Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp13369818ybl; Sun, 29 Dec 2019 10:15:35 -0800 (PST) X-Google-Smtp-Source: APXvYqzOi+Xzk6DpnXhSU9h/AEnp06CmrDjIhrKTpTEQ2Wdhy5X0fbC6/h73KO7zZ6K/BGP+KHIH X-Received: by 2002:a9d:7f83:: with SMTP id t3mr49046858otp.115.1577643335637; Sun, 29 Dec 2019 10:15:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1577643335; cv=none; d=google.com; s=arc-20160816; b=oXNXAETXQE8446x+HEuGKPrrJ+7uPB7xg9O9a06aoOTfeQbzcNKz8aLyHEn6NwwHSA ahQxYsaUrcRKRc2Dhg81jxZXWmxX1aUq8RQju5WiMlyJINdQ4Zrf6zulna0AyaxLvN7V F7Ba89Lh9rgtV2Xd5qydYRWTq1i/wQeK3wfdBFv9yviW2nCpZWm+Hi4LAvT0qcRsFuBp QgL5JgC8wM4Xp4PWVyEDB6aqYrJ2WVZuMhXwv6HFcghbVM5XIDMwpTeK0cNlKeh5Z9oq 8es/cAIjVYaoGNMThCbij3t2TUEOVOrWw4+4GfGtf55s60jQ6rvxAZIB5sDW3uF9EDJv wNWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=QDDGY9B/rmb6rlhpcem9ohwv98LkgjpU3tmac51BDrA=; b=WeQ5dpUuuRaTJwJZZYcFsWPFCvDc/c6wfeNq4vyUtQrzsqIPLMZ87nTDktFxp5flND 4h/YUDlLsvTdKFDnhGtIyoM86rArfk/J4jtFvbI3vp71WUG0POdJRIso31vnMUpRvbi0 RxjwJwCy80MNdM3JpHYlLqEJEJGm2eGbB6/MT+9BaGzstvZywuTZYpMzLkEE9+U/zeO9 mK7ui9dJzgWvTuAWO+4ienWF5zElmHnPJYyRsfsPy+mAe92/JYfNWVAsykjm9tLwnCYb HiANDTvCBJXEFor9q9v7X/4KoWyLgJ/1ZdKt5T7sG1Bjfeg9WjoXIGJ/ycMl0rQ9CGRl Ux9Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=AID1vrl8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x207si20044059oif.30.2019.12.29.10.15.25; Sun, 29 Dec 2019 10:15:35 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=AID1vrl8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732549AbfL2SOX (ORCPT + 99 others); Sun, 29 Dec 2019 13:14:23 -0500 Received: from mail.kernel.org ([198.145.29.99]:48734 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728303AbfL2R07 (ORCPT ); Sun, 29 Dec 2019 12:26:59 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3F6A920409; Sun, 29 Dec 2019 17:26:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1577640418; bh=5Xgie+60FQk0mG+1cCCfl5sMSjJWibgH5/NSrrUPH7U=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=AID1vrl8Ui6/PfIu/Iyl6/A4HspIFw0BLGtsUK5HRt7+c/Fa+CQLnnjgl8N/X4buU WUv8XrpZXyErv+v7H/vUad9VsU0cDWJvqXcJNSfvtnvoeoakEunaOkLdoTST/ZbDTK m2eTuBLXrz9sSC739OHwQKXeFcvo3dDIVenn387A= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Johannes Thumshirn , Omar Sandoval , David Sterba , Sasha Levin Subject: [PATCH 4.14 123/161] btrfs: dont prematurely free work in end_workqueue_fn() Date: Sun, 29 Dec 2019 18:19:31 +0100 Message-Id: <20191229162436.000166789@linuxfoundation.org> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20191229162355.500086350@linuxfoundation.org> References: <20191229162355.500086350@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Omar Sandoval [ Upstream commit 9be490f1e15c34193b1aae17da58e14dd9f55a95 ] Currently, end_workqueue_fn() frees the end_io_wq entry (which embeds the work item) and then calls bio_endio(). This is another potential instance of the bug in "btrfs: don't prematurely free work in run_ordered_work()". In particular, the endio call may depend on other work items. For example, btrfs_end_dio_bio() can call btrfs_subio_endio_read() -> __btrfs_correct_data_nocsum() -> dio_read_error() -> submit_dio_repair_bio(), which submits a bio that is also completed through a end_workqueue_fn() work item. However, __btrfs_correct_data_nocsum() waits for the newly submitted bio to complete, thus it depends on another work item. This example currently usually works because we use different workqueue helper functions for BTRFS_WQ_ENDIO_DATA and BTRFS_WQ_ENDIO_DIO_REPAIR. However, it may deadlock with stacked filesystems and is fragile overall. The proper fix is to free the work item at the very end of the work function, so let's do that. Reviewed-by: Johannes Thumshirn Signed-off-by: Omar Sandoval Reviewed-by: David Sterba Signed-off-by: David Sterba Signed-off-by: Sasha Levin --- fs/btrfs/disk-io.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c index 813834552aa1..a8ea56218d6b 100644 --- a/fs/btrfs/disk-io.c +++ b/fs/btrfs/disk-io.c @@ -1679,8 +1679,8 @@ static void end_workqueue_fn(struct btrfs_work *work) bio->bi_status = end_io_wq->status; bio->bi_private = end_io_wq->private; bio->bi_end_io = end_io_wq->end_io; - kmem_cache_free(btrfs_end_io_wq_cache, end_io_wq); bio_endio(bio); + kmem_cache_free(btrfs_end_io_wq_cache, end_io_wq); } static int cleaner_kthread(void *arg) -- 2.20.1