Received: by 2002:a17:90a:9103:0:0:0:0 with SMTP id k3csp11816650pjo; Thu, 2 Jan 2020 14:47:48 -0800 (PST) X-Google-Smtp-Source: APXvYqwAMLtBAwpkzoanFH9byZdxztuRJgQdVbJQ9mAWGP68bcGdehuVUji/+iSgvgvDPc+Q2r0p X-Received: by 2002:a9d:6c01:: with SMTP id f1mr89911216otq.133.1578005268065; Thu, 02 Jan 2020 14:47:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1578005268; cv=none; d=google.com; s=arc-20160816; b=ceAQ6CaaxkrnTVr838KdtDYRwDYltt40KwH/wf96PE8NMa/ivTKsyJAfcBG+xuvWn3 1dIvhssQjnGS/QRcQOByBu5NOPw9LDWoZA4jJbZWB4q5TYm5S3jzLdajm30reUxTRHoD /jBox3u3Jp1s0kYyDg4OeXjciBKgs8n4QRRBePLc336FT7uC5PskM/dfnBH0pJ4tFTiZ R6eV9iZTE/+BNnQjzxv4SN0ZB7XQQHwcY4WcKCOYBTwZrW8d5gr6AzQiWXI0qSu7UX9L +WJjharpMIMJc6etqkZYaaj+UWI+7I7rmRXBpMOHs4fbNMX/aCATdFclhYud89d4TXd1 67Hw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=BKnGRCMWqcrbasaif1Crluj6eUh9D6bld+v9WMRKfLU=; b=dpac7SAARkU5Y1sFsyvT6Vlo89bKC6dbGhAz7z7gEow0zWbt5gxm/Hwf799lu0FJw+ UFAaZPxpHW34CeFqjmnumckEswZ6xuwHM6ifxqRd+GQ6uV5pfNWjnzS12WV/62KO4p9F JteIqzAJVCmOfm1CMzQEnBFK7t8jqBbcTvunrJp/NhpcriBKQVUg1pdFw9w2hDYL0YCd 91AWss4YQGu5i6tDlT0nGGjCHh34kEvqJufoKwnSCiQ+Gs4JgUJsX5zZoE80vpD4pAJM 51K4fARZ7syoyR3e8paItXGS+BID3h7irhxPBq0LLT3yyzPt+UpevgshQO3a34CkSbG9 L9dg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=MfwnlQQO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i15si28031996otk.120.2020.01.02.14.47.36; Thu, 02 Jan 2020 14:47:48 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=MfwnlQQO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729791AbgABWay (ORCPT + 99 others); Thu, 2 Jan 2020 17:30:54 -0500 Received: from mail.kernel.org ([198.145.29.99]:35244 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730019AbgABWav (ORCPT ); Thu, 2 Jan 2020 17:30:51 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 7C02820863; Thu, 2 Jan 2020 22:30:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1578004251; bh=obYcbybQK0iRzuQodJ35Y2/yu1p1+C2bxabYBA70L0c=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=MfwnlQQOvgNIh0qLMZiGXcxFfLSZQloPPa9ljjmIri81y5sZqGmJrhQfl9yQ/E2go gY1TeVDl0fcNsu27R1a3NJ+Zj/F1wPXipZxVhRAuRnGNtH4l63Uuur2o8x0jxUnaA1 dYvXc+MRHUOyT7WqFdYUA0pqZRAOgbQ9bNsV9axw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Johannes Thumshirn , Omar Sandoval , David Sterba , Sasha Levin Subject: [PATCH 4.9 075/171] btrfs: dont prematurely free work in end_workqueue_fn() Date: Thu, 2 Jan 2020 23:06:46 +0100 Message-Id: <20200102220557.382989729@linuxfoundation.org> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200102220546.960200039@linuxfoundation.org> References: <20200102220546.960200039@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Omar Sandoval [ Upstream commit 9be490f1e15c34193b1aae17da58e14dd9f55a95 ] Currently, end_workqueue_fn() frees the end_io_wq entry (which embeds the work item) and then calls bio_endio(). This is another potential instance of the bug in "btrfs: don't prematurely free work in run_ordered_work()". In particular, the endio call may depend on other work items. For example, btrfs_end_dio_bio() can call btrfs_subio_endio_read() -> __btrfs_correct_data_nocsum() -> dio_read_error() -> submit_dio_repair_bio(), which submits a bio that is also completed through a end_workqueue_fn() work item. However, __btrfs_correct_data_nocsum() waits for the newly submitted bio to complete, thus it depends on another work item. This example currently usually works because we use different workqueue helper functions for BTRFS_WQ_ENDIO_DATA and BTRFS_WQ_ENDIO_DIO_REPAIR. However, it may deadlock with stacked filesystems and is fragile overall. The proper fix is to free the work item at the very end of the work function, so let's do that. Reviewed-by: Johannes Thumshirn Signed-off-by: Omar Sandoval Reviewed-by: David Sterba Signed-off-by: David Sterba Signed-off-by: Sasha Levin --- fs/btrfs/disk-io.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c index 9d3352fe8dc9..b37519241eb1 100644 --- a/fs/btrfs/disk-io.c +++ b/fs/btrfs/disk-io.c @@ -1712,8 +1712,8 @@ static void end_workqueue_fn(struct btrfs_work *work) bio->bi_error = end_io_wq->error; bio->bi_private = end_io_wq->private; bio->bi_end_io = end_io_wq->end_io; - kmem_cache_free(btrfs_end_io_wq_cache, end_io_wq); bio_endio(bio); + kmem_cache_free(btrfs_end_io_wq_cache, end_io_wq); } static int cleaner_kthread(void *arg) -- 2.20.1