forked from Minki/linux
1ada47d946
Commit84c17543ab
(ext4: move work from io_end to inode) triggered a regression when running xfstest #270 when the file system is mounted with dioread_nolock. The problem is that after ext4_evict_inode() calls ext4_ioend_wait(), this guarantees that last io_end structure has been freed, but it does not guarantee that the workqueue structure, which was moved into the inode by commit84c17543ab
, is actually finished. Once ext4_flush_completed_IO() calls ext4_free_io_end() on CPU #1, this will allow ext4_ioend_wait() to return on CPU #2, at which point the evict_inode() codepath can race against the workqueue code on CPU #1 accessing EXT4_I(inode)->i_unwritten_work to find the next item of work to do. Fix this by calling cancel_work_sync() in ext4_ioend_wait(), which will be renamed ext4_ioend_shutdown(), since it is only used by ext4_evict_inode(). Also, move the call to ext4_ioend_shutdown() until after truncate_inode_pages() and filemap_write_and_wait() are called, to make sure all dirty pages have been written back and flushed from the page cache first. BUG: unable to handle kernel NULL pointer dereference at (null) IP: [<c01dda6a>] cwq_activate_delayed_work+0x3b/0x7e *pdpt = 0000000030bc3001 *pde = 0000000000000000 Oops: 0000 [#1] SMP DEBUG_PAGEALLOC Modules linked in: Pid: 6, comm: kworker/u:0 Not tainted 3.8.0-rc3-00013-g84c1754-dirty #91 Bochs Bochs EIP: 0060:[<c01dda6a>] EFLAGS: 00010046 CPU: 0 EIP is at cwq_activate_delayed_work+0x3b/0x7e EAX: 00000000 EBX: 00000000 ECX: f505fe54 EDX: 00000000 ESI: ed5b697c EDI: 00000006 EBP: f64b7e8c ESP: f64b7e84 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 CR0: 8005003b CR2: 00000000 CR3: 30bc2000 CR4: 000006f0 DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 DR6: ffff0ff0 DR7: 00000400 Process kworker/u:0 (pid: 6, ti=f64b6000 task=f64b4160 task.ti=f64b6000) Stack: f505fe00 00000006 f64b7e9c c01de3d7 f6435540 00000003 f64b7efc c01def1d f6435540 00000002 00000000 0000008a c16d0808 c040a10b c16d07d8 c16d08b0 f505fe00 c16d0780 00000000 00000000 ee153df4 c1ce4a30 c17d0e30 00000000 Call Trace: [<c01de3d7>] cwq_dec_nr_in_flight+0x71/0xfb [<c01def1d>] process_one_work+0x5d8/0x637 [<c040a10b>] ? ext4_end_bio+0x300/0x300 [<c01e3105>] worker_thread+0x249/0x3ef [<c01ea317>] kthread+0xd8/0xeb [<c01e2ebc>] ? manage_workers+0x4bb/0x4bb [<c023a370>] ? trace_hardirqs_on+0x27/0x37 [<c0f1b4b7>] ret_from_kernel_thread+0x1b/0x28 [<c01ea23f>] ? __init_kthread_worker+0x71/0x71 Code: 01 83 15 ac ff 6c c1 00 31 db 89 c6 8b 00 a8 04 74 12 89 c3 30 db 83 05 b0 ff 6c c1 01 83 15 b4 ff 6c c1 00 89 f0 e8 42 ff ff ff <8b> 13 89 f0 83 05 b8 ff 6c c1 6c c1 00 31 c9 83 EIP: [<c01dda6a>] cwq_activate_delayed_work+0x3b/0x7e SS:ESP 0068:f64b7e84 CR2: 0000000000000000 ---[ end trace a1923229da53d8a4 ]--- Signed-off-by: "Theodore Ts'o" <tytso@mit.edu> Cc: Jan Kara <jack@suse.cz>
472 lines
12 KiB
C
472 lines
12 KiB
C
/*
|
|
* linux/fs/ext4/page-io.c
|
|
*
|
|
* This contains the new page_io functions for ext4
|
|
*
|
|
* Written by Theodore Ts'o, 2010.
