From: Miklos Szeredi mszeredi@redhat.com
stable inclusion from stable-v5.10.87 commit c31470a30c0d8cf406cc71385d8c97dfd1a84f3f bugzilla: 186049 https://gitee.com/openeuler/kernel/issues/I4QVYL
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
--------------------------------
commit 5c791fe1e2a4f401f819065ea4fc0450849f1818 upstream.
In writeback cache mode mtime/ctime updates are cached, and flushed to the server using the ->write_inode() callback.
Closing the file will result in a dirty inode being immediately written, but in other cases the inode can remain dirty after all references are dropped. This result in the inode being written back from reclaim, which can deadlock on a regular allocation while the request is being served.
The usual mechanisms (GFP_NOFS/PF_MEMALLOC*) don't work for FUSE, because serving a request involves unrelated userspace process(es).
Instead do the same as for dirty pages: make sure the inode is written before the last reference is gone.
- fallocate(2)/copy_file_range(2): these call file_update_time() or file_modified(), so flush the inode before returning from the call
- unlink(2), link(2) and rename(2): these call fuse_update_ctime(), so flush the ctime directly from this helper
Reported-by: chenguanyou chenguanyou@xiaomi.com Signed-off-by: Miklos Szeredi mszeredi@redhat.com Cc: Ed Tsai ed.tsai@mediatek.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Signed-off-by: Chen Jun chenjun102@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- fs/fuse/dir.c | 8 ++++++++ fs/fuse/file.c | 15 +++++++++++++++ fs/fuse/fuse_i.h | 1 + fs/fuse/inode.c | 3 +++ 4 files changed, 27 insertions(+)
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c index 2e300176cb88..e7667497b6b7 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c @@ -791,11 +791,19 @@ static int fuse_symlink(struct inode *dir, struct dentry *entry, return create_new_entry(fm, &args, dir, entry, S_IFLNK); }
+void fuse_flush_time_update(struct inode *inode) +{ + int err = sync_inode_metadata(inode, 1); + + mapping_set_error(inode->i_mapping, err); +} + void fuse_update_ctime(struct inode *inode) { if (!IS_NOCMTIME(inode)) { inode->i_ctime = current_time(inode); mark_inode_dirty_sync(inode); + fuse_flush_time_update(inode); } }
diff --git a/fs/fuse/file.c b/fs/fuse/file.c index c9606f2d2864..4dd70b53df81 100644 --- a/fs/fuse/file.c +++ b/fs/fuse/file.c @@ -1849,6 +1849,17 @@ int fuse_write_inode(struct inode *inode, struct writeback_control *wbc) struct fuse_file *ff; int err;
+ /* + * Inode is always written before the last reference is dropped and + * hence this should not be reached from reclaim. + * + * Writing back the inode from reclaim can deadlock if the request + * processing itself needs an allocation. Allocations triggering + * reclaim while serving a request can't be prevented, because it can + * involve any number of unrelated userspace processes. + */ + WARN_ON(wbc->for_reclaim); + ff = __fuse_write_file_get(fc, fi); err = fuse_flush_times(inode, ff); if (ff) @@ -3338,6 +3349,8 @@ static long fuse_file_fallocate(struct file *file, int mode, loff_t offset, if (lock_inode) inode_unlock(inode);
+ fuse_flush_time_update(inode); + return err; }
@@ -3447,6 +3460,8 @@ static ssize_t __fuse_copy_file_range(struct file *file_in, loff_t pos_in, inode_unlock(inode_out); file_accessed(file_in);
+ fuse_flush_time_update(inode_out); + return err; }
diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h index ff94da684017..b159d8b5e893 100644 --- a/fs/fuse/fuse_i.h +++ b/fs/fuse/fuse_i.h @@ -1113,6 +1113,7 @@ int fuse_allow_current_process(struct fuse_conn *fc);
u64 fuse_lock_owner_id(struct fuse_conn *fc, fl_owner_t id);
+void fuse_flush_time_update(struct inode *inode); void fuse_update_ctime(struct inode *inode);
int fuse_update_attributes(struct inode *inode, struct file *file); diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c index 053c56af3b6f..5e484676343e 100644 --- a/fs/fuse/inode.c +++ b/fs/fuse/inode.c @@ -119,6 +119,9 @@ static void fuse_evict_inode(struct inode *inode) { struct fuse_inode *fi = get_fuse_inode(inode);
+ /* Will write inode on close/munmap and in all other dirtiers */ + WARN_ON(inode->i_state & I_DIRTY_INODE); + truncate_inode_pages_final(&inode->i_data); clear_inode(inode); if (inode->i_sb->s_flags & SB_ACTIVE) {