From f3e22f48f37c1e14441c9f72ca8e63b1d4516745 Mon Sep 17 00:00:00 2001 From: Frederic Weisbecker Date: Sun, 3 Jan 2010 03:44:53 +0100 Subject: reiserfs: Fix mistake in down_write() conversion Fix a mistake in commit 0719d3434747889b314a1e8add776418c4148bcf (reiserfs: Fix reiserfs lock <-> i_xattr_sem dependency inversion) that has converted a down_write() into a down_read() accidentally. Signed-off-by: Frederic Weisbecker Cc: Christian Kujau Cc: Alexander Beregalov Cc: Chris Mason Cc: Ingo Molnar diff --git a/fs/reiserfs/xattr.c b/fs/reiserfs/xattr.c index 9623cfe..75d3706 100644 --- a/fs/reiserfs/xattr.c +++ b/fs/reiserfs/xattr.c @@ -495,7 +495,7 @@ reiserfs_xattr_set_handle(struct reiserfs_transaction_handle *th, return PTR_ERR(dentry); } - down_read(&REISERFS_I(inode)->i_xattr_sem); + down_write(&REISERFS_I(inode)->i_xattr_sem); reiserfs_write_lock(inode->i_sb); -- cgit v0.10.2 From 5fe1533fda8ae005541bd418a7a8bc4fa0cda522 Mon Sep 17 00:00:00 2001 From: Frederic Weisbecker Date: Mon, 4 Jan 2010 22:04:01 +0100 Subject: reiserfs: Fix recursive lock on lchown On chown, reiserfs will call reiserfs_setattr() to change the owner of the given inode, but it may also recursively call reiserfs_setattr() to propagate the owner change to the private xattr files for this inode. Hence, the reiserfs lock may be acquired twice which is not wanted as reiserfs_setattr() calls journal_begin() that is going to try to relax the lock in order to safely acquire the journal mutex. Using reiserfs_write_lock_once() from reiserfs_setattr() solves the problem. This fixes the following warning, that precedes a lockdep report. WARNING: at fs/reiserfs/lock.c:95 reiserfs_lock_check_recursive+0x3f/0x50() Hardware name: MS-7418 Unwanted recursive reiserfs lock! Pid: 4189, comm: fsstress Not tainted 2.6.33-rc2-tip-atom+ #195 Call Trace: [] ? reiserfs_lock_check_recursive+0x3f/0x50 [] ? reiserfs_lock_check_recursive+0x3f/0x50 [] warn_slowpath_common+0x6c/0xc0 [] ? reiserfs_lock_check_recursive+0x3f/0x50 [] warn_slowpath_fmt+0x2b/0x30 [] reiserfs_lock_check_recursive+0x3f/0x50 [] do_journal_begin_r+0x83/0x350 [] journal_begin+0x7d/0x140 [] ? in_group_p+0x2a/0x30 [] ? inode_change_ok+0x91/0x140 [] reiserfs_setattr+0x15d/0x2e0 [] ? dput+0xe3/0x140 [] ? _raw_spin_unlock+0x2c/0x50 [] chown_one_xattr+0xd/0x10 [] reiserfs_for_each_xattr+0x113/0x2c0 [] ? chown_one_xattr+0x0/0x10 [] ? mutex_lock_nested+0x2a9/0x350 [] reiserfs_chown_xattrs+0x1f/0x60 [] ? in_group_p+0x2a/0x30 [] ? inode_change_ok+0x91/0x140 [] reiserfs_setattr+0x126/0x2e0 [] ? reiserfs_getxattr+0x0/0x90 [] ? cap_inode_need_killpriv+0x37/0x50 [] notify_change+0x151/0x330 [] chown_common+0x6f/0x90 [] sys_lchown+0x6d/0x80 [] sysenter_do_call+0x12/0x32 ---[ end trace 7c2b77224c1442fc ]--- Signed-off-by: Frederic Weisbecker Cc: Christian Kujau Cc: Alexander Beregalov Cc: Chris Mason Cc: Ingo Molnar diff --git a/fs/reiserfs/inode.c b/fs/reiserfs/inode.c index bd615df..47dbfb1 100644 --- a/fs/reiserfs/inode.c +++ b/fs/reiserfs/inode.c @@ -3052,13 +3052,14 @@ static ssize_t reiserfs_direct_IO(int rw, struct kiocb *iocb, int reiserfs_setattr(struct dentry *dentry, struct iattr *attr) { struct inode *inode = dentry->d_inode; - int