|
|
*/
|
|
|
|
#include <linux/fs.h>
|
|
#include <linux/time.h>
|
|
#include <linux/jbd2.h>
|
|
#include <linux/highuid.h>
|
|
#include <linux/pagemap.h>
|
|
#include <linux/quotaops.h>
|
|
#include <linux/string.h>
|
|
#include <linux/buffer_head.h>
|
|
#include <linux/writeback.h>
|
|
#include <linux/pagevec.h>
|
|
#include <linux/mpage.h>
|
|
#include <linux/namei.h>
|
|
#include <linux/uio.h>
|
|
#include <linux/bio.h>
|
|
#include <linux/workqueue.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/slab.h>
|
|
#include <linux/mm.h>
|
|
|
|
#include "ext4_jbd2.h"
|
|
#include "xattr.h"
|
|
#include "acl.h"
|
|
|
|
static struct kmem_cache *io_page_cachep, *io_end_cachep;
|
|
|
|
int __init ext4_init_pageio(void)
|
|
{
|
|
io_page_cachep = KMEM_CACHE(ext4_io_page, SLAB_RECLAIM_ACCOUNT);
|
|
if (io_page_cachep == NULL)
|
|
return -ENOMEM;
|
|
io_end_cachep = KMEM_CACHE(ext4_io_end, SLAB_RECLAIM_ACCOUNT);
|
|
if (io_end_cachep == NULL) {
|
|
kmem_cache_destroy(io_page_cachep);
|
|
return -ENOMEM;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
void ext4_exit_pageio(void)
|
|
{
|
|
kmem_cache_destroy(io_end_cachep);
|
|
kmem_cache_destroy(io_page_cachep);
|
|
}
|
|
|
|
/*
|
|
* This function is called by ext4_evict_inode() to make sure there is
|
|
* no more pending I/O completion work left to do.
|
|
*/
|
|
void ext4_ioend_shutdown(struct inode *inode)
|
|
{
|
|
wait_queue_head_t *wq = ext4_ioend_wq(inode);
|
|
|
|
wait_event(*wq, (atomic_read(&EXT4_I(inode)->i_ioend_count) == 0));
|
|
/*
|
|
* We need to make sure the work structure is finished being
|
|
* used before we let the inode get destroyed.
|
|
*/
|
|
if (work_pending(&EXT4_I(inode)->i_unwritten_work))
|
|
cancel_work_sync(&EXT4_I(inode)->i_unwritten_work);
|
|
}
|
|
|
|
static void put_io_page(struct ext4_io_page *io_page)
|
|
{
|
|
if (atomic_dec_and_test(&io_page->p_count)) {
|
|
end_page_writeback(io_page->p_page);
|
|
put_page(io_page->p_page);
|
|
kmem_cache_free(io_page_cachep, io_page);
|
|
}
|
|
}
|
|
|
|
void ext4_free_io_end(ext4_io_end_t *io)
|
|
{
|
|
int i;
|
|
|
|
BUG_ON(!io);
|
|
BUG_ON(!list_empty(&io->list));
|
|
BUG_ON(io->flag & EXT4_IO_END_UNWRITTEN);
|
|
|
|
for (i = 0; i < io->num_io_pages; i++)
|
|
put_io_page(io->pages[i]);
|
|
io->num_io_pages = 0;
|
|
if (atomic_dec_and_test(&EXT4_I(io->inode)->i_ioend_count))
|
|
wake_up_all(ext4_ioend_wq(io->inode));
|
|
kmem_cache_free(io_end_cachep, io);
|
|
}
|
|
|
|
/* check a range of space and convert unwritten extents to written. */
|
|
static int ext4_end_io(ext4_io_end_t *io)
|
|
{
|
|
struct inode *inode = io->inode;
|
|
loff_t offset = io->offset;
|
|
ssize_t size = io->size;
|
|
int ret = 0;
|
|
|
|
ext4_debug("ext4_end_io_nolock: io 0x%p from inode %lu,list->next 0x%p,"
