On 02/06, Chao Yu wrote:
> F2FS-fs (dm-59): checkpoint=enable has some unwritten data.
>
> ------------[ cut here ]------------
> WARNING: CPU: 6 PID: 8013 at fs/quota/dquot.c:691
> dquot_writeback_dquots+0x2fc/0x308
> pc : dquot_writeback_dquots+0x2fc/0x308
> lr : f2fs_quota_sync+0xcc/0x1c4
> Call trace:
> dquot_writeback_dquots+0x2fc/0x308
> f2fs_quota_sync+0xcc/0x1c4
> f2fs_write_checkpoint+0x3d4/0x9b0
> f2fs_issue_checkpoint+0x1bc/0x2c0
> f2fs_sync_fs+0x54/0x150
> f2fs_do_sync_file+0x2f8/0x814
> __f2fs_ioctl+0x1960/0x3244
> f2fs_ioctl+0x54/0xe0
> __arm64_sys_ioctl+0xa8/0xe4
> invoke_syscall+0x58/0x114
>
> checkpoint and f2fs_remount may race as below, resulting triggering warning
> in dquot_writeback_dquots().
>
> atomic write remount
> - do_remount
> - down_write(&sb->s_umount);
> - f2fs_remount
> - ioctl
> - f2fs_do_sync_file
> - f2fs_sync_fs
> - f2fs_write_checkpoint
> - block_operations
> - locked = down_read_trylock(&sbi->sb->s_umount)
> : fail to lock due to the write lock was held by remount
> - up_write(&sb->s_umount);
> - f2fs_quota_sync
> - dquot_writeback_dquots
> - WARN_ON_ONCE(!rwsem_is_locked(&sb->s_umount))
> : trigger warning because s_umount lock was unlocked by remount
>
> If checkpoint comes from mount/umount/remount/freeze/quotactl, caller of
> checkpoint has already held s_umount lock, calling dquot_writeback_dquots()
> in the context should be safe.
>
> So let's record task to sbi->umount_lock_holder, so that checkpoint can
> know whether the lock has held in the context or not by checking current
> w/ it.
>
> In addition, in order to misrepresent caller of checkpoint, we should not
> allow to trigger async checkpoint for those callers: mount/umount/remount/
> freeze/quotactl.
>
> Fixes: af033b2aa8a8 ("f2fs: guarantee journalled quota data by checkpoint")
> Signed-off-by: Chao Yu <c...@kernel.org>
> ---
> fs/f2fs/checkpoint.c | 17 ++++++++-----
> fs/f2fs/f2fs.h | 3 ++-
> fs/f2fs/super.c | 59 +++++++++++++++++++++++++++++++++++---------
> 3 files changed, 60 insertions(+), 19 deletions(-)
>
> diff --git a/fs/f2fs/checkpoint.c b/fs/f2fs/checkpoint.c
> index efda9a022981..baff639ac0c4 100644
> --- a/fs/f2fs/checkpoint.c
> +++ b/fs/f2fs/checkpoint.c
> @@ -1237,7 +1237,8 @@ static int block_operations(struct f2fs_sb_info *sbi)
> retry_flush_quotas:
> f2fs_lock_all(sbi);
> if (__need_flush_quota(sbi)) {
> - int locked;
> + bool need_lock = sbi->umount_lock_holder != current;
> + bool locked = false;
I removed the above unnecessary locked.
