diff options
| author | Miklos Szeredi <mszeredi@redhat.com> | 2021-10-22 17:03:01 +0200 |
|---|---|---|
| committer | Miklos Szeredi <mszeredi@redhat.com> | 2021-10-22 17:03:01 +0200 |
| commit | 5c791fe1e2a4f401f819065ea4fc0450849f1818 (patch) | |
| tree | 152b7cd2888395c394e1ed6eb82e94b238421574 /fs/fuse/file.c | |
| parent | 964d32e512670c7b87870e30cfed2303da86d614 (diff) | |
| download | linux-5c791fe1e2a4f401f819065ea4fc0450849f1818.tar.gz | |
fuse: make sure reclaim doesn't write the inode
In writeback cache mode mtime/ctime updates are cached, and flushed to the server using the ->write_inode() callback. Closing the file will result in a dirty inode being immediately written, but in other cases the inode can remain dirty after all references are dropped. This result in the inode being written back from reclaim, which can deadlock on a regular allocation while the request is being served. The usual mechanisms (GFP_NOFS/PF_MEMALLOC*) don't work for FUSE, because serving a request involves unrelated userspace process(es). Instead do the same as for dirty pages: make sure the inode is written before the last reference is gone. - fallocate(2)/copy_file_range(2): these call file_update_time() or file_modified(), so flush the inode before returning from the call - unlink(2), link(2) and rename(2): these call fuse_update_ctime(), so flush the ctime directly from this helper Reported-by: chenguanyou <chenguanyou@xiaomi.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Diffstat (limited to 'fs/fuse/file.c')
| -rw-r--r-- | fs/fuse/file.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/fs/fuse/file.c b/fs/fuse/file.c index 11404f8c21c7..5c5ed58d91a7 100644 --- a/fs/fuse/file.c +++ b/fs/fuse/file.c @@ -1848,6 +1848,17 @@ int fuse_write_inode(struct inode *inode, struct writeback_control *wbc) struct fuse_file *ff; int err; + /* + * Inode is always written before the last reference is dropped and + * hence this should not be reached from reclaim. + * + * Writing back the inode from reclaim can deadlock if the request + * processing itself needs an allocation. Allocations triggering + * reclaim while serving a request can't be prevented, because it can + * involve any number of unrelated userspace processes. + */ + WARN_ON(wbc->for_reclaim); + ff = __fuse_write_file_get(fi); err = fuse_flush_times(inode, ff); if (ff) @@ -3002,6 +3013,8 @@ out: if (lock_inode) inode_unlock(inode); + fuse_flush_time_update(inode); + return err; } @@ -3111,6 +3124,8 @@ out: inode_unlock(inode_out); file_accessed(file_in); + fuse_flush_time_update(inode_out); + return err; } |