_context_active()) + return 0; + return iomap_writepages(mapping, wbc, &wpc.ctx, &xfs_writeback_ops); } diff --git a/fs/xfs/xfs_linux.h b/fs/xfs/xfs_linux.h index 5b7a1e2..6ab0f80 100644 --- a/fs/xfs/xfs_linux.h +++ b/fs/xfs/xfs_linux.h @@ -102,10 +102,6 @@ #define xfs_cowb_secs xfs_params.cowb_timer.val #define current_cpu() (raw_smp_processor_id()) -#define current_set_flags_nested(sp, f) \ - (*(sp) = current->flags, current->flags |= (f)) -#define current_restore_flags_nested(sp, f) \ - (current->flags = ((current->flags & ~(f)) | (*(sp) & (f)))) #define NBBY 8 /* number of bits per byte */ diff --git a/fs/xfs/xfs_trans.c b/fs/xfs/xfs_trans.c index c94e71f..b272d07 100644 --- a/fs/xfs/xfs_trans.c +++ b/fs/xfs/xfs_trans.c @@ -153,8 +153,6 @@ int error = 0; bool rsvd = (tp->t_flags & XFS_TRANS_RESERVE) != 0; - /* Mark this thread as being in a transaction */ - current_set_flags_nested(&tp->t_pflags, PF_MEMALLOC_NOFS); /* * Attempt to reserve the needed disk blocks by decrementing @@ -163,10 +161,8 @@ */ if (blocks > 0) { error = xfs_mod_fdblocks(mp, -((int64_t)blocks), rsvd); - if (error != 0) { - current_restore_flags_nested(&tp->t_pflags, PF_MEMALLOC_NOFS); + if (error != 0) return -ENOSPC; - } tp->t_blk_res += blocks; } @@ -241,8 +237,6 @@ tp->t_blk_res = 0; } - current_restore_flags_nested(&tp->t_pflags, PF_MEMALLOC_NOFS); - return error; } @@ -284,6 +278,8 @@ INIT_LIST_HEAD(&tp->t_dfops); tp->t_firstblock = NULLFSBLOCK; + /* Mark this thread as being in a transaction */ + xfs_trans_context_set(tp); error = xfs_trans_reserve(tp, resp, blocks, rtextents); if (error) { xfs_trans_cancel(tp); @@ -878,7 +874,8 @@ xfs_log_commit_cil(mp, tp, &commit_lsn, regrant); - current_restore_flags_nested(&tp->t_pflags, PF_MEMALLOC_NOFS); + if (!regrant) + xfs_trans_context_clear(tp); xfs_trans_free(tp); /* @@ -910,7 +907,8 @@ xfs_log_ticket_ungrant(mp->m_log, tp->t_ticket); tp->t_ticket = NULL; } - current_restore_flags_nested(&tp->t_pflags, PF_MEMALLOC_NOFS); + + xfs_trans_context_clear(tp); xfs_trans_free_items(tp, !!error); xfs_trans_free(tp); @@ -971,7 +969,7 @@ } /* mark this thread as no longer being in a transaction */ - current_restore_flags_nested(&tp->t_pflags, PF_MEMALLOC_NOFS); + xfs_trans_context_clear(tp); xfs_trans_free_items(tp, dirty); xfs_trans_free(tp); @@ -1013,6 +1011,7 @@ if (error) return error; + xfs_trans_context_update(trans, *tpp); /* * Reserve space in the log for the next transaction. * This also pushes items in the "AIL", the list of logged items, diff --git a/fs/xfs/xfs_trans.h b/fs/xfs/xfs_trans.h index 0846589..c4877afc 100644 --- a/fs/xfs/xfs_trans.h +++ b/fs/xfs/xfs_trans.h @@ -268,4 +268,34 @@ void xfs_trans_buf_copy_type(struct xfs_buf *dst_bp, return lip->li_ops->iop_relog(lip, tp); } +static inline void +xfs_trans_context_set(struct xfs_trans *tp) +{ + ASSERT(!current->journal_info); + current->journal_info = tp; + tp->t_pflags = memalloc_nofs_save(); +} + +static inline void +xfs_trans_context_update(struct xfs_trans *old, struct xfs_trans *new) +{ + ASSERT(current->journal_info == old); + current->journal_info = new; +} + +static inline void +xfs_trans_context_clear(struct xfs_trans *tp) +{ + ASSERT(current->journal_info == tp); + current->journal_info = NULL; + memalloc_nofs_restore(tp->t_pflags); +} + +static inline bool +xfs_trans_context_active(void) +{ + /* Use journal_info to indicate current is in a transaction */ + return current->journal_info != NULL; +} + #endif /* __XFS_TRANS_H__ */
PF_FSTRANS which is used to avoid transaction reservation recursion, is dropped since commit 9070733b4efa ("xfs: abstract PF_FSTRANS to PF_MEMALLOC_NOFS") and commit 7dea19f9ee63 ("mm: introduce memalloc_nofs_{save,restore} API") and replaced by PF_MEMALLOC_NOFS which means to avoid filesystem reclaim recursion. That change is subtle. Let's take the exmple of the check of WARN_ON_ONCE(current->flags & PF_MEMALLOC_NOFS)) to explain why this abstraction from PF_FSTRANS to PF_MEMALLOC_NOFS is not proper. Below comment is quoted from Dave, > It wasn't for memory allocation recursion protection in XFS - it was for > transaction reservation recursion protection by something trying to flush > data pages while holding a transaction reservation. Doing > this could deadlock the journal because the existing reservation > could prevent the nested reservation for being able to reserve space > in the journal and that is a self-deadlock vector. > IOWs, this check is not protecting against memory reclaim recursion > bugs at all (that's the previous check [1]). This check is > protecting against the filesystem calling writepages directly from a > context where it can self-deadlock. > So what we are seeing here is that the PF_FSTRANS -> > PF_MEMALLOC_NOFS abstraction lost all the actual useful information > about what type of error this check was protecting against. As a result, we should reintroduce PF_FSTRANS. As current->journal_info isn't used in XFS, we can reuse it to indicate whehter the task is in fstrans or not, Per Willy. To achieve that, four new helpers are introduce in this patch, per Dave: - xfs_trans_context_set() Used in xfs_trans_alloc() - xfs_trans_context_clear() Used in xfs_trans_commit() and xfs_trans_cancel() - xfs_trans_context_update() Used in xfs_trans_roll() - xfs_trans_context_active() To check whehter current is in fs transcation or not [1]. Below check is to avoid memory reclaim recursion. if (WARN_ON_ONCE((current->flags & (PF_MEMALLOC|PF_KSWAPD)) == PF_MEMALLOC)) goto redirty; Signed-off-by: Yafang Shao <laoar.shao@gmail.com> Reviewed-by: Matthew Wilcox (Oracle) <willy@infradead.org> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Cc: Dave Chinner <david@fromorbit.com> Cc: Michal Hocko <mhocko@kernel.org> --- fs/iomap/buffered-io.c | 7 ------- fs/xfs/xfs_aops.c | 23 +++++++++++++++++++++-- fs/xfs/xfs_linux.h | 4 ---- fs/xfs/xfs_trans.c | 19 +++++++++---------- fs/xfs/xfs_trans.h | 30 ++++++++++++++++++++++++++++++ 5 files changed, 60 insertions(+), 23 deletions(-)