Bug 1326472

Summary:

deadlock in fscache code (merge error)

Product:

Red Hat Enterprise Linux 7

Reporter:

Rik van Riel <riel>

Component:

kernel-rt

Assignee:

Clark Williams <williams>

kernel-rt sub component:

File Systems - Other

QA Contact:

Jiri Kastner <jkastner>

Status:

CLOSED ERRATA

Docs Contact:

Marie Hornickova <mdolezel>

Severity:

unspecified

Priority:

urgent

CC:

bhu, dhowells, eguan, hhuang, jkastner, lgoncalv, mdolezel, swhiteho

Version:

7.2

Keywords:

ZStream

Target Milestone:

Target Release:

---

Hardware:

Unspecified

OS:

Unspecified

Whiteboard:

Fixed In Version:

Doc Type:

Bug Fix

Doc Text:

In a previous code update one extra spin_lock operation was left untouched. Consequently, a deadlock could occur when looping through cache pages. With this update, the extra lock operation has been removed from the source code and the deadlock no longer occurs in the described situation.

Story Points:

---

Clone Of:

Clones:

1327073 1327730 (view as bug list)

Environment:

Last Closed:

2016-11-03 19:46:10 UTC

Type:

Bug

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Bug Depends On:

Bug Blocks:

1274397, 1327073, 1327730

Attachments:

Description	Flags
Fixup fscache mis-merge	none

Description Rik van Riel 2016-04-12 18:47:44 UTC

Description of problem:

While auditing the diff between the normal RHEL7 kernel and the RHEL7 kernel-rt tree (git diff kernel-3.10.0-376.el7..kernel-rt-3.10.0-376.rt56.253.el7) I found this gem:

diff --git a/fs/fscache/page.c b/fs/fscache/page.c
index e1500bda3bfc..966aa4376037 100644
--- a/fs/fscache/page.c
+++ b/fs/fscache/page.c
@@ -887,6 +887,7 @@ void fscache_invalidate_writes(struct fscache_cookie *cookie)

                for (i = n - 1; i >= 0; i--)
                        page_cache_release(results[i]);
+               spin_lock(&cookie->stores_lock);
        }

        _leave("");

This will lead to a deadlock, since normal RHEL7 kernel has also merged an
equivalent of db7a50353, and takes the spinlock as the first thing when going around the loop:

        for (;;) {
                spin_lock(&cookie->stores_lock);
                n = radix_tree_gang_lookup_tag(&cookie->stores, results, 0,
                                               ARRAY_SIZE(results),
                                               FSCACHE_COOKIE_PENDING_TAG);
                if (n == 0) {
                        spin_unlock(&cookie->stores_lock);
                        break;
                }

                for (i = n - 1; i >= 0; i--) {
                        page = results[i];
                        radix_tree_delete(&cookie->stores, page->index);
                }

                spin_unlock(&cookie->stores_lock);

                for (i = n - 1; i >= 0; i--)
                        page_cache_release(results[i]);
                spin_lock(&cookie->stores_lock);
        }


Version-Release number of selected component (if applicable):

kernel-rt-3.10.0-376.rt56.253.el7

Comment 1 Clark Williams 2016-04-12 20:19:36 UTC

Created attachment 1146668 [details]
Fixup fscache mis-merge

Patch to fix merge conflict resolution mis-merge that could result in a deadlock

Comment 2 Clark Williams 2016-04-14 00:19:16 UTC

above patch went into kernel-rt-3.10.0-377.rt56.256.el7 build.

Comment 8 errata-xmlrpc 2016-11-03 19:46:10 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2584.html