|
|
"list->prev 0x%p\n",
|
|
io, inode->i_ino, io->list.next, io->list.prev);
|
|
|
|
ret = ext4_convert_unwritten_extents(inode, offset, size);
|
|
if (ret < 0) {
|
|
ext4_msg(inode->i_sb, KERN_EMERG,
|
|
"failed to convert unwritten extents to written "
|
|
"extents -- potential data loss! "
|
|
"(inode %lu, offset %llu, size %zd, error %d)",
|
|
inode->i_ino, offset, size, ret);
|
|
}
|
|
/* Wake up anyone waiting on unwritten extent conversion */
|
|
if (atomic_dec_and_test(&EXT4_I(inode)->i_unwritten))
|
|
wake_up_all(ext4_ioend_wq(inode));
|
|
if (io->flag & EXT4_IO_END_DIRECT)
|
|
inode_dio_done(inode);
|
|
if (io->iocb)
|
|
aio_complete(io->iocb, io->result, 0);
|
|
return ret;
|
|
}
|
|
|
|
static void dump_completed_IO(struct inode *inode)
|
|
{
|
|
#ifdef EXT4FS_DEBUG
|
|
struct list_head *cur, *before, *after;
|
|
ext4_io_end_t *io, *io0, *io1;
|
|
|
|
if (list_empty(&EXT4_I(inode)->i_completed_io_list)) {
|
|
ext4_debug("inode %lu completed_io list is empty\n",
|
|
inode->i_ino);
|
|
return;
|
|
}
|
|
|
|
ext4_debug("Dump inode %lu completed_io list\n", inode->i_ino);
|
|
list_for_each_entry(io, &EXT4_I(inode)->i_completed_io_list, list) {
|
|
cur = &io->list;
|
|
before = cur->prev;
|
|
io0 = container_of(before, ext4_io_end_t, list);
|
|
after = cur->next;
|
|
io1 = container_of(after, ext4_io_end_t, list);
|
|
|
|
ext4_debug("io 0x%p from inode %lu,prev 0x%p,next 0x%p\n",
|
|
io, inode->i_ino, io0, io1);
|
|
}
|
|
#endif
|
|
}
|
|
|
|
/* Add the io_end to per-inode completed end_io list. */
|
|
void ext4_add_complete_io(ext4_io_end_t *io_end)
|
|
{
|
|
struct ext4_inode_info *ei = EXT4_I(io_end->inode);
|
|
struct workqueue_struct *wq;
|
|
unsigned long flags;
|
|
|
|
BUG_ON(!(io_end->flag & EXT4_IO_END_UNWRITTEN));
|
|
wq = EXT4_SB(io_end->inode->i_sb)->dio_unwritten_wq;
|
|
|
|
spin_lock_irqsave(&ei->i_completed_io_lock, flags);
|
|
if (list_empty(&ei->i_completed_io_list))
|
|
queue_work(wq, &ei->i_unwritten_work);
|
|
list_add_tail(&io_end->list, &ei->i_completed_io_list);
|
|
spin_unlock_irqrestore(&ei->i_completed_io_lock, flags);
|
|
}
|
|
|
|
static int ext4_do_flush_completed_IO(struct inode *inode)
|
|
{
|
|
ext4_io_end_t *io;
|
|
struct list_head unwritten;
|
|
unsigned long flags;
|
|
struct ext4_inode_info *ei = EXT4_I(inode);
|
|
int err, ret = 0;
|
|
|
|
spin_lock_irqsave(&ei->i_completed_io_lock, flags);
|
|
dump_completed_IO(inode);
|
|
list_replace_init(&ei->i_completed_io_list, &unwritten);
|
|
spin_unlock_irqrestore(&ei->i_completed_io_lock, flags);
|
|
|
|
while (!list_empty(&unwritten)) {
|
|
io = list_entry(unwritten.next, ext4_io_end_t, list);
|
|
BUG_ON(!(io->flag & EXT4_IO_END_UNWRITTEN));
|
|
