• Brian Foster's avatar
    xfs: fix unmount hang and memory leak on shutdown during quotaoff · 8a627143
    Brian Foster authored
    AIL removal of the quotaoff start intent and free of both quotaoff
    intents is currently limited to the ->iop_committed() handler of the
    end intent. This executes when the end intent is committed to the
    on-disk log and marks the completion of the operation. The problem
    with this is it assumes the success of the operation. If a shutdown
    or other error occurs during the quotaoff, it's possible for the
    quotaoff task to exit without removing the start intent from the
    AIL. This results in an unmount hang as the AIL cannot be emptied.
    Further, no other codepath frees the intents and so this is also a
    memory leak vector.
    
    First, update the high level quotaoff error path to directly remove
    and free the quotaoff start intent if it still exists in the AIL at
    the time of the error. Next, update both of the start and end
    quotaoff intents with an ->iop_release() callback to properly handle
    transaction abort.
    
    This means that If the quotaoff start transaction aborts, it frees
    the start intent in the transaction commit path. If the filesystem
    shuts down before the end transaction allocates, the quotaoff
    sequence removes and frees the start intent. If the end transaction
    aborts, it removes the start intent and frees both. This ensures
    that a shutdown does not result in a hung unmount and that memory is
    not leaked regardless of when a quotaoff error occurs.
    Signed-off-by: default avatarBrian Foster <bfoster@redhat.com>
    Reviewed-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
    Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
    Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
    8a627143
xfs_dquot_item.c 9.26 KB