Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4a2d01b0 authored Jun 07, 2018 by Dave Chinner Committed by Darrick J. Wong Jun 08, 2018

xfs: xfs_reflink_convert_cow() memory allocation deadlock



xfs_reflink_convert_cow() manipulates the incore extent list
in GFP_KERNEL context in the IO submission path whilst holding
locked pages under writeback. This is a memory reclaim deadlock
vector. This code is not in a transaction, so any memory allocations
it makes aren't protected via the memalloc_nofs_save() context that
transactions carry.

Hence we need to run this call under memalloc_nofs_save() context to
prevent potential memory allocations from being run as GFP_KERNEL
and deadlocking.

Signed-Off-By: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Allison Henderson <allison.henderson@oracle.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>

parent ef215e39

fs/xfs/xfs_aops.c

+11 −0

Original line number	Original line	Diff line number	Diff line
	@@ -531,8 +531,19 @@ xfs_submit_ioend(
	{		{
	/* Convert CoW extents to regular */		/* Convert CoW extents to regular */
	if (!status && ioend->io_type == XFS_IO_COW) {		if (!status && ioend->io_type == XFS_IO_COW) {
			/*
			* Yuk. This can do memory allocation, but is not a
			* transactional operation so everything is done in GFP_KERNEL
			* context. That can deadlock, because we hold pages in
			* writeback state and GFP_KERNEL allocations can block on them.
			* Hence we must operate in nofs conditions here.
			*/
			unsigned nofs_flag;

			nofs_flag = memalloc_nofs_save();
	status = xfs_reflink_convert_cow(XFS_I(ioend->io_inode),		status = xfs_reflink_convert_cow(XFS_I(ioend->io_inode),
	ioend->io_offset, ioend->io_size);		ioend->io_offset, ioend->io_size);
			memalloc_nofs_restore(nofs_flag);
	}		}

	/* Reserve log space if we might write beyond the on-disk inode size. */		/* Reserve log space if we might write beyond the on-disk inode size. */

fs/xfs/xfs_buf.c

+0 −1

Original line number	Original line	Diff line number	Diff line
	@@ -21,7 +21,6 @@
	#include <linux/migrate.h>		#include <linux/migrate.h>
	#include <linux/backing-dev.h>		#include <linux/backing-dev.h>
	#include <linux/freezer.h>		#include <linux/freezer.h>
	#include <linux/sched/mm.h>

	#include "xfs_format.h"		#include "xfs_format.h"
	#include "xfs_log_format.h"		#include "xfs_log_format.h"

fs/xfs/xfs_linux.h

+1 −0

Original line number	Original line	Diff line number	Diff line
	@@ -26,6 +26,7 @@ typedef __u32 xfs_nlink_t;

	#include <linux/semaphore.h>		#include <linux/semaphore.h>
	#include <linux/mm.h>		#include <linux/mm.h>
			#include <linux/sched/mm.h>
	#include <linux/kernel.h>		#include <linux/kernel.h>
	#include <linux/blkdev.h>		#include <linux/blkdev.h>
	#include <linux/slab.h>		#include <linux/slab.h>