mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/fs
History
Wengang Wang c3ea265470 ocfs2: initialize ip_next_orphan 
commit f5785283dd upstream.

Though problem if found on a lower 4.1.12 kernel, I think upstream has
same issue.

In one node in the cluster, there is the following callback trace:

   # cat /proc/21473/stack
   __ocfs2_cluster_lock.isra.36+0x336/0x9e0 [ocfs2]
   ocfs2_inode_lock_full_nested+0x121/0x520 [ocfs2]
   ocfs2_evict_inode+0x152/0x820 [ocfs2]
   evict+0xae/0x1a0
   iput+0x1c6/0x230
   ocfs2_orphan_filldir+0x5d/0x100 [ocfs2]
   ocfs2_dir_foreach_blk+0x490/0x4f0 [ocfs2]
   ocfs2_dir_foreach+0x29/0x30 [ocfs2]
   ocfs2_recover_orphans+0x1b6/0x9a0 [ocfs2]
   ocfs2_complete_recovery+0x1de/0x5c0 [ocfs2]
   process_one_work+0x169/0x4a0
   worker_thread+0x5b/0x560
   kthread+0xcb/0xf0
   ret_from_fork+0x61/0x90

The above stack is not reasonable, the final iput shouldn't happen in
ocfs2_orphan_filldir() function.  Looking at the code,

  2067         /* Skip inodes which are already added to recover list, since dio may
  2068          * happen concurrently with unlink/rename */
  2069         if (OCFS2_I(iter)->ip_next_orphan) {
  2070                 iput(iter);
  2071                 return 0;
  2072         }
  2073

The logic thinks the inode is already in recover list on seeing
ip_next_orphan is non-NULL, so it skip this inode after dropping a
reference which incremented in ocfs2_iget().

While, if the inode is already in recover list, it should have another
reference and the iput() at line 2070 should not be the final iput
(dropping the last reference).  So I don't think the inode is really in
the recover list (no vmcore to confirm).

Note that ocfs2_queue_orphans(), though not shown up in the call back
trace, is holding cluster lock on the orphan directory when looking up
for unlinked inodes.  The on disk inode eviction could involve a lot of
IOs which may need long time to finish.  That means this node could hold
the cluster lock for very long time, that can lead to the lock requests
(from other nodes) to the orhpan directory hang for long time.

Looking at more on ip_next_orphan, I found it's not initialized when
allocating a new ocfs2_inode_info structure.

This causes te reflink operations from some nodes hang for very long
time waiting for the cluster lock on the orphan directory.

Fix: initialize ip_next_orphan as NULL.

Signed-off-by: Wengang Wang <wen.gang.wang@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Gang He <ghe@suse.com>
Cc: Jun Piao <piaojun@huawei.com>
Cc: <stable@vger.kernel.org>
Link: https://lkml.kernel.org/r/20201109171746.27884-1-wen.gang.wang@oracle.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2020-11-18 18:27:58 +01:00
..
9p 9P: Cast to loff_t before multiplying 2020-11-05 11:07:03 +01:00
adfs fs/adfs: super: fix use-after-free bug 2019-08-06 19:05:21 +02:00
affs affs: fix basic permission bits to actually work 2020-09-09 19:03:12 +02:00
afs afs: Fix some tracing details 2020-04-02 16:34:33 +02:00
autofs4 autofs: fix a leak in autofs_expire_indirect() 2019-12-17 20:37:24 +01:00
befs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
bfs bfs: add sanity check at bfs_fill_super() 2018-12-01 09:42:51 +01:00
btrfs Btrfs: fix missing error return if writeback for extent buffer never started 2020-11-18 18:27:54 +01:00
cachefiles cachefiles: Handle readpage error correctly 2020-11-05 11:07:05 +01:00
ceph ceph: promote to unsigned long long before shifting 2020-11-05 11:07:03 +01:00
cifs cifs: Return the error from crypt_message when enc/dec key not found. 2020-10-29 09:07:00 +01:00
coda coda: add error handling for fget 2019-08-06 19:05:23 +02:00
configfs configfs: fix config_item refcnt leak in configfs_rmdir() 2020-05-27 16:42:56 +02:00
cramfs Cramfs: fix abad comparison when wrap-arounds occur 2018-11-13 11:15:12 -08:00
crypto fscrypt: return -EXDEV for incompatible rename or link into encrypted dir 2020-11-05 11:06:52 +01:00
debugfs debugfs: fix use-after-free on symlink traversal 2019-05-08 07:20:49 +02:00
devpts fs/devpts: always delete dcache dentry-s in dput() 2019-03-23 14:35:21 +01:00
dlm fs: dlm: fix configfs memory leak 2020-10-29 09:07:16 +01:00
ecryptfs ecryptfs: Fix up bad backport of fe2e082f5d 2020-03-11 18:02:51 +01:00
efivarfs efivarfs: Replace invalid slashes with exclamation marks in dentries. 2020-11-05 11:06:51 +01:00
efs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
exofs exofs_mount(): fix leaks on failure exits 2019-12-05 15:37:28 +01:00
exportfs exportfs: fix 'passing zero to ERR_PTR()' warning 2020-01-27 14:46:06 +01:00
ext2 ext2: fix missing percpu_counter_inc 2020-08-21 09:48:18 +02:00
ext4 ext4: unlock xattr_sem properly in ext4_inline_data_truncate() 2020-11-18 18:27:57 +01:00
f2fs f2fs: fix to check segment boundary during SIT page readahead 2020-11-05 11:06:53 +01:00
fat fat: don't allow to mount if the FAT length == 0 2020-06-20 10:25:05 +02:00
freevxfs
fscache fscache: fix race between enablement and dropping of object 2018-12-17 09:28:53 +01:00
fuse fuse: fix page dereference after free 2020-11-05 11:06:52 +01:00
gfs2 gfs2: check for live vs. read-only file system in gfs2_fitrim 2020-11-18 18:27:55 +01:00
hfs fs/hfs/extent.c: fix array out of bounds read of array extent 2019-12-01 09:13:57 +01:00
hfsplus hfsplus: fix crash and filesystem corruption when deleting files 2020-04-24 08:00:45 +02:00
hostfs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
hpfs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
hugetlbfs hugetlb: use same fault hash key for shared and private mappings 2019-05-31 06:47:12 -07:00
isofs isofs: reject hardware sector size > 2048 bytes 2018-10-03 17:00:57 -07:00
jbd2 jbd2: abort journal if free a async write error metadata buffer 2020-09-03 11:22:29 +02:00
jffs2 jffs2: fix UAF problem 2020-08-26 10:29:56 +02:00
jfs jfs: fix bogus variable self-initialization 2020-01-27 14:46:26 +01:00
kernfs kernfs: fix ino wrap-around detection 2019-12-17 20:38:50 +01:00
lockd lockd: fix decoding of TEST results 2019-12-17 20:38:15 +01:00
minix fs/minix: reject too-large maximum file size 2020-08-21 09:48:15 +02:00
ncpfs staging: ncpfs: memory corruption in ncp_read_kernel() 2018-03-28 18:24:43 +02:00
nfs NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag 2020-11-05 11:07:02 +01:00
nfs_common lockd: fix "list_add double add" caused by legacy signal interface 2018-02-03 17:39:08 +01:00
nfsd NFSD: Add missing NFSv2 .pc_func methods 2020-11-05 11:07:02 +01:00
nilfs2 nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() 2020-06-20 10:25:01 +02:00
nls License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
notify fs: avoid softlockups in s_inodes iterators 2020-01-12 12:11:59 +01:00
ntfs ntfs: add check for mft record size in superblock 2020-10-29 09:07:16 +01:00
ocfs2 ocfs2: initialize ip_next_orphan 2020-11-18 18:27:58 +01:00
omfs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
openpromfs
orangefs help_next should increase position index 2020-02-28 16:36:08 +01:00
overlayfs ovl: initialize error in ovl_copy_xattr 2020-06-20 10:25:04 +02:00
proc mm, oom_adj: don't loop through tasks in __set_oom_adj when not necessary 2020-10-29 09:07:08 +01:00
pstore pstore/ram: Write new dumps to start of recycled zones 2020-01-09 10:17:55 +01:00
qnx4 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
qnx6 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
quota quota: clear padding in v2r1_mem2diskdqb() 2020-10-29 09:07:06 +01:00
ramfs ramfs: fix nommu mmap with gaps in the page cache 2020-10-29 09:07:11 +01:00
reiserfs reiserfs: Fix memory leak in reiserfs_parse_options() 2020-10-29 09:07:19 +01:00
romfs romfs: fix uninitialized memory leak in romfs_dev_read() 2020-08-26 10:29:54 +02:00
