#
d98779e6 |
| 10-Apr-2024 |
Andreas Gruenbacher <agruenba@redhat.com> |
gfs2: Fix potential glock use-after-free on unmount
When a DLM lockspace is released and there ares still locks in that lockspace, DLM will unlock those locks automatically. Commit fb6791d100d1b st
gfs2: Fix potential glock use-after-free on unmount
When a DLM lockspace is released and there ares still locks in that lockspace, DLM will unlock those locks automatically. Commit fb6791d100d1b started exploiting this behavior to speed up filesystem unmount: gfs2 would simply free glocks it didn't want to unlock and then release the lockspace. This didn't take the bast callbacks for asynchronous lock contention notifications into account, which remain active until until a lock is unlocked or its lockspace is released.
To prevent those callbacks from accessing deallocated objects, put the glocks that should not be unlocked on the sd_dead_glocks list, release the lockspace, and only then free those glocks.
As an additional measure, ignore unexpected ast and bast callbacks if the receiving glock is dead.
Fixes: fb6791d100d1b ("GFS2: skip dlm_unlock calls in unmount") Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Cc: David Teigland <teigland@redhat.com>
show more ...
|
#
0b2355fe |
| 09-Oct-2023 |
Andreas Gruenbacher <agruenba@redhat.com> |
gfs2: No longer use 'extern' in function declarations
For non-static function declarations, external linkage is implied and the 'extern' keyword isn't needed. Some static checkers complain about th
gfs2: No longer use 'extern' in function declarations
For non-static function declarations, external linkage is implied and the 'extern' keyword isn't needed. Some static checkers complain about the overuse of 'extern', so clean up all the function declarations.
In addition, remove 'extern' from the definition of free_local_statfs_inodes(); it isn't needed there, either.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
show more ...
|
#
0e072cac |
| 16-Jun-2023 |
Bob Peterson <rpeterso@redhat.com> |
gfs2: change qd_slot_count to qd_slot_ref
Variable qd_slot_count is a reference count, not a count of slots. This patch renames it to qd_slot_ref to make that more clear.
Signed-off-by: Bob Peterso
gfs2: change qd_slot_count to qd_slot_ref
Variable qd_slot_count is a reference count, not a count of slots. This patch renames it to qd_slot_ref to make that more clear.
Signed-off-by: Bob Peterson <rpeterso@redhat.com> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
show more ...
|
#
eef46ab7 |
| 28-Jun-2023 |
Bob Peterson <rpeterso@redhat.com> |
gfs2: Introduce new quota=quiet mount option
This patch adds a new mount option quota=quiet which is the same as quota=on but it suppresses gfs2 quota error messages.
Signed-off-by: Bob Peterson <r
gfs2: Introduce new quota=quiet mount option
This patch adds a new mount option quota=quiet which is the same as quota=on but it suppresses gfs2 quota error messages.
Signed-off-by: Bob Peterson <rpeterso@redhat.com> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
show more ...
|
#
e7beb8b6 |
| 23-Aug-2023 |
Andreas Gruenbacher <agruenba@redhat.com> |
gfs2: Rename SDF_DEACTIVATING to SDF_KILL
Rename the SDF_DEACTIVATING flag to SDF_KILL to make it more obvious that this relates to the kill_sb filesystem operation.
Signed-off-by: Andreas Gruenbac
gfs2: Rename SDF_DEACTIVATING to SDF_KILL
Rename the SDF_DEACTIVATING flag to SDF_KILL to make it more obvious that this relates to the kill_sb filesystem operation.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
show more ...
|
#
3c69c437 |
| 23-Aug-2023 |
Andreas Gruenbacher <agruenba@redhat.com> |
gfs2: Rename sd_{ glock => kill }_wait
Rename sd_glock_wait to sd_kill_wait: we'll use it for other things related to "killing" a filesystem on unmount soon (kill_sb).
Signed-off-by: Andreas Gruenb
gfs2: Rename sd_{ glock => kill }_wait
Rename sd_glock_wait to sd_kill_wait: we'll use it for other things related to "killing" a filesystem on unmount soon (kill_sb).
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
show more ...
|
#
f246dd4b |
| 21-Jun-2023 |
Andreas Gruenbacher <agruenba@redhat.com> |
gfs: Get rid of unnucessary locking in inode_go_dump
Commit 27a2660f1ef9 ("gfs2: Dump nrpages for inodes and their glocks") added some locking around reading inode->i_data.nrpages. That locking doe
gfs: Get rid of unnucessary locking in inode_go_dump
Commit 27a2660f1ef9 ("gfs2: Dump nrpages for inodes and their glocks") added some locking around reading inode->i_data.nrpages. That locking doesn't do anything really, so get rid of it.