list_del_init(&io->list);
|
|
|
|
err = ext4_end_io(io);
|
|
if (unlikely(!ret && err))
|
|
ret = err;
|
|
io->flag &= ~EXT4_IO_END_UNWRITTEN;
|
|
ext4_free_io_end(io);
|
|
}
|
|
return ret;
|
|
}
|
|
|
|
/*
|
|
* work on completed aio dio IO, to convert unwritten extents to extents
|
|
*/
|
|
void ext4_end_io_work(struct work_struct *work)
|
|
{
|
|
struct ext4_inode_info *ei = container_of(work, struct ext4_inode_info,
|
|
i_unwritten_work);
|
|
ext4_do_flush_completed_IO(&ei->vfs_inode);
|
|
}
|
|
|
|
int ext4_flush_unwritten_io(struct inode *inode)
|
|
{
|
|
int ret;
|
|
WARN_ON_ONCE(!mutex_is_locked(&inode->i_mutex) &&
|
|
!(inode->i_state & I_FREEING));
|
|
ret = ext4_do_flush_completed_IO(inode);
|
|
ext4_unwritten_wait(inode);
|
|
return ret;
|
|
}
|
|
|
|
ext4_io_end_t *ext4_init_io_end(struct inode *inode, gfp_t flags)
|
|
{
|
|
ext4_io_end_t *io = kmem_cache_zalloc(io_end_cachep, flags);
|
|
if (io) {
|
|
atomic_inc(&EXT4_I(inode)->i_ioend_count);
|
|
io->inode = inode;
|
|
INIT_LIST_HEAD(&io->list);
|
|
}
|
|
return io;
|
|
}
|
|
|
|
/*
|
|
* Print an buffer I/O error compatible with the fs/buffer.c. This
|
|
* provides compatibility with dmesg scrapers that look for a specific
|
|
* buffer I/O error message. We really need a unified error reporting
|
|
* structure to userspace ala Digital Unix's uerf system, but it's
|
|
* probably not going to happen in my lifetime, due to LKML politics...
|
|
*/
|
|
static void buffer_io_error(struct buffer_head *bh)
|
|
{
|
|
char b[BDEVNAME_SIZE];
|
|
printk(KERN_ERR "Buffer I/O error on device %s, logical block %llu\n",
|
|
bdevname(bh->b_bdev, b),
|
|
(unsigned long long)bh->b_blocknr);
|
|
}
|
|
|
|
static void ext4_end_bio(struct bio *bio, int error)
|
|
{
|
|
ext4_io_end_t *io_end = bio->bi_private;
|
|
struct inode *inode;
|
|
int i;
|
|
sector_t bi_sector = bio->bi_sector;
|
|
|
|
BUG_ON(!io_end);
|
|
bio->bi_private = NULL;
|
|
bio->bi_end_io = NULL;
|
|
if (test_bit(BIO_UPTODATE, &bio->bi_flags))
|
|
error = 0;
|
|
bio_put(bio);
|
|
|
|
for (i = 0; i < io_end->num_io_pages; i++) {
|
|
struct page *page = io_end->pages[i]->p_page;
|
|
struct buffer_head *bh, *head;
|
|
loff_t offset;
|
|
loff_t io_end_offset;
|
|
|
|
if (error) {
|
|
SetPageError(page);
|
|
set_bit(AS_EIO, &page->mapping->flags);
|
|
head = page_buffers(page);
|
|
BUG_ON(!head);
|
|
|
|
io_end_offset = io_end->offset + io_end->size;
|
|
|
|
offset = (sector_t) page->index << PAGE_CACHE_SHIFT;
|
|
bh = head;
|
|
do {
|
|
if ((offset >= io_end->offset) &&
|
|
(offset+bh->b_size <= io_end_offset))
|
|
buffer_io_error(bh);
|
|
|
|
offset += bh->b_size;
|
|
bh = bh->b_this_page;
|
|
} while (bh != head);
|
|
}
|
|
|
|
put_io_page(io_end->pages[i]);
|
|
}
|
|