squashfs Squashfs: Compute expected length from inode size rather than block length 2018-09-05 09:26:32 +02:00
sysfs scsi: sysfs: Introduce sysfs_{un,}break_active_protection() 2018-09-05 09:26:41 +02:00
sysv sysv: return 'err' instead of 0 in __sysv_write_inode 2018-12-17 09:28:48 +01:00
tracefs
ubifs ubifs: dent: Fix some potential memory leaks while iterating entries 2020-11-05 11:07:02 +01:00
udf udf: Avoid accessing uninitialized data on failed inode read 2020-10-29 09:07:17 +01:00
ufs fs/ufs: avoid potential u32 multiplication overflow 2020-08-21 09:48:22 +02:00
xfs xfs: fix a missing unlock on error in xfs_fs_map_blocks 2020-11-18 18:27:57 +01:00
Kconfig
Kconfig.binfmt
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
aio.c aio: fix spectre gadget in lookup_ioctx 2018-12-21 14:13:04 +01:00
anon_inodes.c
attr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
bad_inode.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
binfmt_aout.c
binfmt_elf.c fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() 2020-06-03 08:18:03 +02:00
binfmt_elf_fdpic.c
binfmt_em86.c
binfmt_flat.c fs/binfmt_flat.c: make load_flat_shared_library() work 2019-07-03 13:15:59 +02:00
binfmt_misc.c fs/binfmt_misc.c: do not allow offset overflow 2018-06-26 08:06:33 +08:00
binfmt_script.c exec: load_script: Do not exec truncated interpreter path 2019-11-06 12:42:59 +01:00
block_dev.c bdev: Reduce time holding bd_mutex in sync in blkdev_close() 2020-10-01 13:12:41 +02:00
buffer.c fs: Don't invalidate page buffers in block_write_full_page() 2020-11-05 11:06:58 +01:00
char_dev.c chardev: Avoid potential use-after-free in 'chrdev_open()' 2020-01-14 20:05:39 +01:00
compat.c
compat_binfmt_elf.c
compat_ioctl.c fix compat handling of FICLONERANGE, FIDEDUPERANGE and FS_IOC_FIEMAP 2020-01-09 10:17:58 +01:00
coredump.c coredump: fix crash when umh is disabled 2020-05-20 08:16:58 +02:00
dax.c dax: pass NOWAIT flag to iomap_apply 2020-03-11 18:02:43 +01:00
dcache.c fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() 2019-02-06 17:31:34 +01:00
dcookies.c
direct-io.c iomap: report collisions between directio and buffered writes to userspace 2019-04-27 09:35:41 +02:00
drop_caches.c fs: avoid softlockups in s_inodes iterators 2020-01-12 12:11:59 +01:00
eventfd.c
eventpoll.c ep_create_wakeup_source(): dentry name can change under you... 2020-10-14 09:51:09 +02:00
exec.c exec: Move would_dump into flush_old_exec 2020-05-20 08:17:16 +02:00
fcntl.c fcntl: don't cap l_start and l_end values for F_GETLK64 in compat syscall 2017-12-17 15:07:59 +01:00
fhandle.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
file.c fix multiplication overflow in copy_fdtable() 2020-05-27 16:42:51 +02:00
file_table.c
filesystems.c fs/filesystems.c: downgrade user-reachable WARN_ONCE() to pr_warn_once() 2020-04-24 08:00:43 +02:00
fs-writeback.c writeback: Fix sync livelock due to b_dirty_time processing 2020-09-03 11:22:32 +02:00
fs_pin.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fs_struct.c
inode.c futex: Fix inode life-time issue 2020-04-02 16:34:21 +02:00
internal.h
ioctl.c vfs: swap names of {do,vfs}_clone_file_range() 2018-11-10 07:48:33 -08:00
iomap.c iomap: Fix pipe page leakage during splicing 2019-12-17 20:38:57 +01:00
libfs.c libfs: fix infoleak in simple_attr_read() 2020-04-02 16:34:35 +02:00
locks.c locks: print unsigned ino in /proc/locks 2020-01-09 10:17:55 +01:00
mbcache.c mbcache: initialize entry->e_referenced in mb_cache_entry_create() 2018-02-22 15:42:25 +01:00
mount.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mpage.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
namei.c namei: only return -ECHILD from follow_dotdot_rcu() 2020-03-11 18:02:53 +01:00
namespace.c fs/namespace.c: fix mountpoint reference counter race 2020-05-02 17:24:20 +02:00
no-block.c
nsfs.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
open.c cifs_atomic_open(): fix double-put on late allocation failure 2020-03-20 10:54:16 +01:00
pipe.c fs: prevent page refcount overflow in pipe_buf_get 2019-05-04 09:15:18 +02:00
pnode.c propagate_one(): mnt_set_mountpoint() needs mount_lock 2020-05-02 17:24:47 +02:00
pnode.h
posix_acl.c
proc_namespace.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
read_write.c vfs: avoid problematic remapping requests into partial EOF block 2019-12-01 09:13:51 +01:00
readdir.c filldir[64]: remove WARN_ON_ONCE() for bad directory entries 2020-01-04 14:00:04 +01:00
select.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
seq_file.c seq_file: fix incomplete reset on read from zero offset 2018-02-22 15:42:28 +01:00
signalfd.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
splice.c fs: prevent page refcount overflow in pipe_buf_get 2019-05-04 09:15:18 +02:00
stack.c
stat.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
statfs.c vfs: Fix EOVERFLOW testing in put_compat_statfs64 2019-10-11 18:18:48 +02:00
super.c fs: don't scan the inode cache before SB_BORN is set 2018-05-30 07:51:47 +02:00
sync.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
timerfd.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
userfaultfd.c userfaultfd: require CAP_SYS_PTRACE for UFFD_FEATURE_EVENT_FORK 2020-01-04 13:59:58 +01:00
utimes.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xattr.c xattr: break delegations in {set,remove}xattr 2020-08-21 09:48:00 +02:00