With that, the glock argument to ->go_dump() can be made const again as well.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
show more ...
|
#
5432af15 |
| 18-Aug-2022 |
Andreas Gruenbacher <agruenba@redhat.com> |
gfs2: Replace sd_freeze_state with SDF_FROZEN flag
Replace sd_freeze_state with a new SDF_FROZEN flag.
There no longer is a need for indicating that a freeze is in progress (SDF_STARTING_FREEZE); w
gfs2: Replace sd_freeze_state with SDF_FROZEN flag
Replace sd_freeze_state with a new SDF_FROZEN flag.
There no longer is a need for indicating that a freeze is in progress (SDF_STARTING_FREEZE); we are now protecting the critical sections with the sd_freeze_mutex.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
show more ...
|
#
cad1e158 |
| 21-Nov-2022 |
Andreas Gruenbacher <agruenba@redhat.com> |
gfs2: Rename SDF_{FS_FROZEN => FREEZE_INITIATOR}
Rename the SDF_FS_FROZEN flag to SDF_FREEZE_INITIATOR to indicate more clearly that the node that has this flag set is the initiator of the freeze.
gfs2: Rename SDF_{FS_FROZEN => FREEZE_INITIATOR}
Rename the SDF_FS_FROZEN flag to SDF_FREEZE_INITIATOR to indicate more clearly that the node that has this flag set is the initiator of the freeze.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com
show more ...
|
#
b88beb9a |
| 26-Jan-2023 |
Andreas Gruenbacher <agruenba@redhat.com> |
gfs2: Evict inodes cooperatively
Add a gfs2_evict_inodes() helper that evicts inodes cooperatively across the cluster. This avoids running into timeouts during unmount unnecessarily.
Signed-off-by
gfs2: Evict inodes cooperatively
Add a gfs2_evict_inodes() helper that evicts inodes cooperatively across the cluster. This avoids running into timeouts during unmount unnecessarily.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
show more ...
|
#
1c900151 |
| 06-Dec-2022 |
Bob Peterson <rpeterso@redhat.com> |
gfs2: Add SDF_DEACTIVATING super block flag
Add a new SDF_DEACTIVATING super block flag that is set when the filesystem has started to deactivate. This will be used in the next patch to stop and dra
gfs2: Add SDF_DEACTIVATING super block flag
Add a new SDF_DEACTIVATING super block flag that is set when the filesystem has started to deactivate. This will be used in the next patch to stop and drain the delete work during unmount.
Signed-off-by: Bob Peterson <rpeterso@redhat.com> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
show more ...
|
#
f0e56edc |
| 20-Dec-2022 |
Andreas Gruenbacher <agruenba@redhat.com> |
gfs2: Split the two kinds of glock "delete" work
Function delete_work_func() is used for two purposes:
* to immediately try to evict the glock's inode, and
* to verify after a little while that
gfs2: Split the two kinds of glock "delete" work
Function delete_work_func() is used for two purposes:
* to immediately try to evict the glock's inode, and
* to verify after a little while that the inode has been deleted as expected, and didn't just get skipped.
These two operations are not separated very well, so introduce two new glock flags to improved that. Split gfs2_queue_delete_work() into gfs2_queue_try_to_evict and gfs2_queue_verify_evict().
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
show more ...
|
#
0247f4e9 |
| 06-Dec-2022 |
Andreas Gruenbacher <agruenba@redhat.com> |
gfs2: Move delete workqueue into super block
Move the global delete workqueue into struct gfs2_sbd so that we can flush / drain it without interfering with other filesystems.
Signed-off-by: Andreas
gfs2: Move delete workqueue into super block
Move the global delete workqueue into struct gfs2_sbd so that we can flush / drain it without interfering with other filesystems.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
show more ...
|
#
3056dc46 |
| 09-Dec-2022 |
Andreas Gruenbacher <agruenba@redhat.com> |
gfs2: Get rid of GLF_PENDING_DELETE flag
Get rid of the GLF_PENDING_DELETE glock flag introduced by commit a0e3cc65fa29 ("gfs2: Turn gl_delete into a delayed work"). The only use of that flag is to
gfs2: Get rid of GLF_PENDING_DELETE flag
Get rid of the GLF_PENDING_DELETE glock flag introduced by commit a0e3cc65fa29 ("gfs2: Turn gl_delete into a delayed work"). The only use of that flag is to prevent the iopen glock from being demoted (i.e., unlocked) while delete work is pending. It turns out that demoting the iopen glock while delete work is pending is perfectly fine; we only need to make sure that the glock isn't being freed while still in use. This is ensured by the previous patch because delete_work_func() owns a reference while the work is queued or running.
With these changes, gfs2_queue_delete_work() no longer takes the glock spin lock, so we can use it in iopen_go_callback() instead of open-coding it there.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
show more ...
|
#
ba3e77a4 |
| 09-Dec-2022 |
Andreas Gruenbacher <agruenba@redhat.com> |
gfs2: Remove support for glock holder auto-demotion
Remove the support for glock holder auto-demotion (commit dc732906c245 and folow-ups) as we are not planning to use this feature, and the addition
gfs2: Remove support for glock holder auto-demotion
Remove the support for glock holder auto-demotion (commit dc732906c245 and folow-ups) as we are not planning to use this feature, and the additional code therefore only adds unnecessary complexity.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
show more ...
|
#
5f38a4d3 |
| 10-Jun-2022 |
Andreas Gruenbacher <agruenba@redhat.com> |
gfs2: Make go_instantiate take a glock
Make go_instantiate take a glock instead of a glock holder as its argument: this handler is supposed to instantiate the object associated with the glock.
Sign
gfs2: Make go_instantiate take a glock
Make go_instantiate take a glock instead of a glock holder as its argument: this handler is supposed to instantiate the object associated with the glock.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
show more ...
|
#
86c30a01 |
| 10-Jun-2022 |
Andreas Gruenbacher <agruenba@redhat.com> |
gfs2: Add new go_held glock operation
Right now, inode_go_instantiate() contains functionality that relates to how a glock is held rather than the glock itself, like waiting for pending direct I/O t
gfs2: Add new go_held glock operation
Right now, inode_go_instantiate() contains functionality that relates to how a glock is held rather than the glock itself, like waiting for pending direct I/O to complete and completing interrupted truncates. This code is meant to be run each time a holder is acquired, but go_instantiate is actually only called once, when the glock is instantiated.
To fix that, introduce a new go_held glock operation that is called each time a glock holder is acquired. Move the holder specific code in inode_go_instantiate() over to inode_go_held().
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
show more ...
|
#
de3f906f |
| 02-Jun-2022 |
Andreas Gruenbacher <agruenba@redhat.com> |
gfs2: Revert 'Fix "truncate in progress" hang'
Now that interrupted truncates are completed in the context of the process taking the glock, there is no need for the glock state engine to delegate th
gfs2: Revert 'Fix "truncate in progress" hang'
Now that interrupted truncates are completed in the context of the process taking the glock, there is no need for the glock state engine to delegate that task to gfs2_quotad or for quotad to perform those truncates anymore. Get rid of the obsolete associated infrastructure.
Reverts commit 813e0c46c9e2 ("GFS2: Fix "truncate in progress" hang").
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Bob Peterson <rpeterso@redhat.com>
show more ...
|
#
4b3113a2 |
| 05-Oct-2021 |
Bob Peterson <rpeterso@redhat.com> |
gfs2: remove RDF_UPTODATE flag
The new GLF_INSTANTIATE_NEEDED flag obsoletes the old rgrp flag GFS2_RDF_UPTODATE, so this patch replaces it like we did with inodes.
Signed-off-by: Bob Peterson <rpe
gfs2: remove RDF_UPTODATE flag
The new GLF_INSTANTIATE_NEEDED flag obsoletes the old rgrp flag GFS2_RDF_UPTODATE, so this patch replaces it like we did with inodes.
Signed-off-by: Bob Peterson <rpeterso@redhat.com> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
show more ...
|
#
ec1d398d |
| 05-Oct-2021 |
Bob Peterson <rpeterso@redhat.com> |
gfs2: Eliminate GIF_INVALID flag
With the addition of the new GLF_INSTANTIATE_NEEDED flag, the GIF_INVALID flag is now redundant. This patch removes it. Since inode_instantiate is only called when i
gfs2: Eliminate GIF_INVALID flag
With the addition of the new GLF_INSTANTIATE_NEEDED flag, the GIF_INVALID flag is now redundant. This patch removes it. Since inode_instantiate is only called when instantiation is needed, the check in inode_instantiate is removed too.
Signed-off-by: Bob Peterson <rpeterso@redhat.com> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
show more ...
|
#
f2e70d8f |
| 06-Oct-2021 |
Bob Peterson <rpeterso@redhat.com> |
gfs2: fix GL_SKIP node_scope problems
Before this patch, when a glock was locked, the very first holder on the queue would unlock the lockref and call the go_instantiate glops function (if one exist
gfs2: fix GL_SKIP node_scope problems
Before this patch, when a glock was locked, the very first holder on the queue would unlock the lockref and call the go_instantiate glops function (if one existed), unless GL_SKIP was specified. When we introduced the new node-scope concept, we allowed multiple holders to lock glocks in EX mode and share the lock.