io_end->num_io_pages = 0;
|
|
inode = io_end->inode;
|
|
|
|
if (error) {
|
|
io_end->flag |= EXT4_IO_END_ERROR;
|
|
ext4_warning(inode->i_sb, "I/O error writing to inode %lu "
|
|
"(offset %llu size %ld starting block %llu)",
|
|
inode->i_ino,
|
|
(unsigned long long) io_end->offset,
|
|
(long) io_end->size,
|
|
(unsigned long long)
|
|
bi_sector >> (inode->i_blkbits - 9));
|
|
}
|
|
|
|
if (!(io_end->flag & EXT4_IO_END_UNWRITTEN)) {
|
|
ext4_free_io_end(io_end);
|
|
return;
|
|
}
|
|
|
|
ext4_add_complete_io(io_end);
|
|
}
|
|
|
|
void ext4_io_submit(struct ext4_io_submit *io)
|
|
{
|
|
struct bio *bio = io->io_bio;
|
|
|
|
if (bio) {
|
|
bio_get(io->io_bio);
|
|
submit_bio(io->io_op, io->io_bio);
|
|
BUG_ON(bio_flagged(io->io_bio, BIO_EOPNOTSUPP));
|
|
bio_put(io->io_bio);
|
|
}
|
|
io->io_bio = NULL;
|
|
io->io_op = 0;
|
|
io->io_end = NULL;
|
|
}
|
|
|
|
static int io_submit_init(struct ext4_io_submit *io,
|
|
struct inode *inode,
|
|
struct writeback_control *wbc,
|
|
struct buffer_head *bh)
|
|
{
|
|
ext4_io_end_t *io_end;
|
|
struct page *page = bh->b_page;
|
|
int nvecs = bio_get_nr_vecs(bh->b_bdev);
|
|
struct bio *bio;
|
|
|
|
io_end = ext4_init_io_end(inode, GFP_NOFS);
|
|
if (!io_end)
|
|
return -ENOMEM;
|
|
bio = bio_alloc(GFP_NOIO, min(nvecs, BIO_MAX_PAGES));
|
|
bio->bi_sector = bh->b_blocknr * (bh->b_size >> 9);
|
|
bio->bi_bdev = bh->b_bdev;
|
|
bio->bi_private = io->io_end = io_end;
|
|
bio->bi_end_io = ext4_end_bio;
|
|
|
|
io_end->offset = (page->index << PAGE_CACHE_SHIFT) + bh_offset(bh);
|
|
|
|
io->io_bio = bio;
|
|
io->io_op = (wbc->sync_mode == WB_SYNC_ALL ? WRITE_SYNC : WRITE);
|
|
io->io_next_block = bh->b_blocknr;
|
|
return 0;
|
|
}
|
|
|
|
static int io_submit_add_bh(struct ext4_io_submit *io,
|
|
struct ext4_io_page *io_page,
|
|
struct inode *inode,
|
|
struct writeback_control *wbc,
|
|
struct buffer_head *bh)
|
|
{
|
|
ext4_io_end_t *io_end;
|
|
int ret;
|
|
|
|
if (buffer_new(bh)) {
|
|
clear_buffer_new(bh);
|
|
unmap_underlying_metadata(bh->b_bdev, bh->b_blocknr);
|
|
}
|
|
|
|
if (io->io_bio && bh->b_blocknr != io->io_next_block) {
|
|
submit_and_retry:
|
|
ext4_io_submit(io);
|
|
}
|
|
if (io->io_bio == NULL) {
|
|
ret = io_submit_init(io, inode, wbc, bh);
|
|
if (ret)
|
|
return ret;
|
|
}
|
|
io_end = io->io_end;
|
|
if ((io_end->num_io_pages >= MAX_IO_PAGES) &&
|
|
(io_end->pages[io_end->num_io_pages-1] != io_page))
|
|
goto submit_and_retry;
|
|
if (buffer_uninit(bh))
|
|
ext4_set_io_unwritten_flag(inode, io_end);
|
|
io->io_end->size += bh->b_size;
|
|
io->io_next_block++;
|
|
ret = bio_add_page(io->io_bio, bh->b_page, bh->b_size, bh_offset(bh));
|
|
if (ret != bh->b_size)
|
|
goto submit_and_retry;
|
|
if ((io_end->num_io_pages == 0) ||
|
|