>
> if (++cnt > DEFAULT_RETRY_QUOTA_FLUSH_COUNT) {
> set_sbi_flag(sbi, SBI_QUOTA_SKIP_FLUSH);
> @@ -1246,10 +1247,13 @@ static int block_operations(struct f2fs_sb_info *sbi)
> }
> f2fs_unlock_all(sbi);
>
> - /* only failed during mount/umount/freeze/quotactl */
> - locked = down_read_trylock(&sbi->sb->s_umount);
> - f2fs_quota_sync(sbi->sb, -1);
> - if (locked)
> + /* don't grab s_umount lock during
> mount/umount/remount/freeze/quotactl */
> + if (need_lock && !down_read_trylock(&sbi->sb->s_umount)) {
> + cond_resched();
> + goto retry_flush_quotas;
> + }
> + f2fs_do_quota_sync(sbi->sb, -1);
> + if (need_lock)
> up_read(&sbi->sb->s_umount);
> cond_resched();
> goto retry_flush_quotas;
Modified to:
/* don't grab s_umount lock during
mount/umount/remount/freeze/quotactl */
if (!need_lock) {
f2fs_do_quota_sync(sbi->sb, -1);
} else if (down_read_trylock(&sbi->sb->s_umount)) {
f2fs_do_quota_sync(sbi->sb, -1);
up_read(&sbi->sb->s_umount);
}
cond_resched();
goto retry_flush_quotas;
> @@ -1867,7 +1871,8 @@ int f2fs_issue_checkpoint(struct f2fs_sb_info *sbi)
> struct cp_control cpc;
>
> cpc.reason = __get_cp_reason(sbi);
> - if (!test_opt(sbi, MERGE_CHECKPOINT) || cpc.reason != CP_SYNC) {
> + if (!test_opt(sbi, MERGE_CHECKPOINT) || cpc.reason != CP_SYNC ||
> + sbi->umount_lock_holder == current) {
> int ret;
>
> f2fs_down_write(&sbi->gc_lock);
> diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
> index 62b7fed1514a..7174dea641e9 100644
> --- a/fs/f2fs/f2fs.h
> +++ b/fs/f2fs/f2fs.h
> @@ -1670,6 +1670,7 @@ struct f2fs_sb_info {
>
> unsigned int nquota_files; /* # of quota sysfile */
> struct f2fs_rwsem quota_sem; /* blocking cp for flags */
> + struct task_struct *umount_lock_holder; /* s_umount lock holder */
>
> /* # of pages, see count_type */
> atomic_t nr_pages[NR_COUNT_TYPE];
> @@ -3652,7 +3653,7 @@ int f2fs_inode_dirtied(struct inode *inode, bool sync);
> void f2fs_inode_synced(struct inode *inode);
> int f2fs_dquot_initialize(struct inode *inode);
> int f2fs_enable_quota_files(struct f2fs_sb_info *sbi, bool rdonly);
> -int f2fs_quota_sync(struct super_block *sb, int type);
> +int f2fs_do_quota_sync(struct super_block *sb, int type);
> loff_t max_file_blocks(struct inode *inode);
> void f2fs_quota_off_umount(struct super_block *sb);
> void f2fs_save_errors(struct f2fs_sb_info *sbi, unsigned char flag);
> diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
> index ef639a6d82e5..cb9d7b6fa3ad 100644
> --- a/fs/f2fs/super.c
> +++ b/fs/f2fs/super.c
> @@ -1740,22 +1740,28 @@ int f2fs_sync_fs(struct super_block *sb, int sync)
>
> static int f2fs_freeze(struct super_block *sb)
> {
> + struct f2fs_sb_info *sbi = F2FS_SB(sb);
> +
> if (f2fs_readonly(sb))
> return 0;
>
> /* IO error happened before */
> - if (unlikely(f2fs_cp_error(F2FS_SB(sb))))
> + if (unlikely(f2fs_cp_error(sbi)))
> return -EIO;
>
> /* must be clean, since sync_filesystem() was already called */
> - if (is_sbi_flag_set(F2FS_SB(sb), SBI_IS_DIRTY))
> + if (is_sbi_flag_set(sbi, SBI_IS_DIRTY))
> return -EINVAL;
>
> + sbi->umount_lock_holder = current;
> +
> /* Let's flush checkpoints and stop the thread. */
> - f2fs_flush_ckpt_thread(F2FS_SB(sb));
> + f2fs_flush_ckpt_thread(sbi);
> +
> + sbi->umount_lock_holder = NULL;
>
> /* to avoid deadlock on f2fs_evict_inode->SB_FREEZE_FS */
> - set_sbi_flag(F2FS_SB(sb), SBI_IS_FREEZING);
> + set_sbi_flag(sbi, SBI_IS_FREEZING);
> return 0;
> }
>
> @@ -2332,6 +2338,8 @@ static int f2fs_remount(struct super_block *sb, int
> *flags, char *data)
> org_mount_opt = sbi->mount_opt;
> old_sb_flags = sb->s_flags;
>
> + sbi->umount_lock_holder = current;
> +
> #ifdef CONFIG_QUOTA
> org_mount_opt.s_jquota_fmt = F2FS_OPTION(sbi).s_jquota_fmt;
> for (i = 0; i < MAXQUOTAS; i++) {
> @@ -2555,6 +2563,8 @@ static int f2fs_remount(struct super_block *sb, int
