Commit c85bf62a authored by Guoju Fang's avatar Guoju Fang Committed by Greg Kroah-Hartman

bcache: fix a lost wake-up problem caused by mca_cannibalize_lock

[ Upstream commit 34cf78bf ]

This patch fix a lost wake-up problem caused by the race between
mca_cannibalize_lock and bch_cannibalize_unlock.

Consider two processes, A and B. Process A is executing
mca_cannibalize_lock, while process B takes c->btree_cache_alloc_lock
and is executing bch_cannibalize_unlock. The problem happens that after
process A executes cmpxchg and will execute prepare_to_wait. In this
timeslice process B executes wake_up, but after that process A executes
prepare_to_wait and set the state to TASK_INTERRUPTIBLE. Then process A
goes to sleep but no one will wake up it. This problem may cause bcache
device to dead.
Signed-off-by: default avatarGuoju Fang <fangguoju@gmail.com>
Signed-off-by: default avatarColy Li <colyli@suse.de>
Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent cbef6b99
...@@ -585,6 +585,7 @@ struct cache_set { ...@@ -585,6 +585,7 @@ struct cache_set {
*/ */
wait_queue_head_t btree_cache_wait; wait_queue_head_t btree_cache_wait;
struct task_struct *btree_cache_alloc_lock; struct task_struct *btree_cache_alloc_lock;
spinlock_t btree_cannibalize_lock;
/* /*
* When we free a btree node, we increment the gen of the bucket the * When we free a btree node, we increment the gen of the bucket the
......
...@@ -876,15 +876,17 @@ static struct btree *mca_find(struct cache_set *c, struct bkey *k) ...@@ -876,15 +876,17 @@ static struct btree *mca_find(struct cache_set *c, struct bkey *k)
static int mca_cannibalize_lock(struct cache_set *c, struct btree_op *op) static int mca_cannibalize_lock(struct cache_set *c, struct btree_op *op)
{ {
struct task_struct *old; spin_lock(&c->btree_cannibalize_lock);
if (likely(c->btree_cache_alloc_lock == NULL)) {
old = cmpxchg(&c->btree_cache_alloc_lock, NULL, current); c->btree_cache_alloc_lock = current;
if (old && old != current) { } else if (c->btree_cache_alloc_lock != current) {
if (op) if (op)
prepare_to_wait(&c->btree_cache_wait, &op->wait, prepare_to_wait(&c->btree_cache_wait, &op->wait,
TASK_UNINTERRUPTIBLE); TASK_UNINTERRUPTIBLE);
spin_unlock(&c->btree_cannibalize_lock);
return -EINTR; return -EINTR;
} }
spin_unlock(&c->btree_cannibalize_lock);
return 0; return 0;
} }
...@@ -919,10 +921,12 @@ static struct btree *mca_cannibalize(struct cache_set *c, struct btree_op *op, ...@@ -919,10 +921,12 @@ static struct btree *mca_cannibalize(struct cache_set *c, struct btree_op *op,
*/ */
static void bch_cannibalize_unlock(struct cache_set *c) static void bch_cannibalize_unlock(struct cache_set *c)
{ {
spin_lock(&c->btree_cannibalize_lock);
if (c->btree_cache_alloc_lock == current) { if (c->btree_cache_alloc_lock == current) {
c->btree_cache_alloc_lock = NULL; c->btree_cache_alloc_lock = NULL;
wake_up(&c->btree_cache_wait); wake_up(&c->btree_cache_wait);
} }
spin_unlock(&c->btree_cannibalize_lock);
} }
static struct btree *mca_alloc(struct cache_set *c, struct btree_op *op, static struct btree *mca_alloc(struct cache_set *c, struct btree_op *op,
......
...@@ -1737,6 +1737,7 @@ struct cache_set *bch_cache_set_alloc(struct cache_sb *sb) ...@@ -1737,6 +1737,7 @@ struct cache_set *bch_cache_set_alloc(struct cache_sb *sb)
sema_init(&c->sb_write_mutex, 1); sema_init(&c->sb_write_mutex, 1);
mutex_init(&c->bucket_lock); mutex_init(&c->bucket_lock);
init_waitqueue_head(&c->btree_cache_wait); init_waitqueue_head(&c->btree_cache_wait);
spin_lock_init(&c->btree_cannibalize_lock);
init_waitqueue_head(&c->bucket_wait); init_waitqueue_head(&c->bucket_wait);
init_waitqueue_head(&c->gc_wait); init_waitqueue_head(&c->gc_wait);
sema_init(&c->uuid_write_mutex, 1); sema_init(&c->uuid_write_mutex, 1);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment