linux/fs/xfs
Darrick J. Wong 2254a7396a xfs: fix xfs_inodegc_stop racing with mod_delayed_work
syzbot reported this warning from the faux inodegc shrinker that tries
to kick off inodegc work:

------------[ cut here ]------------
WARNING: CPU: 1 PID: 102 at kernel/workqueue.c:1445 __queue_work+0xd44/0x1120 kernel/workqueue.c:1444
RIP: 0010:__queue_work+0xd44/0x1120 kernel/workqueue.c:1444
Call Trace:
 __queue_delayed_work+0x1c8/0x270 kernel/workqueue.c:1672
 mod_delayed_work_on+0xe1/0x220 kernel/workqueue.c:1746
 xfs_inodegc_shrinker_scan fs/xfs/xfs_icache.c:2212 [inline]
 xfs_inodegc_shrinker_scan+0x250/0x4f0 fs/xfs/xfs_icache.c:2191
 do_shrink_slab+0x428/0xaa0 mm/vmscan.c:853
 shrink_slab+0x175/0x660 mm/vmscan.c:1013
 shrink_one+0x502/0x810 mm/vmscan.c:5343
 shrink_many mm/vmscan.c:5394 [inline]
 lru_gen_shrink_node mm/vmscan.c:5511 [inline]
 shrink_node+0x2064/0x35f0 mm/vmscan.c:6459
 kswapd_shrink_node mm/vmscan.c:7262 [inline]
 balance_pgdat+0xa02/0x1ac0 mm/vmscan.c:7452
 kswapd+0x677/0xd60 mm/vmscan.c:7712
 kthread+0x2e8/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308

This warning corresponds to this code in __queue_work:

	/*
	 * For a draining wq, only works from the same workqueue are
	 * allowed. The __WQ_DESTROYING helps to spot the issue that
	 * queues a new work item to a wq after destroy_workqueue(wq).
	 */
	if (unlikely(wq->flags & (__WQ_DESTROYING | __WQ_DRAINING) &&
		     WARN_ON_ONCE(!is_chained_work(wq))))
		return;

For this to trip, we must have a thread draining the inodedgc workqueue
and a second thread trying to queue inodegc work to that workqueue.
This can happen if freezing or a ro remount race with reclaim poking our
faux inodegc shrinker and another thread dropping an unlinked O_RDONLY
file:

Thread 0	Thread 1	Thread 2

xfs_inodegc_stop

				xfs_inodegc_shrinker_scan
				xfs_is_inodegc_enabled
				<yes, will continue>

xfs_clear_inodegc_enabled
xfs_inodegc_queue_all
<list empty, do not queue inodegc worker>

		xfs_inodegc_queue
		<add to list>
		xfs_is_inodegc_enabled
		<no, returns>

drain_workqueue
<set WQ_DRAINING>

				llist_empty
				<no, will queue list>
				mod_delayed_work_on(..., 0)
				__queue_work
				<sees WQ_DRAINING, kaboom>

In other words, everything between the access to inodegc_enabled state
and the decision to poke the inodegc workqueue requires some kind of
coordination to avoid the WQ_DRAINING state.  We could perhaps introduce
a lock here, but we could also try to eliminate WQ_DRAINING from the
picture.

We could replace the drain_workqueue call with a loop that flushes the
workqueue and queues workers as long as there is at least one inode
present in the per-cpu inodegc llists.  We've disabled inodegc at this
point, so we know that the number of queued inodes will eventually hit
zero as long as xfs_inodegc_start cannot reactivate the workers.

There are four callers of xfs_inodegc_start.  Three of them come from the
VFS with s_umount held: filesystem thawing, failed filesystem freezing,
and the rw remount transition.  The fourth caller is mounting rw (no
remount or freezing possible).

There are three callers ofs xfs_inodegc_stop.  One is unmounting (no
remount or thaw possible).  Two of them come from the VFS with s_umount
held: fs freezing and ro remount transition.

Hence, it is correct to replace the drain_workqueue call with a loop
that drains the inodegc llists.

Fixes: 6191cf3ad5 ("xfs: flush inodegc workqueue tasks before cancel")
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2023-05-02 09:16:14 +10:00
..
libxfs xfs: set bnobt/cntbt numrecs correctly when formatting new AGs 2023-05-02 09:14:36 +10:00
scrub xfs: disable reaping in fscounters scrub 2023-05-02 09:16:14 +10:00
Kconfig xfs: deprecate the ascii-ci feature 2023-04-11 19:05:19 -07:00
kmem.c mm: introduce memalloc_retry_wait() 2022-01-15 16:30:29 +02:00
kmem.h xfs: remove kmem_zone typedef 2021-10-22 16:00:31 -07:00
Makefile xfs: cross-reference rmap records with ag btrees 2023-04-11 19:00:38 -07:00
mrlock.h
xfs_acl.c fs: port acl to mnt_idmap 2023-01-19 09:24:28 +01:00
xfs_acl.h fs: port ->set_acl() to pass mnt_idmap 2023-01-19 09:24:27 +01:00
xfs_aops.c xfs: fix off-by-one-block in xfs_discard_folio() 2023-03-05 15:13:23 -08:00
xfs_aops.h
xfs_attr_inactive.c xfs: don't leak memory when attr fork loading fails 2022-07-20 16:40:39 -07:00
xfs_attr_item.c xfs: dump corrupt recovered log intent items to dmesg consistently 2022-10-31 08:58:20 -07:00
xfs_attr_item.h xfs: share xattr name and value buffers when logging xattr updates 2022-05-23 08:43:46 +10:00
xfs_attr_list.c xfs: use XFS_IFORK_Q to determine the presence of an xattr fork 2022-07-09 15:17:21 -07:00
xfs_bio_io.c fs/xfs: Use the enum req_op and blk_opf_t types 2022-07-14 12:14:33 -06:00
xfs_bmap_item.c xfs: allow queued AG intents to drain before scrubbing 2023-04-11 18:59:58 -07:00
xfs_bmap_item.h xfs: rename _zone variables to _cache 2021-10-22 16:04:20 -07:00
xfs_bmap_util.c xfs: fix negative array access in xfs_getbmap 2023-05-02 09:15:01 +10:00
xfs_bmap_util.h xfs: xfs_bmap_punch_delalloc_range() should take a byte range 2022-11-29 09:09:17 +11:00
xfs_buf_item_recover.c xfs: verify buffer contents when we skip log replay 2023-04-12 15:49:23 +10:00
xfs_buf_item.c xfs: fix super block buf log item UAF during force shutdown 2022-11-30 09:25:46 -08:00
xfs_buf_item.h xfs: convert buffer log item flags to unsigned. 2022-04-21 10:46:40 +10:00
xfs_buf.c xfs: invalidate block device page cache during unmount 2022-11-30 08:55:18 -08:00
xfs_buf.h xfs: xfs_buf cache destroy isn't RCU safe 2022-07-20 16:40:39 -07:00
xfs_dahash_test.c xfs: test the ascii case-insensitive hash 2023-04-11 19:05:05 -07:00
xfs_dahash_test.h xfs: test dir/attr hash when loading module 2023-03-19 09:55:49 -07:00
xfs_dir2_readdir.c xfs: rearrange the logic and remove the broken comment for xfs_dir2_isxx 2022-10-04 16:39:58 +11:00
xfs_discard.c xfs: convert trim to use for_each_perag_range 2023-02-13 09:14:54 +11:00
xfs_discard.h
xfs_dquot_item_recover.c xfs: replace xfs_sb_version checks with feature flag checks 2021-08-19 10:07:12 -07:00
xfs_dquot_item.c xfs: remove support for disabling quota accounting on a mounted file system 2021-08-06 11:05:36 -07:00
xfs_dquot_item.h xfs: remove support for disabling quota accounting on a mounted file system 2021-08-06 11:05:36 -07:00
xfs_dquot.c xfs: remove WARN when dquot cache insertion fails 2023-04-12 15:48:59 +10:00
xfs_dquot.h xfs: remove warning counters from struct xfs_dquot_res 2022-05-11 17:12:09 +10:00
xfs_drain.c xfs: minimize overhead of drain wakeups by using jump labels 2023-04-11 18:59:59 -07:00
xfs_drain.h xfs: minimize overhead of drain wakeups by using jump labels 2023-04-11 18:59:59 -07:00
xfs_error.c xfs: make kobj_type structures constant 2023-02-10 08:59:48 -08:00
xfs_error.h xfs: allow setting full range of panic tags 2023-02-09 18:36:17 -08:00
xfs_export.c xfs: convert remaining mount flags to state flags 2021-08-19 10:07:13 -07:00
xfs_export.h
xfs_extent_busy.c xfs: fix extent busy updating 2023-01-05 07:34:21 -08:00
xfs_extent_busy.h
xfs_extfree_item.c xfs: allow queued AG intents to drain before scrubbing 2023-04-11 18:59:58 -07:00
xfs_extfree_item.h xfs: refactor all the EFI/EFD log item sizeof logic 2022-10-31 08:58:20 -07:00
xfs_file.c - Daniel Verkamp has contributed a memfd series ("mm/memfd: add 2023-02-23 17:09:35 -08:00
xfs_filestream.c xfs: refactor the filestreams allocator pick functions 2023-02-13 09:14:56 +11:00
xfs_filestream.h xfs: pass perag to filestreams tracing 2023-02-13 09:14:56 +11:00
xfs_fsmap.c xfs: fix uninitialized variable access 2023-02-14 17:51:35 -08:00
xfs_fsmap.h
xfs_fsops.c - The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe 2022-08-05 16:32:45 -07:00
xfs_fsops.h
xfs_globals.c xfs: allow setting full range of panic tags 2023-02-09 18:36:17 -08:00
xfs_health.c xfs: replace XFS_FORCED_SHUTDOWN with xfs_is_shutdown 2021-08-19 10:07:13 -07:00
xfs_icache.c xfs: fix xfs_inodegc_stop racing with mod_delayed_work 2023-05-02 09:16:14 +10:00
xfs_icache.h xfs: fix an inode lookup race in xchk_get_inode 2023-04-11 19:00:21 -07:00
xfs_icreate_item.c xfs: fix potential log item leak 2022-05-04 11:45:11 +10:00
xfs_icreate_item.h xfs: rename _zone variables to _cache 2021-10-22 16:04:20 -07:00
xfs_inode_item_recover.c xfs: clean up "%Ld/%Lu" which doesn't meet C standard 2022-09-19 06:47:14 +10:00
xfs_inode_item.c xfs: remove the redundant word in comment 2022-09-19 06:45:14 +10:00
xfs_inode_item.h xfs: aborting inodes on shutdown may need buffer lock 2022-03-29 18:21:59 -07:00
xfs_inode.c New code for 6.3-rc1, part 2: 2023-02-28 16:08:30 -08:00
xfs_inode.h fs: port inode_init_owner() to mnt_idmap 2023-01-19 09:24:28 +01:00
xfs_ioctl32.c fs: port i_{g,u}id_into_vfs{g,u}id() to mnt_idmap 2023-01-19 09:24:29 +01:00
xfs_ioctl32.h xfs: remove unused xfs_ioctl32.h declarations 2022-01-18 10:18:36 -08:00
xfs_ioctl.c fs.idmapped.v6.3 2023-02-20 11:53:11 -08:00
xfs_ioctl.h fs: port ->fileattr_set() to pass mnt_idmap 2023-01-19 09:24:27 +01:00
xfs_iomap.c xfs: don't allocate into the data fork for an unshare request 2023-05-02 09:14:51 +10:00
xfs_iomap.h xfs: use iomap_valid method to detect stale cached iomaps 2022-11-29 09:09:17 +11:00
xfs_iops.c fs: port vfs{g,u}id helpers to mnt_idmap 2023-01-19 09:24:30 +01:00
xfs_iops.h fs: port ->setattr() to pass mnt_idmap 2023-01-19 09:24:02 +01:00
xfs_itable.c fs: port i_{g,u}id_into_vfs{g,u}id() to mnt_idmap 2023-01-19 09:24:29 +01:00
xfs_itable.h fs: port i_{g,u}id_into_vfs{g,u}id() to mnt_idmap 2023-01-19 09:24:29 +01:00
xfs_iunlink_item.c xfs: create traced helper to get extra perag references 2023-04-11 18:59:55 -07:00
xfs_iunlink_item.h xfs: add in-memory iunlink log item 2022-07-14 11:47:42 +10:00
xfs_iwalk.c xfs: create traced helper to get extra perag references 2023-04-11 18:59:55 -07:00
xfs_iwalk.h xfs: Decouple XFS_IBULK flags from XFS_IWALK flags 2022-04-13 07:02:44 +00:00
xfs_linux.h xfs: allow queued AG intents to drain before scrubbing 2023-04-11 18:59:58 -07:00
xfs_log_cil.c xfs: xlog_sync() manually adjusts grant head space 2022-07-07 18:56:09 +10:00
xfs_log_priv.h xfs: xlog_sync() manually adjusts grant head space 2022-07-07 18:56:09 +10:00
xfs_log_recover.c xfs: avoid a UAF when log intent item recovery fails 2022-10-18 14:39:29 -07:00
xfs_log.c xfs: wait iclog complete before tearing down AIL 2022-11-30 09:25:46 -08:00
xfs_log.h xfs: move CIL ordering to the logvec chain 2022-07-07 18:56:08 +10:00
xfs_message.c Merge branch 'guilt/xfs-unsigned-flags-5.18' into xfs-5.19-for-next 2022-04-21 16:45:03 +10:00
xfs_message.h xfs: implement per-mount warnings for scrub and shrink usage 2022-05-27 10:31:34 +10:00
xfs_mount.c xfs: fix sb write verify for lazysbcount 2022-11-16 19:20:20 -08:00
xfs_mount.h xfs: check that per-cpu inodegc workers actually run on that cpu 2023-05-02 09:16:12 +10:00
xfs_mru_cache.c xfs: rename _zone variables to _cache 2021-10-22 16:04:20 -07:00
xfs_mru_cache.h
xfs_notify_failure.c xfs: changes for 6.1-rc1 2022-10-10 20:32:10 -07:00
xfs_ondisk.h xfs: fix memcpy fortify errors in EFI log format copying 2022-10-31 08:58:20 -07:00
xfs_pnfs.c fs: port ->setattr() to pass mnt_idmap 2023-01-19 09:24:02 +01:00
xfs_pnfs.h
xfs_pwork.c
xfs_pwork.h
xfs_qm_bhv.c xfs: replace xfs_sb_version checks with feature flag checks 2021-08-19 10:07:12 -07:00
xfs_qm_syscalls.c xfs: introduce xfs_inodegc_push() 2022-06-23 13:34:38 -07:00
xfs_qm.c xfs: quotacheck failure can race with background inode inactivation 2023-03-05 15:13:22 -08:00
xfs_qm.h xfs: remove quota warning limit from struct xfs_quota_limits 2022-05-11 17:12:09 +10:00
xfs_quota.h xfs: queue inactivation immediately when quota is nearing enforcement 2021-08-09 10:52:18 -07:00
xfs_quotaops.c xfs: don't set quota warning values 2022-05-11 17:12:09 +10:00
xfs_refcount_item.c xfs: allow queued AG intents to drain before scrubbing 2023-04-11 18:59:58 -07:00
xfs_refcount_item.h xfs: rename _zone variables to _cache 2021-10-22 16:04:20 -07:00
xfs_reflink.c xfs: active perag reference counting 2023-02-13 09:14:42 +11:00
xfs_reflink.h xfs: pass perag to xfs_alloc_read_agf() 2022-07-07 19:07:40 +10:00
xfs_rmap_item.c xfs: allow queued AG intents to drain before scrubbing 2023-04-11 18:59:58 -07:00
xfs_rmap_item.h xfs: rename _zone variables to _cache 2021-10-22 16:04:20 -07:00
xfs_rtalloc.c xfs: make rtbitmap ILOCKing consistent when scanning the rt bitmap file 2022-11-16 15:25:03 -08:00
xfs_rtalloc.h xfs: recalculate free rt extents after log recovery 2022-04-12 06:49:42 +10:00
xfs_stats.c xfs: replace unnecessary seq_printf with seq_puts 2022-09-19 06:48:14 +10:00
xfs_stats.h
xfs_super.c xfs: check that per-cpu inodegc workers actually run on that cpu 2023-05-02 09:16:12 +10:00
xfs_super.h xfs: implement ->notify_failure() for XFS 2022-07-17 17:14:30 -07:00
xfs_symlink.c fs: port fs{g,u}id helpers to mnt_idmap 2023-01-19 09:24:30 +01:00
xfs_symlink.h fs: port inode_init_owner() to mnt_idmap 2023-01-19 09:24:28 +01:00
xfs_sysctl.c
xfs_sysctl.h xfs: Add larp debug option 2022-05-11 17:01:22 +10:00
xfs_sysfs.c xfs: make kobj_type structures constant 2023-02-10 08:59:48 -08:00
xfs_sysfs.h xfs: make kobj_type structures constant 2023-02-10 08:59:48 -08:00
xfs_trace.c xfs: add debug knob to slow down writeback for fun 2022-11-28 17:24:35 -08:00
xfs_trace.h xfs: allow queued AG intents to drain before scrubbing 2023-04-11 18:59:58 -07:00
xfs_trans_ail.c xfs: shut up -Wuninitialized in xfsaild_push 2022-11-30 08:55:18 -08:00
xfs_trans_buf.c xfs: introduce xfs_buf_daddr() 2021-08-19 10:07:14 -07:00
xfs_trans_dquot.c xfs: remove quota warning limit from struct xfs_quota_limits 2022-05-11 17:12:09 +10:00
xfs_trans_priv.h xfs: convert log vector chain to use list heads 2022-07-07 18:55:59 +10:00
xfs_trans.c xfs: don't assert fail on transaction cancel with deferred ops 2023-02-11 04:12:06 +11:00
xfs_trans.h xfs: t_firstblock is tracking AGs not blocks 2023-02-11 04:11:06 +11:00
xfs_xattr.c xfs: revert commit 8954c44ff4 2023-02-10 09:06:06 -08:00
xfs_xattr.h xfs: move xfs_attr_use_log_assist usage out of libxfs 2022-05-27 10:34:04 +10:00
xfs.h