android_kernel_oneplus_sm8250/fs/fscache
NeilBrown 02bd7b740c fscache: fix race between enablement and dropping of object
[ Upstream commit c5a94f434c82529afda290df3235e4d85873c5b4 ]

It was observed that a process blocked indefintely in
__fscache_read_or_alloc_page(), waiting for FSCACHE_COOKIE_LOOKING_UP
to be cleared via fscache_wait_for_deferred_lookup().

At this time, ->backing_objects was empty, which would normaly prevent
__fscache_read_or_alloc_page() from getting to the point of waiting.
This implies that ->backing_objects was cleared *after*
__fscache_read_or_alloc_page was was entered.

When an object is "killed" and then "dropped",
FSCACHE_COOKIE_LOOKING_UP is cleared in fscache_lookup_failure(), then
KILL_OBJECT and DROP_OBJECT are "called" and only in DROP_OBJECT is
->backing_objects cleared.  This leaves a window where
something else can set FSCACHE_COOKIE_LOOKING_UP and
__fscache_read_or_alloc_page() can start waiting, before
->backing_objects is cleared

There is some uncertainty in this analysis, but it seems to be fit the
observations.  Adding the wake in this patch will be handled correctly
by __fscache_read_or_alloc_page(), as it checks if ->backing_objects
is empty again, after waiting.

Customer which reported the hang, also report that the hang cannot be
reproduced with this fix.

The backtrace for the blocked process looked like:

PID: 29360  TASK: ffff881ff2ac0f80  CPU: 3   COMMAND: "zsh"
 #0 [ffff881ff43efbf8] schedule at ffffffff815e56f1
 #1 [ffff881ff43efc58] bit_wait at ffffffff815e64ed
 #2 [ffff881ff43efc68] __wait_on_bit at ffffffff815e61b8
 #3 [ffff881ff43efca0] out_of_line_wait_on_bit at ffffffff815e625e
 #4 [ffff881ff43efd08] fscache_wait_for_deferred_lookup at ffffffffa04f2e8f [fscache]
 #5 [ffff881ff43efd18] __fscache_read_or_alloc_page at ffffffffa04f2ffe [fscache]
 #6 [ffff881ff43efd58] __nfs_readpage_from_fscache at ffffffffa0679668 [nfs]
 #7 [ffff881ff43efd78] nfs_readpage at ffffffffa067092b [nfs]
 #8 [ffff881ff43efda0] generic_file_read_iter at ffffffff81187a73
 #9 [ffff881ff43efe50] nfs_file_read at ffffffffa066544b [nfs]
#10 [ffff881ff43efe70] __vfs_read at ffffffff811fc756
#11 [ffff881ff43efee8] vfs_read at ffffffff811fccfa
#12 [ffff881ff43eff18] sys_read at ffffffff811fda62
#13 [ffff881ff43eff50] entry_SYSCALL_64_fastpath at ffffffff815e986e

Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2018-12-17 09:24:40 +01:00
..
cache.c fscache: Fix reference overput in fscache_attach_object() error handling 2018-07-25 14:49:00 +01:00
cookie.c fscache: Fix out of bound read in long cookie keys 2018-10-18 11:32:21 +02:00
fsdef.c fscache: Pass object size in rather than calling back for it 2018-04-06 14:05:14 +01:00
histogram.c proc: introduce proc_create_seq{,_data} 2018-05-16 07:23:35 +02:00
internal.h fscache: Fix incomplete initialisation of inline key space 2018-10-18 11:32:21 +02:00
Kconfig
main.c fscache: Fix incomplete initialisation of inline key space 2018-10-18 11:32:21 +02:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
netfs.c fscache: Maintain a catalogue of allocated cookies 2018-04-06 14:05:14 +01:00
object-list.c fscache: Attach the index key and aux data to the cookie 2018-04-04 13:41:28 +01:00
object.c fscache: fix race between enablement and dropping of object 2018-12-17 09:24:40 +01:00
operation.c fscache: Allow cancelled operations to be enqueued 2018-07-25 14:31:20 +01:00
page.c fscache: Pass object size in rather than calling back for it 2018-04-06 14:05:14 +01:00
proc.c proc: introduce proc_create_single{,_data} 2018-05-16 07:23:35 +02:00
stats.c proc: introduce proc_create_single{,_data} 2018-05-16 07:23:35 +02:00