error; unsigned int ia_valid; + int depth; + int error; /* must be turned off for recursive notify_change calls */ ia_valid = attr->ia_valid &= ~(ATTR_KILL_SUID|ATTR_KILL_SGID); - reiserfs_write_lock(inode->i_sb); + depth = reiserfs_write_lock_once(inode->i_sb); if (attr->ia_valid & ATTR_SIZE) { /* version 2 items will be caught by the s_maxbytes check ** done for us in vmtruncate @@ -3149,7 +3150,8 @@ int reiserfs_setattr(struct dentry *dentry, struct iattr *attr) } out: - reiserfs_write_unlock(inode->i_sb); + reiserfs_write_unlock_once(inode->i_sb, depth); + return error; } -- cgit v0.10.2 From 108d3943c021f0b66e860ba98ded40b82b677bd7 Mon Sep 17 00:00:00 2001 From: Frederic Weisbecker Date: Tue, 5 Jan 2010 00:15:38 +0100 Subject: reiserfs: Relax the lock before truncating pages While truncating a file, reiserfs_setattr() calls inode_setattr() that will truncate the mapping for the given inode, but for that it needs the pages locks. In order to release these, the owners need the reiserfs lock to complete their jobs. But they can't, as we don't release it before calling inode_setattr(). We need to do that to fix the following softlockups: INFO: task flush-8:0:2149 blocked for more than 120 seconds. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. flush-8:0 D f51af998 0 2149 2 0x00000000 f51af9ac 00000092 00000002 f51af998 c2803304 00000000 c1894ad0 010f3000 f51af9cc c1462604 c189ef80 f51af974 c1710304 f715b450 f715b5ec c2807c40 00000000 0005bb00 c2803320 c102c55b c1710304 c2807c50 c2803304 00000246 Call Trace: [] ? schedule+0x434/0xb20 [] ? resched_task+0x4b/0x70 [] ? mark_held_locks+0x62/0x80 [] ? mutex_lock_nested+0x1fd/0x350 [] mutex_lock_nested+0x169/0x350 [] ? reiserfs_write_lock+0x2e/0x40 [] reiserfs_write_lock+0x2e/0x40 [] do_journal_end+0xc2/0xe70 [] journal_end+0xb2/0x120 [] ? pathrelse+0x33/0xb0 [] reiserfs_end_persistent_transaction+0x64/0x70 [] reiserfs_get_block+0x12ba/0x15f0 [] ? mark_held_locks+0x62/0x80 [] reiserfs_writepage+0xa74/0xe80 [] ? _raw_spin_unlock_irq+0x27/0x50 [] ? radix_tree_gang_lookup_tag_slot+0x95/0xc0 [] ? find_get_pages_tag+0x127/0x1a0 [] ? mark_held_locks+0x62/0x80 [] ? trace_hardirqs_on_caller+0x124/0x170 [] __writepage+0x10/0x40 [] write_cache_pages+0x16b/0x320 [] ? __writepage+0x0/0x40 [] generic_writepages+0x28/0x40 [] do_writepages+0x35/0x40 [] writeback_single_inode+0xc7/0x330 [] writeback_inodes_wb+0x2c2/0x490 [] wb_writeback+0x106/0x1b0 [] wb_do_writeback+0x106/0x1e0 [] ? wb_do_writeback+0x28/0x1e0 [] bdi_writeback_task+0x3a/0xb0 [] bdi_start_fn+0x63/0xc0 [] ? bdi_start_fn+0x0/0xc0 [] kthread+0x74/0x80 [] ? kthread+0x0/0x80 [] kernel_thread_helper+0x6/0x10 3 locks held by flush-8:0/2149: #0: (&type->s_umount_key#30){+++++.}, at: [] writeback_inodes_wb+0x27f/0x490 #1: (&journal->j_mutex){+.+...}, at: [] do_journal_end+0xba/0xe70 #2: (&REISERFS_SB(s)->lock){+.+.+.}, at: [] reiserfs_write_lock+0x2e/0x40 INFO: task fstest:3813 blocked for more than 120 seconds. