Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp2983791imm; Sun, 1 Jul 2018 09:41:15 -0700 (PDT) X-Google-Smtp-Source: AAOMgpeIAOXUUaofWC5IlVS0djCbsfj/al1Y5jfdk6Nw+G6KsWYCpsWPpJ9ngdV0o555Hq7a9RtL X-Received: by 2002:a65:4c87:: with SMTP id m7-v6mr18738865pgt.98.1530463275102; Sun, 01 Jul 2018 09:41:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530463275; cv=none; d=google.com; s=arc-20160816; b=RmsR1iFwuDuFSlhGE0owCxdchUwRibRlfVBr4JpBin7AiOf+5uZUxlpskmu+65YNjP bCxkLcHWUjcjjbqLatAQdWJEmpO4TmYrGNVlesgwwwi9QSANnQbXGBM/2iehY7jSilLF 5PnrO0tdpQkhough7dVwkiMw8xRs32xnLwZEEaZeIMucBqOxWGOaU6P07RInx434/hu5 5yqp76rcJHwxuRTsduLDkh1nk6v+eJOR5Rx7TmuYYfyh0bnKwRjn3VouJ/1CUWw8rQGP QTk8aaO8HSTnGekLaSCtA5mBMjSidPN55Wkpi01cXqgAIttI6GY5n4NwunH2UOA9QHQc xY7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=H5opABoouQlb5h2RxzzhTlkSZWL/EuzTqcL104PO2JU=; b=bxxLFFBXWjilXxltjuYBHt3jcCi0VhFonHS0XfVYWfBTweU27BjwcmCp5d6IyhQUB2 v/nK2pwK4gFRy2zfbFeL8rcJ6fuq4XW77vdnLxhJ8igmLx9JY7iNbS3evMMZYGVp/v4X 3w6xfwHZvW6qIfxgpdfnqG9M6KzpRuPnhOL1WQm1ZUmh4pxKdEcnOhOyfuQcija65K29 sJLViDEcDbFlX8fWhHDnRyD8kl/TWTHceURqbHcpBAwhNxfdugJPXqNoZ7i3dRGiJ/Hn 1PP306QRZAkw3bBLFhIlrK4SSsVnsSGtGj4VWRE3NDQht4Hf0LN4VSuZhyQAtz7g1BRL c5EQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r3-v6si12603687pgo.606.2018.07.01.09.41.01; Sun, 01 Jul 2018 09:41:15 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1031845AbeGAQkD (ORCPT + 99 others); Sun, 1 Jul 2018 12:40:03 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:37062 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1031787AbeGAQj7 (ORCPT ); Sun, 1 Jul 2018 12:39:59 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 6341EA73; Sun, 1 Jul 2018 16:39:58 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Tejun Heo , Joshua Miller , Johannes Weiner , Jan Kara , Miklos Szeredi Subject: [PATCH 4.17 040/220] fuse: fix congested state leak on aborted connections Date: Sun, 1 Jul 2018 18:21:04 +0200 Message-Id: <20180701160910.003725140@linuxfoundation.org> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180701160908.272447118@linuxfoundation.org> References: <20180701160908.272447118@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.17-stable review patch. If anyone has any objections, please let me know. ------------------ From: Tejun Heo commit 8a301eb16d99983a4961f884690ec97b92e7dcfe upstream. If a connection gets aborted while congested, FUSE can leave nr_wb_congested[] stuck until reboot causing wait_iff_congested() to wait spuriously which can lead to severe performance degradation. The leak is caused by gating congestion state clearing with fc->connected test in request_end(). This was added way back in 2009 by 26c3679101db ("fuse: destroy bdi on umount"). While the commit description doesn't explain why the test was added, it most likely was to avoid dereferencing bdi after it got destroyed. Since then, bdi lifetime rules have changed many times and now we're always guaranteed to have access to the bdi while the superblock is alive (fc->sb). Drop fc->connected conditional to avoid leaking congestion states. Signed-off-by: Tejun Heo Reported-by: Joshua Miller Cc: Johannes Weiner Cc: stable@vger.kernel.org # v2.6.29+ Acked-by: Jan Kara Signed-off-by: Miklos Szeredi Signed-off-by: Greg Kroah-Hartman --- fs/fuse/dev.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/fs/fuse/dev.c +++ b/fs/fuse/dev.c @@ -381,8 +381,7 @@ static void request_end(struct fuse_conn if (!fc->blocked && waitqueue_active(&fc->blocked_waitq)) wake_up(&fc->blocked_waitq); - if (fc->num_background == fc->congestion_threshold && - fc->connected && fc->sb) { + if (fc->num_background == fc->congestion_threshold && fc->sb) { clear_bdi_congested(fc->sb->s_bdi, BLK_RW_SYNC); clear_bdi_congested(fc->sb->s_bdi, BLK_RW_ASYNC); }