But node-scope introduced a new problem: if the first holder has GL_SKIP and the next one does NOT, since it is not the first holder on the queue, the go_instantiate op was not called. Eventually the GL_SKIP holder may call the instantiate sub-function (e.g. gfs2_rgrp_bh_get) but there was still a window of time in which another non-GL_SKIP holder assumes the instantiate function had been called by the first holder. In the case of rgrp glocks, this led to a NULL pointer dereference on the buffer_heads.
This patch tries to fix the problem by introducing two new glock flags:
GLF_INSTANTIATE_NEEDED, which keeps track of when the instantiate function needs to be called to "fill in" or "read in" the object before it is referenced.
GLF_INSTANTIATE_IN_PROG which is used to determine when a process is in the process of reading in the object. Whenever a function needs to reference the object, it checks the GLF_INSTANTIATE_NEEDED flag, and if set, it sets GLF_INSTANTIATE_IN_PROG and calls the glops "go_instantiate" function.
As before, the gl_lockref spin_lock is unlocked during the IO operation, which may take a relatively long amount of time to complete. While unlocked, if another process determines go_instantiate is still needed, it sees GLF_INSTANTIATE_IN_PROG is set, and waits for the go_instantiate glop operation to be completed. Once GLF_INSTANTIATE_IN_PROG is cleared, it needs to check GLF_INSTANTIATE_NEEDED again because the other process's go_instantiate operation may not have been successful.
Functions that previously called the instantiate sub-functions now call directly into gfs2_instantiate so the new bits are managed properly.
Signed-off-by: Bob Peterson <rpeterso@redhat.com> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
show more ...
|
#
3278b977 |
| 29-Sep-2021 |
Bob Peterson <rpeterso@redhat.com> |
gfs2: change go_lock to go_instantiate
Before this patch, the go_lock glock operations (glops) did not do any actual locking. They were used to instantiate objects, like reading in dinodes and rgrps
gfs2: change go_lock to go_instantiate
Before this patch, the go_lock glock operations (glops) did not do any actual locking. They were used to instantiate objects, like reading in dinodes and rgrps from the media.
This patch renames the functions to go_instantiate for clarity.
Signed-off-by: Bob Peterson <rpeterso@redhat.com> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
show more ...
|
#
1b223f70 |
| 25-Aug-2021 |
Andreas Gruenbacher <agruenba@redhat.com> |
gfs2: Eliminate ip->i_gh
Now that gfs2_file_buffered_write is the only remaining user of ip->i_gh, we can move the glock holder to the stack (or rather, use the one we already have on the stack); th
gfs2: Eliminate ip->i_gh
Now that gfs2_file_buffered_write is the only remaining user of ip->i_gh, we can move the glock holder to the stack (or rather, use the one we already have on the stack); there is no need for keeping the holder in the inode anymore.
This is slightly complicated by the fact that we're using ip->i_gh for the statfs inode in gfs2_file_buffered_write as well. Writing to the statfs inode isn't very common, so allocate the statfs holder dynamically when needed.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
show more ...
|
#
dc732906 |
| 19-Aug-2021 |
Bob Peterson <rpeterso@redhat.com> |
gfs2: Introduce flag for glock holder auto-demotion
This patch introduces a new HIF_MAY_DEMOTE flag and infrastructure that will allow glocks to be demoted automatically on locking conflicts. When a
gfs2: Introduce flag for glock holder auto-demotion
This patch introduces a new HIF_MAY_DEMOTE flag and infrastructure that will allow glocks to be demoted automatically on locking conflicts. When a locking request comes in that isn't compatible with the locking state of an active holder and that holder has the HIF_MAY_DEMOTE flag set, the holder will be demoted before the incoming locking request is granted.
Note that this mechanism demotes active holders (with the HIF_HOLDER flag set), while before we were only demoting glocks without any active holders. This allows processes to keep hold of locks that may form a cyclic locking dependency; the core glock logic will then break those dependencies in case a conflicting locking request occurs. We'll use this to avoid giving up the inode glock proactively before faulting in pages.
Processes that allow a glock holder to be taken away indicate this by calling gfs2_holder_allow_demote(), which sets the HIF_MAY_DEMOTE flag. Later, they call gfs2_holder_disallow_demote() to clear the flag again, and then they check if their holder is still queued: if it is, they are still holding the glock; if it isn't, they can re-acquire the glock (or abort).
Signed-off-by: Bob Peterson <rpeterso@redhat.com> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
show more ...
|
#
a8f1d32d |
| 27-Jul-2021 |
Bob Peterson <rpeterso@redhat.com> |
gfs2: Eliminate vestigial HIF_FIRST
Holder flag HIF_FIRST is no longer used or needed, so remove it.
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
|