> *flags, char *data)
>
> limit_reserve_root(sbi);
> *flags = (*flags & ~SB_LAZYTIME) | (sb->s_flags & SB_LAZYTIME);
> +
> + sbi->umount_lock_holder = NULL;
> return 0;
> restore_checkpoint:
> if (need_enable_checkpoint) {
> @@ -2595,6 +2605,8 @@ static int f2fs_remount(struct super_block *sb, int
> *flags, char *data)
> #endif
> sbi->mount_opt = org_mount_opt;
> sb->s_flags = old_sb_flags;
> +
> + sbi->umount_lock_holder = NULL;
> return err;
> }
>
> @@ -2911,7 +2923,7 @@ static int f2fs_quota_sync_file(struct f2fs_sb_info
> *sbi, int type)
> return ret;
> }
>
> -int f2fs_quota_sync(struct super_block *sb, int type)
> +int f2fs_do_quota_sync(struct super_block *sb, int type)
> {
> struct f2fs_sb_info *sbi = F2FS_SB(sb);
> struct quota_info *dqopt = sb_dqopt(sb);
> @@ -2959,6 +2971,16 @@ int f2fs_quota_sync(struct super_block *sb, int type)
> return ret;
> }
>
> +static int f2fs_quota_sync(struct super_block *sb, int type)
> +{
> + int ret;
> +
> + F2FS_SB(sb)->umount_lock_holder = current;
> + ret = f2fs_do_quota_sync(sb, type);
> + F2FS_SB(sb)->umount_lock_holder = NULL;
> + return ret;
> +}
> +
> static int f2fs_quota_on(struct super_block *sb, int type, int format_id,
> const struct path *path)
> {
> @@ -2974,30 +2996,33 @@ static int f2fs_quota_on(struct super_block *sb, int
> type, int format_id,
> if (path->dentry->d_sb != sb)
> return -EXDEV;
>
> - err = f2fs_quota_sync(sb, type);
> + F2FS_SB(sb)->umount_lock_holder = current;
> +
> + err = f2fs_do_quota_sync(sb, type);
> if (err)
> - return err;
> + goto out;
>
> inode = d_inode(path->dentry);
>
> err = filemap_fdatawrite(inode->i_mapping);
> if (err)
> - return err;
> + goto out;
>
> err = filemap_fdatawait(inode->i_mapping);
> if (err)
> - return err;
> + goto out;
>
> err = dquot_quota_on(sb, type, format_id, path);
> if (err)
> - return err;
> + goto out;
>
> inode_lock(inode);
> F2FS_I(inode)->i_flags |= F2FS_QUOTA_DEFAULT_FL;
> f2fs_set_inode_flags(inode);
> inode_unlock(inode);
> f2fs_mark_inode_dirty_sync(inode, false);
> -
> +out:
> + F2FS_SB(sb)->umount_lock_holder = NULL;
> return 0;
> }
>
> @@ -3009,7 +3034,7 @@ static int __f2fs_quota_off(struct super_block *sb, int
> type)
> if (!inode || !igrab(inode))
> return dquot_quota_off(sb, type);
>
> - err = f2fs_quota_sync(sb, type);
> + err = f2fs_do_quota_sync(sb, type);
> if (err)
> goto out_put;
>
> @@ -3032,6 +3057,8 @@ static int f2fs_quota_off(struct super_block *sb, int
> type)
> struct f2fs_sb_info *sbi = F2FS_SB(sb);
> int err;
>
> + F2FS_SB(sb)->umount_lock_holder = current;
> +
> err = __f2fs_quota_off(sb, type);
>
> /*
> @@ -3041,6 +3068,9 @@ static int f2fs_quota_off(struct super_block *sb, int
> type)
> */
> if (is_journalled_quota(sbi))
> set_sbi_flag(sbi, SBI_QUOTA_NEED_REPAIR);
> +
> + F2FS_SB(sb)->umount_lock_holder = NULL;
> +
> return err;
> }
>
> @@ -4715,6 +4745,7 @@ static int f2fs_fill_super(struct super_block *sb, void
> *data, int silent)
> if (err)
> goto free_compress_inode;
>
> + sbi->umount_lock_holder = current;
> #ifdef CONFIG_QUOTA
> /* Enable quota usage during mount */
> if (f2fs_sb_has_quota_ino(sbi) && !f2fs_readonly(sb)) {
> @@ -4841,6 +4872,8 @@ static int f2fs_fill_super(struct super_block *sb, void
> *data, int silent)
> f2fs_update_time(sbi, CP_TIME);
> f2fs_update_time(sbi, REQ_TIME);
> clear_sbi_flag(sbi, SBI_CP_DISABLED_QUICK);
> +
> + sbi->umount_lock_holder = NULL;
> return 0;
>
> sync_free_meta:
> @@ -4945,6 +4978,8 @@ static void kill_f2fs_super(struct super_block *sb)
> struct f2fs_sb_info *sbi = F2FS_SB(sb);
>
> if (sb->s_root) {
> + sbi->umount_lock_holder = current;
> +
> set_sbi_flag(sbi, SBI_IS_CLOSE);
> f2fs_stop_gc_thread(sbi);
> f2fs_stop_discard_thread(sbi);
> --
> 2.48.1.502.g6dc24dfdaf-goog
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