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. fstest D 00000002 0 3813 3812 0x00000000 f5103c94 00000082 f5103c40 00000002 f5ad5450 00000007 f5103c28 011f3000 00000006 f5ad5450 c10bb005 00000480 c1710304 f5ad5450 f5ad55ec c2907c40 00000001 f5ad5450 f5103c74 00000046 00000002 f5ad5450 00000007 f5103c6c Call Trace: [] ? free_hot_cold_page+0x1d5/0x280 [] io_schedule+0x74/0xc0 [] sync_page+0x35/0x60 [] __wait_on_bit_lock+0x4a/0x90 [] ? sync_page+0x0/0x60 [] __lock_page+0x85/0x90 [] ? wake_bit_function+0x0/0x60 [] truncate_inode_pages_range+0x1e4/0x2d0 [] truncate_inode_pages+0x1f/0x30 [] truncate_pagecache+0x5f/0xa0 [] vmtruncate+0x5a/0x70 [] inode_setattr+0x5d/0x190 [] reiserfs_setattr+0x1f7/0x2f0 [] ? down_write+0x49/0x70 [] notify_change+0x151/0x330 [] do_truncate+0x6d/0xa0 [] do_filp_open+0x9a2/0xcf0 [] ? _raw_spin_unlock+0x2c/0x50 [] ? alloc_fd+0xe0/0x100 [] do_sys_open+0x6d/0x130 [] ? sysenter_exit+0xf/0x16 [] sys_open+0x2e/0x40 [] sysenter_do_call+0x12/0x32 3 locks held by fstest/3813: #0: (&sb->s_type->i_mutex_key#4){+.+.+.}, at: [] do_truncate+0x63/0xa0 #1: (&sb->s_type->i_alloc_sem_key#3){+.+.+.}, at: [] notify_change+0x257/0x330 #2: (&REISERFS_SB(s)->lock){+.+.+.}, at: [] reiserfs_write_lock_once+0x2e/0x50 Signed-off-by: Frederic Weisbecker Cc: Christian Kujau Cc: Alexander Beregalov Cc: Chris Mason Cc: Ingo Molnar diff --git a/fs/reiserfs/inode.c b/fs/reiserfs/inode.c index 47dbfb1..c876341 100644 --- a/fs/reiserfs/inode.c +++ b/fs/reiserfs/inode.c @@ -3140,8 +3140,17 @@ int reiserfs_setattr(struct dentry *dentry, struct iattr *attr) journal_end(&th, inode->i_sb, jbegin_count); } } - if (!error) + if (!error) { + /* + * Relax the lock here, as it might truncate the + * inode pages and wait for inode pages locks. + * To release such page lock, the owner needs the + * reiserfs lock + */ + reiserfs_write_unlock_once(inode->i_sb, depth); error = inode_setattr(inode, attr); + depth = reiserfs_write_lock_once(inode->i_sb); + } } if (!error && reiserfs_posixacl(inode->i_sb)) { -- cgit v0.10.2 From 4f3be1b5a98587b86cae05aa5d129dd0b3fff466 Mon Sep 17 00:00:00 2001 From: Frederic Weisbecker Date: Tue, 5 Jan 2010 02:14:30 +0100 Subject: reiserfs: Relax lock on xattr removing When we remove an xattr, we call lookup_and_delete_xattr() that takes some private xattr inodes mutexes. But we hold the reiserfs lock at this time, which leads to dependency inversions. We can safely call lookup_and_delete_xattr() without the reiserfs lock, where xattr inodes lookups only need the xattr inodes mutexes. Signed-off-by: Frederic Weisbecker Cc: Christian Kujau Cc: Alexander Beregalov Cc: Chris Mason Cc: Ingo Molnar diff --git a/fs/reiserfs/xattr.c b/fs/reiserfs/xattr.c index 75d3706..4899d78 100644 --- a/fs/reiserfs/xattr.c +++ b/fs/reiserfs/xattr.c @@ -451,7 +451,9 @@ static int lookup_and_delete_xattr(struct inode *inode, const char *name) } if (dentry->d_inode) { + reiserfs_write_lock(inode->i_sb); err = xattr_unlink(xadir->d_inode, dentry); + reiserfs_write_unlock(inode->i_sb); update_ctime(inode); } @@ -485,10 +487,14 @@ reiserfs_xattr_set_handle(struct reiserfs_transaction_handle *th, if (get_inode_sd_version(inode) == STAT_DATA_V1) return -EOPNOTSUPP; - if (!buffer) - return lookup_and_delete_xattr(inode, name); - reiserfs_write_unlock(inode->i_sb); + + if (!buffer) { + err = lookup_and_delete_xattr(inode, name); + reiserfs_write_lock(inode->i_sb); + return