1. 14 9月, 2009 1 次提交
    • R
      nilfs2: use semaphore to protect pointer to a writable FS-instance · 027d6404
      Ryusuke Konishi 提交于
      will get rid of nilfs_get_writer() and nilfs_put_writer() pair used to
      retain a writable FS-instance for a period.
      
      The pair functions were making up some kind of recursive lock with a
      mutex, but they became overkill since the commit
      201913ed.  Furthermore, they caused
      the following lockdep warning because the mutex can be released by a
      task which didn't lock it:
      
       =====================================
       [ BUG: bad unlock balance detected! ]
       -------------------------------------
       kswapd0/422 is trying to release lock (&nilfs->ns_writer_mutex) at:
       [<c1359ff5>] mutex_unlock+0x8/0xa
       but there are no more locks to release!
      
       other info that might help us debug this:
       no locks held by kswapd0/422.
      
       stack backtrace:
       Pid: 422, comm: kswapd0 Not tainted 2.6.31-rc4-nilfs #51
       Call Trace:
        [<c1358f97>] ? printk+0xf/0x18
        [<c104fea7>] print_unlock_inbalance_bug+0xcc/0xd7
        [<c11578de>] ? prop_put_global+0x3/0x35
        [<c1050195>] lock_release+0xed/0x1dc
        [<c1359ff5>] ? mutex_unlock+0x8/0xa
        [<c1359f83>] __mutex_unlock_slowpath+0xaf/0x119
        [<c1359ff5>] mutex_unlock+0x8/0xa
        [<d1284add>] nilfs_mdt_write_page+0xd8/0xe1 [nilfs2]
        [<c1092653>] shrink_page_list+0x379/0x68d
        [<c109171b>] ? isolate_pages_global+0xb4/0x18c
        [<c1092bd2>] shrink_list+0x26b/0x54b
        [<c10930be>] shrink_zone+0x20c/0x2a2
        [<c10936b7>] kswapd+0x407/0x591
        [<c1091667>] ? isolate_pages_global+0x0/0x18c
        [<c1040603>] ? autoremove_wake_function+0x0/0x33
        [<c10932b0>] ? kswapd+0x0/0x591
        [<c104033b>] kthread+0x69/0x6e
        [<c10402d2>] ? kthread+0x0/0x6e
        [<c1003e33>] kernel_thread_helper+0x7/0x1a
      
      This patch uses a reader/writer semaphore instead of the own lock and
      kills this warning.
      Signed-off-by: NRyusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
      027d6404
  2. 19 8月, 2009 1 次提交
    • R
      nilfs2: fix oopses with doubly mounted snapshots · a9245860
      Ryusuke Konishi 提交于
      will fix kernel oopses like the following:
      
       # mount -t nilfs2 -r -o cp=20 /dev/sdb1 /test1
       # mount -t nilfs2 -r -o cp=20 /dev/sdb1 /test2
       # umount /test1
       # umount /test2
      
      BUG: sleeping function called from invalid context at arch/x86/mm/fault.c:1069
      in_atomic(): 0, irqs_disabled(): 1, pid: 3886, name: umount.nilfs2
      1 lock held by umount.nilfs2/3886:
       #0:  (&type->s_umount_key#31){+.+...}, at: [<c10b398a>] deactivate_super+0x52/0x6c
      irq event stamp: 1219
      hardirqs last  enabled at (1219): [<c135c774>] __mutex_unlock_slowpath+0xf8/0x119
      hardirqs last disabled at (1218): [<c135c6d5>] __mutex_unlock_slowpath+0x59/0x119
      softirqs last  enabled at (1214): [<c1033316>] __do_softirq+0x1a5/0x1ad
      softirqs last disabled at (1205): [<c1033354>] do_softirq+0x36/0x5a
      Pid: 3886, comm: umount.nilfs2 Not tainted 2.6.31-rc6 #55
      Call Trace:
       [<c1023549>] __might_sleep+0x107/0x10e
       [<c13603c0>] do_page_fault+0x246/0x397
       [<c136017a>] ? do_page_fault+0x0/0x397
       [<c135e753>] error_code+0x6b/0x70
       [<c136017a>] ? do_page_fault+0x0/0x397
       [<c104f805>] ? __lock_acquire+0x91/0x12fd
       [<c1050a62>] ? __lock_acquire+0x12ee/0x12fd
       [<c1050a62>] ? __lock_acquire+0x12ee/0x12fd
       [<c1050b2b>] lock_acquire+0xba/0xdd
       [<d0d17d3f>] ? nilfs_detach_segment_constructor+0x2f/0x2fa [nilfs2]
       [<c135d4fe>] down_write+0x2a/0x46
       [<d0d17d3f>] ? nilfs_detach_segment_constructor+0x2f/0x2fa [nilfs2]
       [<d0d17d3f>] nilfs_detach_segment_constructor+0x2f/0x2fa [nilfs2]
       [<c104ea2c>] ? mark_held_locks+0x43/0x5b
       [<c104ecb1>] ? trace_hardirqs_on_caller+0x10b/0x133
       [<c104ece4>] ? trace_hardirqs_on+0xb/0xd
       [<d0d09ac1>] nilfs_put_super+0x2f/0xca [nilfs2]
       [<c10b3352>] generic_shutdown_super+0x49/0xb8
       [<c10b33de>] kill_block_super+0x1d/0x31
       [<c10e6599>] ? vfs_quota_off+0x0/0x12
       [<c10b398f>] deactivate_super+0x57/0x6c
       [<c10c4bc3>] mntput_no_expire+0x8c/0xb4
       [<c10c5094>] sys_umount+0x27f/0x2a4
       [<c10c50c6>] sys_oldumount+0xd/0xf
       [<c10031a4>] sysenter_do_call+0x12/0x38
       ...
      
      This turns out to be a bug brought by an -rc1 patch ("nilfs2: simplify
      remaining sget() use").
      
      In the patch, a new "put resource" function, nilfs_put_sbinfo()
      was introduced to delay freeing nilfs_sb_info struct.
      
      But the nilfs_put_sbinfo() mistakenly used atomic_dec_and_test()
      function to check the reference count, and it caused the nilfs_sb_info
      was freed when user mounted a snapshot twice.
      
      This bug also suggests there was unseen memory leak in usual mount
      /umount operations for nilfs.
      Signed-off-by: NRyusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
      a9245860
  3. 12 6月, 2009 5 次提交
  4. 07 4月, 2009 6 次提交