Commit bb6fbc4548b9ae7ebbd06ef72f00229df259d217
1 parent
b4d2314bb8
Exists in
master
and in
7 other branches
NFS: Avoid a deadlock in nfs_release_page
J.R. Okajima reports the following deadlock: INFO: task kswapd0:305 blocked for more than 120 seconds. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kswapd0 D 0000000000000001 0 305 2 0x00000000 ffff88001f21d4f0 0000000000000046 ffff88001fdea680 ffff88001f21c000 ffff88001f21dfd8 ffff88001f21c000 ffff88001f21dfd8 ffff88001f21dfd8 ffff88001fdea040 0000000000014c00 0000000000000001 ffff88001fdea040 Call Trace: [<ffffffff8146155d>] io_schedule+0x4d/0x70 [<ffffffff810d2be5>] sync_page+0x65/0xa0 [<ffffffff81461b12>] __wait_on_bit_lock+0x52/0xb0 [<ffffffff810d2b80>] ? sync_page+0x0/0xa0 [<ffffffff810d2b64>] __lock_page+0x64/0x70 [<ffffffff81070ce0>] ? wake_bit_function+0x0/0x40 [<ffffffff810df1d4>] truncate_inode_pages_range+0x344/0x4a0 [<ffffffff810df340>] truncate_inode_pages+0x10/0x20 [<ffffffff8112cbfe>] generic_delete_inode+0x15e/0x190 [<ffffffff8112cc8d>] generic_drop_inode+0x5d/0x80 [<ffffffff8112bb88>] iput+0x78/0x80 [<ffffffff811bc908>] nfs_dentry_iput+0x38/0x50 [<ffffffff811285f4>] dentry_iput+0x84/0x110 [<ffffffff811286ae>] d_kill+0x2e/0x60 [<ffffffff8112912a>] dput+0x7a/0x170 [<ffffffff8111e925>] path_put+0x15/0x40 [<ffffffff811c3a44>] __put_nfs_open_context+0xa4/0xb0 [<ffffffff811cb5d0>] ? nfs_free_request+0x0/0x50 [<ffffffff811c3b0b>] put_nfs_open_context+0xb/0x10 [<ffffffff811cb5f9>] nfs_free_request+0x29/0x50 [<ffffffff81234b7e>] kref_put+0x8e/0xe0 [<ffffffff811cb594>] nfs_release_request+0x14/0x20 [<ffffffff811cf769>] nfs_find_and_lock_request+0x89/0xa0 [<ffffffff811d1180>] nfs_wb_page+0x80/0x110 [<ffffffff811c0770>] nfs_release_page+0x70/0x90 [<ffffffff810d18ee>] try_to_release_page+0x5e/0x80 [<ffffffff810e1178>] shrink_page_list+0x638/0x860 [<ffffffff810e19de>] shrink_zone+0x63e/0xc40 We can fix this by making the call to put_nfs_open_context() happen when we actually remove the write request from the inode (which is done by the nfsiod thread in this case). Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Cc: stable@kernel.org
Showing 1 changed file with 13 additions and 10 deletions Side-by-side Diff
fs/nfs/pagelist.c
| ... | ... | @@ -112,12 +112,10 @@ |
| 112 | 112 | */ |
| 113 | 113 | int nfs_set_page_tag_locked(struct nfs_page *req) |
| 114 | 114 | { |
| 115 | - struct nfs_inode *nfsi = NFS_I(req->wb_context->path.dentry->d_inode); | |
| 116 | - | |
| 117 | 115 | if (!nfs_lock_request_dontget(req)) |
| 118 | 116 | return 0; |
| 119 | 117 | if (req->wb_page != NULL) |
| 120 | - radix_tree_tag_set(&nfsi->nfs_page_tree, req->wb_index, NFS_PAGE_TAG_LOCKED); | |
| 118 | + radix_tree_tag_set(&NFS_I(req->wb_context->path.dentry->d_inode)->nfs_page_tree, req->wb_index, NFS_PAGE_TAG_LOCKED); | |
| 121 | 119 | return 1; |
| 122 | 120 | } |
| 123 | 121 | |
| 124 | 122 | |
| ... | ... | @@ -126,10 +124,10 @@ |
| 126 | 124 | */ |
| 127 | 125 | void nfs_clear_page_tag_locked(struct nfs_page *req) |
| 128 | 126 | { |
| 129 | - struct inode *inode = req->wb_context->path.dentry->d_inode; | |
| 130 | - struct nfs_inode *nfsi = NFS_I(inode); | |
| 131 | - | |
| 132 | 127 | if (req->wb_page != NULL) { |
| 128 | + struct inode *inode = req->wb_context->path.dentry->d_inode; | |
| 129 | + struct nfs_inode *nfsi = NFS_I(inode); | |
| 130 | + | |
| 133 | 131 | spin_lock(&inode->i_lock); |
| 134 | 132 | radix_tree_tag_clear(&nfsi->nfs_page_tree, req->wb_index, NFS_PAGE_TAG_LOCKED); |
| 135 | 133 | nfs_unlock_request(req); |
| 136 | 134 | |
| 137 | 135 | |
| ... | ... | @@ -142,16 +140,22 @@ |
| 142 | 140 | * nfs_clear_request - Free up all resources allocated to the request |
| 143 | 141 | * @req: |
| 144 | 142 | * |
| 145 | - * Release page resources associated with a write request after it | |
| 146 | - * has completed. | |
| 143 | + * Release page and open context resources associated with a read/write | |
| 144 | + * request after it has completed. | |
| 147 | 145 | */ |
| 148 | 146 | void nfs_clear_request(struct nfs_page *req) |
| 149 | 147 | { |
| 150 | 148 | struct page *page = req->wb_page; |
| 149 | + struct nfs_open_context *ctx = req->wb_context; | |
| 150 | + | |
| 151 | 151 | if (page != NULL) { |
| 152 | 152 | page_cache_release(page); |
| 153 | 153 | req->wb_page = NULL; |
| 154 | 154 | } |
| 155 | + if (ctx != NULL) { | |
| 156 | + put_nfs_open_context(ctx); | |
| 157 | + req->wb_context = NULL; | |
| 158 | + } | |
| 155 | 159 | } |
| 156 | 160 | |
| 157 | 161 | |
| 158 | 162 | |
| ... | ... | @@ -165,9 +169,8 @@ |
| 165 | 169 | { |
| 166 | 170 | struct nfs_page *req = container_of(kref, struct nfs_page, wb_kref); |
| 167 | 171 | |
| 168 | - /* Release struct file or cached credential */ | |
| 172 | + /* Release struct file and open context */ | |
| 169 | 173 | nfs_clear_request(req); |
| 170 | - put_nfs_open_context(req->wb_context); | |
| 171 | 174 | nfs_page_free(req); |
| 172 | 175 | } |
| 173 | 176 |