Re: [PATCH v2 7/7] btrfs: do not take the device_list_mutex in clone_fs_devices
From: Anand Jain <hidden>
Date: 2021-08-24 22:08:28
On 28/07/2021 05:01, Josef Bacik wrote:
quoted hunk ↗ jump to hunk
I got the following lockdep splat while testing seed devices ====================================================== WARNING: possible circular locking dependency detected 5.14.0-rc2+ #409 Not tainted ------------------------------------------------------ mount/34004 is trying to acquire lock: ffff9eaac48188e0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: clone_fs_devices+0x4d/0x170 but task is already holding lock: ffff9eaac766d438 (btrfs-chunk-00){++++}-{3:3}, at: __btrfs_tree_read_lock+0x24/0x100 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (btrfs-chunk-00){++++}-{3:3}: down_read_nested+0x46/0x60 __btrfs_tree_read_lock+0x24/0x100 btrfs_read_lock_root_node+0x31/0x40 btrfs_search_slot+0x480/0x930 btrfs_update_device+0x63/0x180 btrfs_chunk_alloc_add_chunk_item+0xdc/0x3a0 btrfs_chunk_alloc+0x281/0x540 find_free_extent+0x10ca/0x1790 btrfs_reserve_extent+0xbf/0x1d0 btrfs_alloc_tree_block+0xb1/0x320 __btrfs_cow_block+0x136/0x5f0 btrfs_cow_block+0x107/0x210 btrfs_search_slot+0x56a/0x930 btrfs_truncate_inode_items+0x187/0xef0 btrfs_truncate_free_space_cache+0x11c/0x210 delete_block_group_cache+0x6f/0xb0 btrfs_relocate_block_group+0xf8/0x350 btrfs_relocate_chunk+0x38/0x120 btrfs_balance+0x79b/0xf00 btrfs_ioctl_balance+0x327/0x400 __x64_sys_ioctl+0x80/0xb0 do_syscall_64+0x38/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae -> #1 (&fs_info->chunk_mutex){+.+.}-{3:3}: __mutex_lock+0x7d/0x750 btrfs_init_new_device+0x6d6/0x1540 btrfs_ioctl+0x1b12/0x2d30 __x64_sys_ioctl+0x80/0xb0 do_syscall_64+0x38/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae -> #0 (&fs_devs->device_list_mutex){+.+.}-{3:3}: __lock_acquire+0x10ea/0x1d90 lock_acquire+0xb5/0x2b0 __mutex_lock+0x7d/0x750 clone_fs_devices+0x4d/0x170 btrfs_read_chunk_tree+0x32f/0x800 open_ctree+0xae3/0x16f0 btrfs_mount_root.cold+0x12/0xea legacy_get_tree+0x2d/0x50 vfs_get_tree+0x25/0xc0 vfs_kern_mount.part.0+0x71/0xb0 btrfs_mount+0x10d/0x380 legacy_get_tree+0x2d/0x50 vfs_get_tree+0x25/0xc0 path_mount+0x433/0xb60 __x64_sys_mount+0xe3/0x120 do_syscall_64+0x38/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae other info that might help us debug this: Chain exists of: &fs_devs->device_list_mutex --> &fs_info->chunk_mutex --> btrfs-chunk-00 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(btrfs-chunk-00); lock(&fs_info->chunk_mutex); lock(btrfs-chunk-00); lock(&fs_devs->device_list_mutex); *** DEADLOCK *** 3 locks held by mount/34004: #0: ffff9eaad75c00e0 (&type->s_umount_key#47/1){+.+.}-{3:3}, at: alloc_super+0xd5/0x3b0 #1: ffffffffbd2dcf08 (uuid_mutex){+.+.}-{3:3}, at: btrfs_read_chunk_tree+0x59/0x800 #2: ffff9eaac766d438 (btrfs-chunk-00){++++}-{3:3}, at: __btrfs_tree_read_lock+0x24/0x100 stack backtrace: CPU: 0 PID: 34004 Comm: mount Not tainted 5.14.0-rc2+ #409 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014 Call Trace: dump_stack_lvl+0x57/0x72 check_noncircular+0xcf/0xf0 __lock_acquire+0x10ea/0x1d90 lock_acquire+0xb5/0x2b0 ? clone_fs_devices+0x4d/0x170 ? lock_is_held_type+0xa5/0x120 __mutex_lock+0x7d/0x750 ? clone_fs_devices+0x4d/0x170 ? clone_fs_devices+0x4d/0x170 ? lockdep_init_map_type+0x47/0x220 ? debug_mutex_init+0x33/0x40 clone_fs_devices+0x4d/0x170 ? lock_is_held_type+0xa5/0x120 btrfs_read_chunk_tree+0x32f/0x800 ? find_held_lock+0x2b/0x80 open_ctree+0xae3/0x16f0 btrfs_mount_root.cold+0x12/0xea ? rcu_read_lock_sched_held+0x3f/0x80 ? kfree+0x1f6/0x410 legacy_get_tree+0x2d/0x50 vfs_get_tree+0x25/0xc0 vfs_kern_mount.part.0+0x71/0xb0 btrfs_mount+0x10d/0x380 ? kfree+0x1f6/0x410 legacy_get_tree+0x2d/0x50 vfs_get_tree+0x25/0xc0 path_mount+0x433/0xb60 __x64_sys_mount+0xe3/0x120 do_syscall_64+0x38/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f6cbcd9788e It is because we take the ->device_list_mutex in this path while holding onto the tree locks in the chunk root. However we do not need the lock here, because we're already holding onto the uuid_mutex, and in fact have removed all other uses of the ->device_list_mutex in this path because of this. Remove the ->device_list_mutex locking here, add an assert for the uuid_mutex and the problem is fixed. Signed-off-by: Josef Bacik <josef@toxicpanda.com> --- fs/btrfs/volumes.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c index f622e93a6ff1..bdfcc35335c3 100644 --- a/fs/btrfs/volumes.c +++ b/fs/btrfs/volumes.c@@ -1000,11 +1000,12 @@ static struct btrfs_fs_devices *clone_fs_devices(struct btrfs_fs_devices *orig) struct btrfs_device *orig_dev; int ret = 0; + lockdep_assert_held(&uuid_mutex); + fs_devices = alloc_fs_devices(orig->fsid, NULL); if (IS_ERR(fs_devices)) return fs_devices; - mutex_lock(&orig->device_list_mutex); fs_devices->total_devices = orig->total_devices; list_for_each_entry(orig_dev, &orig->devices, dev_list) {@@ -1036,10 +1037,8 @@ static struct btrfs_fs_devices *clone_fs_devices(struct btrfs_fs_devices *orig) device->fs_devices = fs_devices; fs_devices->num_devices++; } - mutex_unlock(&orig->device_list_mutex); return fs_devices; error: - mutex_unlock(&orig->device_list_mutex); free_fs_devices(fs_devices); return ERR_PTR(ret); }
This fix is same as in [1] [1] https://patchwork.kernel.org/project/linux-btrfs/patch/23a8830f3be500995e74b45f18862e67c0634c3d.1614793362.git.anand.jain@oracle.com/