X-Spam-Checker-Version: SpamAssassin 3.4.0-r929098 (2010-03-30) on oss.sgi.com
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	version=3.4.0-r929098
Received: from cuda.sgi.com (cuda2.sgi.com [192.48.176.25])
	by oss.sgi.com (8.14.3/8.14.3/SuSE Linux 0.8) with ESMTP id p5MJI5E8115538
	for <xfs@oss.sgi.com>; Wed, 22 Jun 2011 14:18:05 -0500
X-ASG-Debug-ID: 1308770283-0c37018b0000-NocioJ
X-Barracuda-URL: http://cuda.sgi.com:80/cgi-bin/mark.cgi
Received: from bombadil.infradead.org (localhost [127.0.0.1])
	by cuda.sgi.com (Spam Firewall) with ESMTP id 354EC255AD
	for <xfs@oss.sgi.com>; Wed, 22 Jun 2011 12:18:03 -0700 (PDT)
Received: from bombadil.infradead.org (173-166-109-252-newengland.hfc.comcastbusiness.net [173.166.109.252]) by cuda.sgi.com with ESMTP id u3xp3WSUYgyncUvE for <xfs@oss.sgi.com>; Wed, 22 Jun 2011 12:18:03 -0700 (PDT)
Received: from hch by bombadil.infradead.org with local (Exim 4.76 #1 (Red Hat Linux))
	id 1QZSw7-00080u-Kv
	for xfs@oss.sgi.com; Wed, 22 Jun 2011 19:18:03 +0000
Message-Id: <20110622191803.613053964@bombadil.infradead.org>
User-Agent: quilt/0.48-1
Date: Wed, 22 Jun 2011 15:17:50 -0400
From: Christoph Hellwig <hch@infradead.org>
To: xfs@oss.sgi.com
X-ASG-Orig-Subj: [PATCH 5/6] xfs: fix filesystsem freeze race in xfs_trans_alloc
Subject: [PATCH 5/6] xfs: fix filesystsem freeze race in xfs_trans_alloc
References: <20110622191745.364749314@bombadil.infradead.org>
Content-Disposition: inline; filename=xfs-fix-freeze-race
X-SRS-Rewrite: SMTP reverse-path rewritten from <hch@infradead.org> by bombadil.infradead.org
	See http://www.infradead.org/rpr.html
X-Barracuda-Connect: 173-166-109-252-newengland.hfc.comcastbusiness.net[173.166.109.252]
X-Barracuda-Start-Time: 1308770284
X-Barracuda-Bayes: INNOCENT GLOBAL 0.0000 1.0000 -2.0210
X-Barracuda-Virus-Scanned: by cuda.sgi.com at sgi.com
X-Barracuda-Spam-Score: -1.42
X-Barracuda-Spam-Status: No, SCORE=-1.42 using per-user scores of TAG_LEVEL=2.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=2.1 tests=BSF_SC5_MJ1963, RDNS_DYNAMIC
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.2.66819
	Rule breakdown below
	 pts rule name              description
	---- ---------------------- --------------------------------------------------
	0.10 RDNS_DYNAMIC           Delivered to trusted network by host with
	                           dynamic-looking rDNS
	0.50 BSF_SC5_MJ1963         Custom Rule MJ1963
X-Virus-Scanned: ClamAV version 0.94.2, clamav-milter version 0.94.2 on oss.sgi.com
X-Virus-Status: Clean

As pointed out by Jan xfs_trans_alloc can race with a concurrent filesystem
free when it sleeps during the memory allocation.  Fix this by moving the
wait_for_freeze call after the memory allocation.  This means moving the
freeze into the low-level _xfs_trans_alloc helper, which thus grows a new
argument.  Also fix up some comments in that area while at it.

Signed-off-by: Christoph Hellwig <hch@lst.de>

Index: xfs/fs/xfs/xfs_fsops.c
===================================================================
--- xfs.orig/fs/xfs/xfs_fsops.c	2011-06-18 17:50:43.477373715 +0200
+++ xfs/fs/xfs/xfs_fsops.c	2011-06-20 09:17:00.933518761 +0200
@@ -626,7 +626,7 @@ xfs_fs_log_dummy(
 	xfs_trans_t	*tp;
 	int		error;
 
