| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGudoHEpd++aMp8zcquh6SwAAT+2uKOhHcWRcBEyC6DRS73osA@mail.gmail.com> Date: Thu, 18 Sep 2025 02:04:52 +0200 From: Mateusz Guzik <mjguzik@...il.com> To: Dave Chinner <david@...morbit.com>, Al Viro <viro@...iv.linux.org.uk> Cc: Max Kellermann <max.kellermann@...os.com>, slava.dubeyko@....com, xiubli@...hat.com, idryomov@...il.com, amarkuze@...hat.com, ceph-devel@...r.kernel.org, netfs@...ts.linux.dev, linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org, stable@...r.kernel.org, Josef Bacik <josef@...icpanda.com>, Christian Brauner <brauner@...nel.org> Subject: Re: [PATCH] ceph: fix deadlock bugs by making iput() calls asynchronous On Thu, Sep 18, 2025 at 1:08 AM Mateusz Guzik <mjguzik@...il.com> wrote: > > On Thu, Sep 18, 2025 at 12:51 AM Dave Chinner <david@...morbit.com> wrote: > > - wait for Josef to finish his inode refcount rework patchset that > > gets rid of this whole "writeback doesn't hold an inode reference" > > problem that is the root cause of this the deadlock. > > > > All that adding a whacky async iput work around does right now is > > make it harder for Josef to land the patchset that makes this > > problem go away entirely.... > > > > Per Max this is a problem present on older kernels as well, something > of this sort is needed to cover it regardless of what happens in > mainline. > > As for mainline, I don't believe Josef's patchset addresses the problem. > > The newly added refcount now taken by writeback et al only gates the > inode getting freed, it does not gate almost any of iput/evict > processing. As in with the patchset writeback does not hold a real > reference. > > So ceph can still iput from writeback and find itself waiting in > inode_wait_for_writeback, unless the filesystem can be converted to > use the weaker refcounts and iobj_put instead (but that's not > something I would be betting on). To further elaborate, an extra count which only gates the struct being freed has limited usefulness. Notably it does not help filesystems which need the inode to be valid for use the entire time as evict() is only stalled *after* ->evict_inode(), which might have destroyed the vital parts. Or to put it differently, the patchset tries to fit btrfs's needs which don't necessarily line up with other filesystems. For example it may be ceph needs the full reference in writeback, then the new ref is of no use here. But for the sake of argument let's say ceph will get away with the ligher ref instead. Even then this is on the clock for a different filesystem to show up which can't do it and needs an async iput and then its developers are looking at "whacky work arounds". The actual generic async iput is the actual async iput, not an arbitrary chunk of it after the inode is partway through processing. But then any form of extra refcounting is of no significance. To that end a non-whacky mechanism to defer iput would be most welcome, presumably provided by the vfs layer itself. Per remarks by Al elsewhere, care needs to be taken to make sure all inodes are sorted out before the super block gets destroyed. This suggests expanding the super_block to track all of the deferred iputs and drain them early in sb destruction. The current struct inode on LP64 has 2 * 4 byte holes and llist linkage is only 8 bytes, so this can be added without growing the struct above stock kernel. I would argue it would be good if the work could be deffered to task_work if possible (fput-style). Waiting for these should be easy enough, but arguably the thread which is supposed to get to them can be stalled elsewhere indefinitely, so perhaps this bit is a no-go.
Powered by blists - more mailing lists