Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp13337971ybl; Sun, 29 Dec 2019 09:36:32 -0800 (PST) X-Google-Smtp-Source: APXvYqwd1y6FOy0XzKR6nTTtmKkF/6hwegds0ZX7OphAd03uhzxKEure7sJZF0kmnppPb28gWXZm X-Received: by 2002:a9d:6758:: with SMTP id w24mr4991225otm.155.1577640992443; Sun, 29 Dec 2019 09:36:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1577640992; cv=none; d=google.com; s=arc-20160816; b=0XgrzIkoxkfuHB+lNnJVemFklgDxeeD4m/2t5Gi4TLPNgfbGVK7UDzefk4zoUjvwI0 Se4u/a4gHmOBUG2oLHsfeHgJWfLxyL5DSDoExXzJvqqfq7RNIhpH3w1wGkCy5kg41mMT zNBZGZSgvkFVilzGR8pHqw8F/iH+pvl2X5gIWbwsusCaGRnJ0m0YOqrvksCc8G2tOTAL 9W7O8WYWtqsMOD/F6jirk0LZHFkezQLQIvtZmykzMy7mwU/Uhtcb2aNbYKcKOdzw5cor avr/Gzg46gfm+nKCpOHbzvza4LsDfsNcNCHZKF3RDHcD8qYUCpki11gsCTSaVVVGsKv8 WV0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Ym/XDPooeqWvFqdX3e8L4rW/PwZ5a/eK4BLWxZQvYHU=; b=pg82IgWRItbLI5I4xp8X1e6HkCAxUBjfroG99dIA3dnj5o1pc4v+cOrHuwdpU1x8Hu /m2QYv1K5efc5LvOGrDZkB29DTQunPqZDwkfBxC4y1VBP9Y/C2k3NgSJ6nx3IipFYzSM 6GMtdE7fpQI/RIpA/G540/YlsTYiDfzWGR6iYO6K80RANp5DreXrx88uEL2etQSp1UCz pzlqICUcJ0TmEC9jpN8/ASvxA3b1Vi0AOBePvbGWyZKYlpws9yiZ6N2lbFZZJLb6tXrf GMeKte5sp4dq/HX6EC4rWOQ/CtH/EfLTAY90gQZ+wGBzvBzGx+GDX6ctPZMQgkGri+5c R4CQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="MtxbrKY/"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p5si18372142otk.221.2019.12.29.09.36.22; Sun, 29 Dec 2019 09:36:32 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="MtxbrKY/"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729660AbfL2Re3 (ORCPT + 99 others); Sun, 29 Dec 2019 12:34:29 -0500 Received: from mail.kernel.org ([198.145.29.99]:37608 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729654AbfL2Re1 (ORCPT ); Sun, 29 Dec 2019 12:34:27 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id E4D6E20722; Sun, 29 Dec 2019 17:34:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1577640866; bh=3MT5Pn4+6qijKisbmLqDKesXReo8INr9hLDSMZh9lrw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=MtxbrKY/0dxXjPvB4X6tiRnrXU52FiR6Bjse9raU432SRpyGdEgB2IalyzFqTEjla /5Ah52wlz5PNRcpR81VgCZOthcZQpYBQildJEYS4mkATyFDjSHVkq1vBerE0J+8GWO 9zql+LWLbkJ5f/3P/4PFdu1oqZcX8PL/OFHREETM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Johannes Thumshirn , Omar Sandoval , David Sterba , Sasha Levin Subject: [PATCH 4.19 169/219] btrfs: dont prematurely free work in end_workqueue_fn() Date: Sun, 29 Dec 2019 18:19:31 +0100 Message-Id: <20191229162534.446789038@linuxfoundation.org> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20191229162508.458551679@linuxfoundation.org> References: <20191229162508.458551679@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Omar Sandoval [ Upstream commit 9be490f1e15c34193b1aae17da58e14dd9f55a95 ] Currently, end_workqueue_fn() frees the end_io_wq entry (which embeds the work item) and then calls bio_endio(). This is another potential instance of the bug in "btrfs: don't prematurely free work in run_ordered_work()". In particular, the endio call may depend on other work items. For example, btrfs_end_dio_bio() can call btrfs_subio_endio_read() -> __btrfs_correct_data_nocsum() -> dio_read_error() -> submit_dio_repair_bio(), which submits a bio that is also completed through a end_workqueue_fn() work item. However, __btrfs_correct_data_nocsum() waits for the newly submitted bio to complete, thus it depends on another work item. This example currently usually works because we use different workqueue helper functions for BTRFS_WQ_ENDIO_DATA and BTRFS_WQ_ENDIO_DIO_REPAIR. However, it may deadlock with stacked filesystems and is fragile overall. The proper fix is to free the work item at the very end of the work function, so let's do that. Reviewed-by: Johannes Thumshirn Signed-off-by: Omar Sandoval Reviewed-by: David Sterba Signed-off-by: David Sterba Signed-off-by: Sasha Levin --- fs/btrfs/disk-io.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c index 96296dc7d2ea..e12c37f457e0 100644 --- a/fs/btrfs/disk-io.c +++ b/fs/btrfs/disk-io.c @@ -1660,8 +1660,8 @@ static void end_workqueue_fn(struct btrfs_work *work) bio->bi_status = end_io_wq->status; bio->bi_private = end_io_wq->private; bio->bi_end_io = end_io_wq->end_io; - kmem_cache_free(btrfs_end_io_wq_cache, end_io_wq); bio_endio(bio); + kmem_cache_free(btrfs_end_io_wq_cache, end_io_wq); } static int cleaner_kthread(void *arg) -- 2.20.1