linux/fs/ext4
Theodore Ts'o 1ada47d946 ext4: fix ext4_evict_inode() racing against workqueue processing code
Commit 84c17543ab (ext4: move work from io_end to inode) triggered a
regression when running xfstest #270 when the file system is mounted
with dioread_nolock.

The problem is that after ext4_evict_inode() calls ext4_ioend_wait(),
this guarantees that last io_end structure has been freed, but it does
not guarantee that the workqueue structure, which was moved into the
inode by commit 84c17543ab, is actually finished.  Once
ext4_flush_completed_IO() calls ext4_free_io_end() on CPU #1, this
will allow ext4_ioend_wait() to return on CPU #2, at which point the
evict_inode() codepath can race against the workqueue code on CPU #1
accessing EXT4_I(inode)->i_unwritten_work to find the next item of
work to do.

Fix this by calling cancel_work_sync() in ext4_ioend_wait(), which
will be renamed ext4_ioend_shutdown(), since it is only used by
ext4_evict_inode().  Also, move the call to ext4_ioend_shutdown()
until after truncate_inode_pages() and filemap_write_and_wait() are
called, to make sure all dirty pages have been written back and
flushed from the page cache first.

BUG: unable to handle kernel NULL pointer dereference at   (null)
IP: [<c01dda6a>] cwq_activate_delayed_work+0x3b/0x7e
*pdpt = 0000000030bc3001 *pde = 0000000000000000 
Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
Modules linked in:
Pid: 6, comm: kworker/u:0 Not tainted 3.8.0-rc3-00013-g84c1754-dirty #91 Bochs Bochs
EIP: 0060:[<c01dda6a>] EFLAGS: 00010046 CPU: 0
EIP is at cwq_activate_delayed_work+0x3b/0x7e
EAX: 00000000 EBX: 00000000 ECX: f505fe54 EDX: 00000000
ESI: ed5b697c EDI: 00000006 EBP: f64b7e8c ESP: f64b7e84
 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
CR0: 8005003b CR2: 00000000 CR3: 30bc2000 CR4: 000006f0
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: ffff0ff0 DR7: 00000400
Process kworker/u:0 (pid: 6, ti=f64b6000 task=f64b4160 task.ti=f64b6000)
Stack:
 f505fe00 00000006 f64b7e9c c01de3d7 f6435540 00000003 f64b7efc c01def1d
 f6435540 00000002 00000000 0000008a c16d0808 c040a10b c16d07d8 c16d08b0
 f505fe00 c16d0780 00000000 00000000 ee153df4 c1ce4a30 c17d0e30 00000000
Call Trace:
 [<c01de3d7>] cwq_dec_nr_in_flight+0x71/0xfb
 [<c01def1d>] process_one_work+0x5d8/0x637
 [<c040a10b>] ? ext4_end_bio+0x300/0x300
 [<c01e3105>] worker_thread+0x249/0x3ef
 [<c01ea317>] kthread+0xd8/0xeb
 [<c01e2ebc>] ? manage_workers+0x4bb/0x4bb
 [<c023a370>] ? trace_hardirqs_on+0x27/0x37
 [<c0f1b4b7>] ret_from_kernel_thread+0x1b/0x28
 [<c01ea23f>] ? __init_kthread_worker+0x71/0x71
Code: 01 83 15 ac ff 6c c1 00 31 db 89 c6 8b 00 a8 04 74 12 89 c3 30 db 83 05 b0 ff 6c c1 01 83 15 b4 ff 6c c1 00 89 f0 e8 42 ff ff ff <8b> 13 89 f0 83 05 b8 ff 6c c1
 6c c1 00 31 c9 83
EIP: [<c01dda6a>] cwq_activate_delayed_work+0x3b/0x7e SS:ESP 0068:f64b7e84
CR2: 0000000000000000
---[ end trace a1923229da53d8a4 ]---

Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Cc: Jan Kara <jack@suse.cz>
2013-03-20 09:39:42 -04:00
..
acl.c ext4: fix the number of credits needed for acl ops with inline data 2013-02-09 15:23:03 -05:00
acl.h fs: take the ACL checks to common code 2011-07-25 14:30:23 -04:00
balloc.c ext4: convert number of blocks to clusters properly 2013-03-02 17:18:58 -05:00
bitmap.c ext4: Checksum the block bitmap properly with bigalloc enabled 2012-10-22 00:34:32 -04:00
block_validity.c ext2/3/4: delete unneeded includes of module.h 2012-01-09 13:52:10 +01:00
dir.c ext4: fix a warning from sparse check for ext4_dir_llseek 2013-03-02 17:24:05 -05:00
ext4_extents.h ext4: remove single extent cache 2013-02-18 00:31:07 -05:00
ext4_jbd2.c ext4: pass context information to jbd2__journal_start() 2013-02-08 21:59:22 -05:00
ext4_jbd2.h ext4: fix the number of credits needed for acl ops with inline data 2013-02-09 15:23:03 -05:00
ext4.h ext4: fix ext4_evict_inode() racing against workqueue processing code 2013-03-20 09:39:42 -04:00
extents_status.c ext4: update extent status tree after an extent is zeroed out 2013-03-10 21:13:05 -04:00
extents_status.h ext4: update extent status tree after an extent is zeroed out 2013-03-10 21:13:05 -04:00
extents.c ext4: use s_extent_max_zeroout_kb value as number of kb 2013-03-12 12:40:04 -04:00
file.c ext4: rename and improbe ext4_es_find_extent() 2013-02-18 00:27:26 -05:00
fsync.c ext4: fix an incorrect comment about i_mutex 2012-12-25 13:31:52 -05:00
hash.c ext4: reduce one "if" comparison in ext4_dirhash() 2013-02-01 22:33:21 -05:00
ialloc.c ext4: use atomic64_t for the per-flexbg free_clusters count 2013-03-11 23:39:59 -04:00
indirect.c ext4: pass context information to jbd2__journal_start() 2013-02-08 21:59:22 -05:00
inline.c ext4: pass context information to jbd2__journal_start() 2013-02-08 21:59:22 -05:00
inode.c ext4: fix ext4_evict_inode() racing against workqueue processing code 2013-03-20 09:39:42 -04:00
ioctl.c ext4: pass context information to jbd2__journal_start() 2013-02-08 21:59:22 -05:00
Kconfig ext4: fix configuration dependencies for ext4 ACLs and security labels 2013-01-06 23:38:44 -05:00
Makefile ext4: Remove CONFIG_EXT4_FS_XATTR 2012-12-10 16:30:43 -05:00
mballoc.c ext4: use atomic64_t for the per-flexbg free_clusters count 2013-03-11 23:39:59 -04:00
mballoc.h ext4: use module parameters instead of debugfs for mballoc_debug 2013-02-09 16:28:20 -05:00
migrate.c ext4: fix the number of credits needed for ext4_ext_migrate() 2013-02-09 12:50:27 -05:00
mmp.c ext4: use unlikely to improve the efficiency of the kernel 2013-01-12 16:28:47 -05:00
move_extent.c ext4: fix memory leakage in mext_check_coverage 2013-03-18 11:40:19 -04:00
namei.c ext4: use ERR_PTR() abstraction for ext4_append() 2013-02-15 03:35:57 -05:00
page-io.c ext4: fix ext4_evict_inode() racing against workqueue processing code 2013-03-20 09:39:42 -04:00
resize.c ext4: use atomic64_t for the per-flexbg free_clusters count 2013-03-11 23:39:59 -04:00
super.c ext4: use atomic64_t for the per-flexbg free_clusters count 2013-03-11 23:39:59 -04:00
symlink.c ext4: Remove CONFIG_EXT4_FS_XATTR 2012-12-10 16:30:43 -05:00
truncate.h ext4: move common truncate functions to header file 2011-06-27 19:16:04 -04:00
xattr_security.c Merge branch 'for_linus' into for_linus_merged 2012-01-10 11:54:07 -05:00
xattr_trusted.c ext2/3/4: delete unneeded includes of module.h 2012-01-09 13:52:10 +01:00
xattr_user.c ext2/3/4: delete unneeded includes of module.h 2012-01-09 13:52:10 +01:00
xattr.c ext4: fix xattr block allocation/release with bigalloc 2013-02-18 12:12:07 -05:00
xattr.h ext4: fix the number of credits needed for acl ops with inline data 2013-02-09 15:23:03 -05:00