Skip to content

Commit 88ec797

Browse files
mjguzikbrauner
mjguzik
authored and
brauner
committed
fs: make insert_inode_locked() wait for inode destruction
This is the only routine which instead skipped instead of waiting. The current behavior is arguably a bug as it results in a corner case where the inode hash can have *two* matching inodes, one of which is on its way out. Ironing out this difference is an incremental step towards sanitizing the API. Signed-off-by: Mateusz Guzik <mjguzik@gmail.com> Link: https://patch.msgid.link/20260114094717.236202-1-mjguzik@gmail.com Signed-off-by: Christian Brauner <brauner@kernel.org>
1 parent aaf7683 commit 88ec797

1 file changed

Lines changed: 24 additions & 17 deletions

File tree

fs/inode.c

Lines changed: 24 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -1028,19 +1028,20 @@ long prune_icache_sb(struct super_block *sb, struct shrink_control *sc)
10281028
return freed;
10291029
}
10301030

1031-
static void __wait_on_freeing_inode(struct inode *inode, bool is_inode_hash_locked);
1031+
static void __wait_on_freeing_inode(struct inode *inode, bool hash_locked, bool rcu_locked);
1032+
10321033
/*
10331034
* Called with the inode lock held.
10341035
*/
10351036
static struct inode *find_inode(struct super_block *sb,
10361037
struct hlist_head *head,
10371038
int (*test)(struct inode *, void *),
1038-
void *data, bool is_inode_hash_locked,
1039+
void *data, bool hash_locked,
10391040
bool *isnew)
10401041
{
10411042
struct inode *inode = NULL;
10421043

1043-
if (is_inode_hash_locked)
1044+
if (hash_locked)
10441045
lockdep_assert_held(&inode_hash_lock);
10451046
else
10461047
lockdep_assert_not_held(&inode_hash_lock);
@@ -1054,7 +1055,7 @@ static struct inode *find_inode(struct super_block *sb,
10541055
continue;
10551056
spin_lock(&inode->i_lock);
10561057
if (inode_state_read(inode) & (I_FREEING | I_WILL_FREE)) {
1057-
__wait_on_freeing_inode(inode, is_inode_hash_locked);
1058+
__wait_on_freeing_inode(inode, hash_locked, true);
10581059
goto repeat;
10591060
}
10601061
if (unlikely(inode_state_read(inode) & I_CREATING)) {
@@ -1078,11 +1079,11 @@ static struct inode *find_inode(struct super_block *sb,
10781079
*/
10791080
static struct inode *find_inode_fast(struct super_block *sb,
10801081
struct hlist_head *head, unsigned long ino,
1081-
bool is_inode_hash_locked, bool *isnew)
1082+
bool hash_locked, bool *isnew)
10821083
{
10831084
struct inode *inode = NULL;
10841085

1085-
if (is_inode_hash_locked)
1086+
if (hash_locked)
10861087
lockdep_assert_held(&inode_hash_lock);
10871088
else
10881089
lockdep_assert_not_held(&inode_hash_lock);
@@ -1096,7 +1097,7 @@ static struct inode *find_inode_fast(struct super_block *sb,
10961097
continue;
10971098
spin_lock(&inode->i_lock);
10981099
if (inode_state_read(inode) & (I_FREEING | I_WILL_FREE)) {
1099-
__wait_on_freeing_inode(inode, is_inode_hash_locked);
1100+
__wait_on_freeing_inode(inode, hash_locked, true);
11001101
goto repeat;
11011102
}
11021103
if (unlikely(inode_state_read(inode) & I_CREATING)) {
@@ -1832,16 +1833,13 @@ int insert_inode_locked(struct inode *inode)
18321833
while (1) {
18331834
struct inode *old = NULL;
18341835
spin_lock(&inode_hash_lock);
1836+
repeat:
18351837
hlist_for_each_entry(old, head, i_hash) {
18361838
if (old->i_ino != ino)
18371839
continue;
18381840
if (old->i_sb != sb)
18391841
continue;
18401842
spin_lock(&old->i_lock);
1841-
if (inode_state_read(old) & (I_FREEING | I_WILL_FREE)) {
1842-
spin_unlock(&old->i_lock);
1843-
continue;
1844-
}
18451843
break;
18461844
}
18471845
if (likely(!old)) {
@@ -1852,6 +1850,11 @@ int insert_inode_locked(struct inode *inode)
18521850
spin_unlock(&inode_hash_lock);
18531851
return 0;
18541852
}
1853+
if (inode_state_read(old) & (I_FREEING | I_WILL_FREE)) {
1854+
__wait_on_freeing_inode(old, true, false);
1855+
old = NULL;
1856+
goto repeat;
1857+
}
18551858
if (unlikely(inode_state_read(old) & I_CREATING)) {
18561859
spin_unlock(&old->i_lock);
18571860
spin_unlock(&inode_hash_lock);
@@ -2504,31 +2507,35 @@ EXPORT_SYMBOL(inode_needs_sync);
25042507
* wake_up_bit(&inode->i_state, __I_NEW) after removing from the hash list
25052508
* will DTRT.
25062509
*/
2507-
static void __wait_on_freeing_inode(struct inode *inode, bool is_inode_hash_locked)
2510+
static void __wait_on_freeing_inode(struct inode *inode, bool hash_locked, bool rcu_locked)
25082511
{
25092512
struct wait_bit_queue_entry wqe;
25102513
struct wait_queue_head *wq_head;
25112514

2515+
VFS_BUG_ON(!hash_locked && !rcu_locked);
2516+
25122517
/*
25132518
* Handle racing against evict(), see that routine for more details.
25142519
*/
25152520
if (unlikely(inode_unhashed(inode))) {
2516-
WARN_ON(is_inode_hash_locked);
2521+
WARN_ON(hash_locked);
25172522
spin_unlock(&inode->i_lock);
25182523
return;
25192524
}
25202525

25212526
wq_head = inode_bit_waitqueue(&wqe, inode, __I_NEW);
25222527
prepare_to_wait_event(wq_head, &wqe.wq_entry, TASK_UNINTERRUPTIBLE);
25232528
spin_unlock(&inode->i_lock);
2524-
rcu_read_unlock();
2525-
if (is_inode_hash_locked)
2529+
if (rcu_locked)
2530+
rcu_read_unlock();
2531+
if (hash_locked)
25262532
spin_unlock(&inode_hash_lock);
25272533
schedule();
25282534
finish_wait(wq_head, &wqe.wq_entry);
2529-
if (is_inode_hash_locked)
2535+
if (hash_locked)
25302536
spin_lock(&inode_hash_lock);
2531-
rcu_read_lock();
2537+
if (rcu_locked)
2538+
rcu_read_lock();
25322539
}
25332540

25342541
static __initdata unsigned long ihash_entries;

0 commit comments

Comments
 (0)