Revision 289454ad26a2d752e04b07234a175feda9ec0f4e authored by Naohiro Aota on 05 January 2015, 16:01:03 UTC, committed by Chris Mason on 03 February 2015, 03:24:51 UTC
After submit_one_bio(), `bio' can go away. However submit_extent_page()
leave `bio' referable if submit_one_bio() failed (e.g. -ENOMEM on OOM).
It will cause invalid paging request when submit_extent_page() is called
next time.
I reproduced ENOMEM case with the following script (need
CONFIG_FAIL_PAGE_ALLOC, and CONFIG_FAULT_INJECTION_DEBUG_FS).
#!/bin/bash
dmesgout=dmesg.txt
start=100000
end=300000
step=1000
# btrfs options
device=/dev/vdb1
directory=/mnt/btrfs
# fault-injection options
percent=100
times=3
mkdir -p $directory || exit 1
mount -o compress $device $directory || exit 1
rm -f $directory/file || exit 1
dd if=/dev/zero of=$directory/file bs=1M count=512 || exit 1
for interval in `seq $start $step $end`; do
dmesg -C
echo 1 > /proc/sys/vm/drop_caches
sync
export FAILCMD_TYPE=fail_page_alloc
./failcmd.sh -p $percent -t $times -i $interval \
--ignore-gfp-highmem=N --ignore-gfp-wait=N --min-order=0 \
-- \
cat $directory/file > /dev/null
dmesg > ${dmesgout}
if grep -q BUG: ${dmesgout}; then
cat ${dmesgout}
exit 1
fi
done
umount $directory
exit 0
Signed-off-by: Naohiro Aota <naota@elisp.net>
Tested-by: Satoru Takeuchi <takeuchi_satoru@jp.fujitsu.com>
Signed-off-by: Chris Mason <clm@fb.com>
1 parent de554a4
svcshare.c
/*
* linux/fs/lockd/svcshare.c
*
* Management of DOS shares.
*
* Copyright (C) 1996 Olaf Kirch <okir@monad.swb.de>
*/
#include <linux/time.h>
#include <linux/unistd.h>
#include <linux/string.h>
#include <linux/slab.h>
#include <linux/sunrpc/clnt.h>
#include <linux/sunrpc/svc.h>
#include <linux/lockd/lockd.h>
#include <linux/lockd/share.h>
static inline int
nlm_cmp_owner(struct nlm_share *share, struct xdr_netobj *oh)
{
return share->s_owner.len == oh->len
&& !memcmp(share->s_owner.data, oh->data, oh->len);
}
__be32
nlmsvc_share_file(struct nlm_host *host, struct nlm_file *file,
struct nlm_args *argp)
{
struct nlm_share *share;
struct xdr_netobj *oh = &argp->lock.oh;
u8 *ohdata;
for (share = file->f_shares; share; share = share->s_next) {
if (share->s_host == host && nlm_cmp_owner(share, oh))
goto update;
if ((argp->fsm_access & share->s_mode)
|| (argp->fsm_mode & share->s_access ))
return nlm_lck_denied;
}
share = kmalloc(sizeof(*share) + oh->len,
GFP_KERNEL);
if (share == NULL)
return nlm_lck_denied_nolocks;
/* Copy owner handle */
ohdata = (u8 *) (share + 1);
memcpy(ohdata, oh->data, oh->len);
share->s_file = file;
share->s_host = host;
share->s_owner.data = ohdata;
share->s_owner.len = oh->len;
share->s_next = file->f_shares;
file->f_shares = share;
update:
share->s_access = argp->fsm_access;
share->s_mode = argp->fsm_mode;
return nlm_granted;
}
/*
* Delete a share.
*/
__be32
nlmsvc_unshare_file(struct nlm_host *host, struct nlm_file *file,
struct nlm_args *argp)
{
struct nlm_share *share, **shpp;
struct xdr_netobj *oh = &argp->lock.oh;
for (shpp = &file->f_shares; (share = *shpp) != NULL;
shpp = &share->s_next) {
if (share->s_host == host && nlm_cmp_owner(share, oh)) {
*shpp = share->s_next;
kfree(share);
return nlm_granted;
}
}
/* X/Open spec says return success even if there was no
* corresponding share. */
return nlm_granted;
}
/*
* Traverse all shares for a given file, and delete
* those owned by the given (type of) host
*/
void nlmsvc_traverse_shares(struct nlm_host *host, struct nlm_file *file,
nlm_host_match_fn_t match)
{
struct nlm_share *share, **shpp;
shpp = &file->f_shares;
while ((share = *shpp) != NULL) {
if (match(share->s_host, host)) {
*shpp = share->s_next;
kfree(share);
continue;
}
shpp = &share->s_next;
}
}
Computing file changes ...