-	tp = _xfs_trans_alloc(mp, XFS_TRANS_DUMMY1, KM_SLEEP);
+	tp = _xfs_trans_alloc(mp, XFS_TRANS_DUMMY1, KM_SLEEP, false);
 	error = xfs_trans_reserve(tp, 0, mp->m_sb.sb_sectsize + 128, 0, 0,
 					XFS_DEFAULT_LOG_COUNT);
 	if (error) {
Index: xfs/fs/xfs/xfs_iomap.c
===================================================================
--- xfs.orig/fs/xfs/xfs_iomap.c	2011-06-18 17:50:43.487373714 +0200
+++ xfs/fs/xfs/xfs_iomap.c	2011-06-20 09:17:00.933518761 +0200
@@ -688,8 +688,7 @@ xfs_iomap_write_unwritten(
 		 * the same inode that we complete here and might deadlock
 		 * on the iolock.
 		 */
-		xfs_wait_for_freeze(mp, SB_FREEZE_TRANS);
-		tp = _xfs_trans_alloc(mp, XFS_TRANS_STRAT_WRITE, KM_NOFS);
+		tp = _xfs_trans_alloc(mp, XFS_TRANS_STRAT_WRITE, KM_NOFS, true);
 		tp->t_flags |= XFS_TRANS_RESERVE;
 		error = xfs_trans_reserve(tp, resblks,
 				XFS_WRITE_LOG_RES(mp), 0,
Index: xfs/fs/xfs/xfs_trans.h
===================================================================
--- xfs.orig/fs/xfs/xfs_trans.h	2011-06-18 17:50:43.497373713 +0200
+++ xfs/fs/xfs/xfs_trans.h	2011-06-21 10:57:04.908840421 +0200
@@ -447,8 +447,14 @@ typedef struct xfs_trans {
 /*
  * XFS transaction mechanism exported interfaces.
  */
-xfs_trans_t	*xfs_trans_alloc(struct xfs_mount *, uint);
-xfs_trans_t	*_xfs_trans_alloc(struct xfs_mount *, uint, uint);
+xfs_trans_t	*_xfs_trans_alloc(struct xfs_mount *, uint, uint, bool);
+
+static inline struct xfs_trans *
+xfs_trans_alloc(struct xfs_mount *mp, uint type)
+{
+	return _xfs_trans_alloc(mp, type, KM_SLEEP, true);
+}
+
 xfs_trans_t	*xfs_trans_dup(xfs_trans_t *);
 int		xfs_trans_reserve(xfs_trans_t *, uint, uint, uint,
 				  uint, uint);
Index: xfs/fs/xfs/xfs_mount.c
===================================================================
--- xfs.orig/fs/xfs/xfs_mount.c	2011-06-18 17:50:43.510707047 +0200
+++ xfs/fs/xfs/xfs_mount.c	2011-06-20 09:17:00.936852094 +0200
@@ -1566,15 +1566,9 @@ xfs_fs_writable(xfs_mount_t *mp)
 }
 
 /*
- * xfs_log_sbcount
- *
  * Called either periodically to keep the on disk superblock values
  * roughly up to date or from unmount to make sure the values are
  * correct on a clean unmount.
- *
- * Note this code can be called during the process of freezing, so
- * we may need to use the transaction allocator which does not not
- * block when the transaction subsystem is in its frozen state.
  */
 int
 xfs_log_sbcount(
@@ -1596,7 +1590,13 @@ xfs_log_sbcount(
 	if (!xfs_sb_version_haslazysbcount(&mp->m_sb))
 		return 0;
 
-	tp = _xfs_trans_alloc(mp, XFS_TRANS_SB_COUNT, KM_SLEEP);
+	/*
+	 * We can be called during the process of freezing, so make sure
+	 * we go ahead even if the frozen for new transactions.  We will
+	 * always use a sync transaction in the freeze path to make sure
+	 * the transaction has completed by the time we return.
+	 */
+	tp = _xfs_trans_alloc(mp, XFS_TRANS_SB_COUNT, KM_SLEEP, false);
 	error = xfs_trans_reserve(tp, 0, mp->m_sb.sb_sectsize + 128, 0, 0,
 					XFS_DEFAULT_LOG_COUNT);
 	if (error) {
Index: xfs/fs/xfs/xfs_trans.c
===================================================================
--- xfs.orig/fs/xfs/xfs_trans.c	2011-06-18 17:50:43.524040379 +0200
+++ xfs/fs/xfs/xfs_trans.c	2011-06-21 10:56:25.305509042 +0200
@@ -566,31 +566,24 @@ xfs_trans_init(
 
 /*
  * This routine is called to allocate a transaction structure.
+ *
  * The type parameter indicates the type of the transaction.  These
  * are enumerated in xfs_trans.h.
- *
- * Dynamically allocate the transaction structure from the transaction
- * zone, initialize it, and return it to the caller.
  */
-xfs_trans_t *
-xfs_trans_alloc(
-	xfs_mount_t	*mp,
-	uint		type)
-{
-	xfs_wait_for_freeze(mp, SB_FREEZE_TRANS);
-	return _xfs_trans_alloc(mp, type, KM_SLEEP);
-}
-
-xfs_trans_t *
+struct xfs_trans *
 _xfs_trans_alloc(
-	xfs_mount_t	*mp,
-	uint		type,
-	uint		memflags)
+	struct xfs_mount	*mp,
+	uint			type,
+	uint			memflags,
+	bool			wait_for_freeze)
 {
-	xfs_trans_t	*tp;
+	struct xfs_trans	*tp;
 
 	atomic_inc(&mp->m_active_trans);
 
+	if (wait_for_freeze)
+		xfs_wait_for_freeze(mp, SB_FREEZE_TRANS);
+
 	tp = kmem_zone_zalloc(xfs_trans_zone, memflags);
 	tp->t_magic = XFS_TRANS_MAGIC;
 	tp->t_type = type;