err; + } + dentry = xattr_lookup(inode, name, flags); if (IS_ERR(dentry)) { reiserfs_write_lock(inode->i_sb); -- cgit v0.10.2 From 6c28705418de012216161b14a2ff1dda3da3d786 Mon Sep 17 00:00:00 2001 From: Frederic Weisbecker Date: Thu, 7 Jan 2010 12:57:47 +0100 Subject: reiserfs: Don't call reiserfs_get_acl() with the reiserfs lock reiserfs_get_acl is usually not called under the reiserfs lock, as it doesn't need it. But it happens when it is called by reiserfs_acl_chmod(), which creates a dependency inversion against the private xattr inodes mutexes for the given inode. We need to call it without the reiserfs lock, especially since it's unnecessary. Signed-off-by: Frederic Weisbecker Cc: Christian Kujau Cc: Alexander Beregalov Cc: Chris Mason Cc: Ingo Molnar diff --git a/fs/reiserfs/xattr_acl.c b/fs/reiserfs/xattr_acl.c index 35d6e67..f559c9e 100644 --- a/fs/reiserfs/xattr_acl.c +++ b/fs/reiserfs/xattr_acl.c @@ -452,7 +452,9 @@ int reiserfs_acl_chmod(struct inode *inode) return 0; } + reiserfs_write_unlock(inode->i_sb); acl = reiserfs_get_acl(inode, ACL_TYPE_ACCESS); + reiserfs_write_lock(inode->i_sb); if (!acl) return 0; if (IS_ERR(acl)) -- cgit v0.10.2 From e0baec1b63632f25ea8101b76edaca0accc061ec Mon Sep 17 00:00:00 2001 From: Jiri Slaby Date: Wed, 6 Jan 2010 23:09:50 +0100 Subject: reiserfs: Fix unreachable statement Stanse found an unreachable statement in reiserfs_ioctl. There is a if followed by error assignment and `break' with no braces. Add the braces so that we don't break every time, but only in error case, so that REISERFS_IOC_SETVERSION actually works when it returns no error. Signed-off-by: Jiri Slaby Cc: Reiserfs Cc: Andrew Morton Signed-off-by: Frederic Weisbecker diff --git a/fs/reiserfs/ioctl.c b/fs/reiserfs/ioctl.c index ace7745..f53505d 100644 --- a/fs/reiserfs/ioctl.c +++ b/fs/reiserfs/ioctl.c @@ -104,9 +104,10 @@ setflags_out: err = put_user(inode->i_generation, (int __user *)arg); break; case REISERFS_IOC_SETVERSION: - if (!is_owner_or_cap(inode)) + if (!is_owner_or_cap(inode)) { err = -EPERM; break; + } err = mnt_want_write(filp->f_path.mnt); if (err) break; -- cgit v0.10.2 From 31370f62baa1460b785cee9944bdcaf63d19e567 Mon Sep 17 00:00:00 2001 From: Frederic Weisbecker Date: Thu, 7 Jan 2010 15:55:31 +0100 Subject: reiserfs: Relax reiserfs_xattr_set_handle() while acquiring xattr locks Fix remaining xattr locks acquired in reiserfs_xattr_set_handle() while we are holding the reiserfs lock to avoid lock inversions. Signed-off-by: Frederic Weisbecker Cc: Christian Kujau Cc: Alexander Beregalov Cc: Chris Mason Cc: Ingo Molnar diff --git a/fs/reiserfs/xattr.c b/fs/reiserfs/xattr.c index 4899d78..7fee995 100644 --- a/fs/reiserfs/xattr.c +++ b/fs/reiserfs/xattr.c @@ -559,8 +559,12 @@ reiserfs_xattr_set_handle(struct reiserfs_transaction_handle *th, .ia_size = buffer_size, .ia_valid = ATTR_SIZE | ATTR_CTIME, }; + + reiserfs_write_unlock(inode->i_sb); mutex_lock_nested(&dentry->d_inode->i_mutex, I_MUTEX_XATTR); down_write(&dentry->d_inode->i_alloc_sem); + reiserfs_write_lock(inode->i_sb); + err = reiserfs_setattr(dentry, &newattrs); up_write(&dentry->d_inode->i_alloc_sem); mutex_unlock(&dentry->d_inode->i_mutex); -- cgit v0.10.2