(io_end->pages[io_end->num_io_pages-1] != io_page)) {
|
|
io_end->pages[io_end->num_io_pages++] = io_page;
|
|
atomic_inc(&io_page->p_count);
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
int ext4_bio_write_page(struct ext4_io_submit *io,
|
|
struct page *page,
|
|
int len,
|
|
struct writeback_control *wbc)
|
|
{
|
|
struct inode *inode = page->mapping->host;
|
|
unsigned block_start, block_end, blocksize;
|
|
struct ext4_io_page *io_page;
|
|
struct buffer_head *bh, *head;
|
|
int ret = 0;
|
|
|
|
blocksize = 1 << inode->i_blkbits;
|
|
|
|
BUG_ON(!PageLocked(page));
|
|
BUG_ON(PageWriteback(page));
|
|
|
|
io_page = kmem_cache_alloc(io_page_cachep, GFP_NOFS);
|
|
if (!io_page) {
|
|
redirty_page_for_writepage(wbc, page);
|
|
unlock_page(page);
|
|
return -ENOMEM;
|
|
}
|
|
io_page->p_page = page;
|
|
atomic_set(&io_page->p_count, 1);
|
|
get_page(page);
|
|
set_page_writeback(page);
|
|
ClearPageError(page);
|
|
|
|
for (bh = head = page_buffers(page), block_start = 0;
|
|
bh != head || !block_start;
|
|
block_start = block_end, bh = bh->b_this_page) {
|
|
|
|
block_end = block_start + blocksize;
|
|
if (block_start >= len) {
|
|
/*
|
|
* Comments copied from block_write_full_page_endio:
|
|
*
|
|
* The page straddles i_size. It must be zeroed out on
|
|
* each and every writepage invocation because it may
|
|
* be mmapped. "A file is mapped in multiples of the
|
|
* page size. For a file that is not a multiple of
|
|
* the page size, the remaining memory is zeroed when
|
|
* mapped, and writes to that region are not written
|
|
* out to the file."
|
|
*/
|
|
zero_user_segment(page, block_start, block_end);
|
|
clear_buffer_dirty(bh);
|
|
set_buffer_uptodate(bh);
|
|
continue;
|
|
}
|
|
if (!buffer_dirty(bh) || buffer_delay(bh) ||
|
|
!buffer_mapped(bh) || buffer_unwritten(bh)) {
|
|
/* A hole? We can safely clear the dirty bit */
|
|
if (!buffer_mapped(bh))
|
|
clear_buffer_dirty(bh);
|
|
if (io->io_bio)
|
|
ext4_io_submit(io);
|
|
continue;
|
|
}
|
|
ret = io_submit_add_bh(io, io_page, inode, wbc, bh);
|
|
if (ret) {
|
|
/*
|
|
* We only get here on ENOMEM. Not much else
|
|
* we can do but mark the page as dirty, and
|
|
* better luck next time.
|
|
*/
|
|
redirty_page_for_writepage(wbc, page);
|
|
break;
|
|
}
|
|
clear_buffer_dirty(bh);
|
|
}
|
|
unlock_page(page);
|
|
/*
|
|
* If the page was truncated before we could do the writeback,
|
|
* or we had a memory allocation error while trying to write
|
|
* the first buffer head, we won't have submitted any pages for
|
|
* I/O. In that case we need to make sure we've cleared the
|
|
* PageWriteback bit from the page to prevent the system from
|
|
* wedging later on.
|
|
*/
|
|
put_io_page(io_page);
|
|
return ret;
|
|
}
|