If inode->i_blocks is zero then ext4_evict_inode() skips ext4_truncate().
Delayed allocation extents are freed later in ext4_clear_inode() but this
happens when quota reference is already dropped. This leads to leak of
reserved space in quota block, which disappears after umount-mount.
This seems broken for a long time but worked somehow until recent changes
in delayed allocation.
Signed-off-by: Konstantin Khlebnikov <[email protected]>
---
fs/ext4/inode.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 516faa280ced..580898145e8f 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -293,6 +293,15 @@ void ext4_evict_inode(struct inode *inode)
inode->i_ino, err);
goto stop_handle;
}
+ } else if (EXT4_I(inode)->i_reserved_data_blocks) {
+ /* Deaccount reserve if inode has only delayed allocations. */
+ err = ext4_es_remove_extent(inode, 0, EXT_MAX_BLOCKS);
+ if (err) {
+ ext4_warning(inode->i_sb,
+ "couldn't remove extents %lu (err %d)",
+ inode->i_ino, err);
+ goto stop_handle;
+ }
}
/* Remove xattr references. */
On 10/29/19 12:47 PM, Konstantin Khlebnikov wrote:
> If inode->i_blocks is zero then ext4_evict_inode() skips ext4_truncate().
> Delayed allocation extents are freed later in ext4_clear_inode() but this
> happens when quota reference is already dropped. This leads to leak of
> reserved space in quota block, which disappears after umount-mount.
>
> This seems broken for a long time but worked somehow until recent changes
> in delayed allocation.
Sorry, I may have missed it, but could you please help understand
what recent changes in delayed allocation make this break or worse?
A silly query, since I couldn't figure it out. Maybe the code has been
there ever since like this:-
So why can't we just move drop_dquot later after the
ext4_es_remove_extent() (in function ext4_clear_inode)? Any known
problems around that?
-ritesh
>
> Signed-off-by: Konstantin Khlebnikov <[email protected]>
> ---
> fs/ext4/inode.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
> index 516faa280ced..580898145e8f 100644
> --- a/fs/ext4/inode.c
> +++ b/fs/ext4/inode.c
> @@ -293,6 +293,15 @@ void ext4_evict_inode(struct inode *inode)
> inode->i_ino, err);
> goto stop_handle;
> }
> + } else if (EXT4_I(inode)->i_reserved_data_blocks) {
> + /* Deaccount reserve if inode has only delayed allocations. */
> + err = ext4_es_remove_extent(inode, 0, EXT_MAX_BLOCKS);
> + if (err) {
> + ext4_warning(inode->i_sb,
> + "couldn't remove extents %lu (err %d)",
> + inode->i_ino, err);
> + goto stop_handle;
> + }
> }
>
> /* Remove xattr references. */
>
On Fri 08-11-19 11:30:56, Konstantin Khlebnikov wrote:
> On 08/11/2019 05.08, Ritesh Harjani wrote:
> >
> >
> > On 10/29/19 12:47 PM, Konstantin Khlebnikov wrote:
> > > If inode->i_blocks is zero then ext4_evict_inode() skips ext4_truncate().
> > > Delayed allocation extents are freed later in ext4_clear_inode() but this
> > > happens when quota reference is already dropped. This leads to leak of
> > > reserved space in quota block, which disappears after umount-mount.
> > >
> > > This seems broken for a long time but worked somehow until recent changes
> > > in delayed allocation.
> >
> > Sorry, I may have missed it, but could you please help understand
> > what recent changes in delayed allocation make this break or worse?
>
> I don't see problem for 4.19. Haven't bisected yet.
> Most likely this is around 'reserved cluster accounting'.
>
> I suspect before these changes something always triggered da before
> unlink and space usage committed and then truncated at eviction.
Yes, I think it's commit 8fcc3a580651 "ext4: rework reserved cluster
accounting when invalidating pages". Because that commit moved releasing of
reserved space from page invalidation time to extent status tree eviction
time. Does attached patch fix the problem for you?
> > A silly query, since I couldn't figure it out. Maybe the code has been
> > there ever since like this:-
>
> > So why can't we just move drop_dquot later after the ext4_es_remove_extent() (in function ext4_clear_inode)? Any known
> > problems around that?
>
> Clear_inode is called also when inode evicts from cache while it has nlinks
> and stays at disk. I'm not sure how this must interact with reserves.
In that case all data should be written out for such inode and thus there
should be no reserves...
Honza
--
Jan Kara <[email protected]>
SUSE Labs, CR
> From ee27836b579d3bf750d45cd7081d3433ea6fedd5 Mon Sep 17 00:00:00 2001
> From: Jan Kara <[email protected]>
> Date: Fri, 8 Nov 2019 12:45:11 +0100
> Subject: [PATCH] ext4: Fix leak of quota reservations
>
> Commit 8fcc3a580651 ("ext4: rework reserved cluster accounting when
> invalidating pages") moved freeing of delayed allocation reservations
> from dirty page invalidation time to time when we evict corresponding
> status extent from extent status tree. For inodes which don't have any
> blocks allocated this may actually happen only in ext4_clear_blocks()
> which is after we've dropped references to quota structures from the
> inode. Thus reservation of quota leaked. Fix the problem by clearing
> quota information from the inode only after evicting extent status tree
> in ext4_clear_inode().
>
> Reported-by: Konstantin Khlebnikov <[email protected]>
> Fixes: 8fcc3a580651 ("ext4: rework reserved cluster accounting when invalidating pages")
> Signed-off-by: Jan Kara <[email protected]>
OK, I've applied this patch.
- Ted