Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 646caa9c authored by Jan Kara's avatar Jan Kara Committed by Theodore Ts'o
Browse files

ext4: fix deadlock during page writeback 



Commit 06bd3c36 (ext4: fix data exposure after a crash) uncovered a
deadlock in ext4_writepages() which was previously much harder to hit.
After this commit xfstest generic/130 reproduces the deadlock on small
filesystems.

The problem happens when ext4_do_update_inode() sets LARGE_FILE feature
and marks current inode handle as synchronous. That subsequently results
in ext4_journal_stop() called from ext4_writepages() to block waiting for
transaction commit while still holding page locks, reference to io_end,
and some prepared bio in mpd structure each of which can possibly block
transaction commit from completing and thus results in deadlock.

Fix the problem by releasing page locks, io_end reference, and
submitting prepared bio before calling ext4_journal_stop().

[ Changed to defer the call to ext4_journal_stop() only if the handle
  is synchronous.  --tytso ]

Reported-and-tested-by: default avatarEryu Guan <eguan@redhat.com>
Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
CC: stable@vger.kernel.org
Signed-off-by: default avatarJan Kara <jack@suse.cz>
parent fa964540

fs/ext4/inode.c

+26 −3
Original line number Diff line number Diff line
@@ -2754,12 +2754,35 @@ static int ext4_writepages(struct address_space *mapping, 
				done = true;

			}

		}

		/*

		 * Caution: If the handle is synchronous,

		 * ext4_journal_stop() can wait for transaction commit

		 * to finish which may depend on writeback of pages to

		 * complete or on page lock to be released.  In that

		 * case, we have to wait until after after we have

		 * submitted all the IO, released page locks we hold,

		 * and dropped io_end reference (for extent conversion

		 * to be able to complete) before stopping the handle.

		 */

		if (!ext4_handle_valid(handle) || handle->h_sync == 0) {

			ext4_journal_stop(handle);

			handle = NULL;

		}

		/* Submit prepared bio */

		ext4_io_submit(&mpd.io_submit);

		/* Unlock pages we didn't use */

		mpage_release_unused_pages(&mpd, give_up_on_write);

		/* Drop our io_end reference we got from init */

		/*

		 * Drop our io_end reference we got from init. We have

		 * to be careful and use deferred io_end finishing if

		 * we are still holding the transaction as we can

		 * release the last reference to io_end which may end

		 * up doing unwritten extent conversion.

		 */

		if (handle) {

			ext4_put_io_end_defer(mpd.io_submit.io_end);

			ext4_journal_stop(handle);

		} else

			ext4_put_io_end(mpd.io_submit.io_end);



		if (ret == -ENOSPC && sbi->s_journal) {