[PATCH 1/2] bdi: make sure congestion states are clear on free
From: Tejun Heo
Date: Fri Feb 02 2018 - 12:54:44 EST
FUSE has a bug where it fails to clear congestion states if a
connection gets aborted while congested, which can leave
nr_wb_congested[] stuck until reboot causing wait_iff_congested() to
wait spuriously.
While the bdi owner, FUSE, is primarily responsible for clearing
congestion states before destroying bdi_writebacks, bdi layer can
ensure that congestion states are not leaked beyond bdi_writeback
lifecycle.
Signed-off-by: Tejun Heo <tj@xxxxxxxxxx>
Reported-by: Joshua Miller <joshmiller@xxxxxx>
Cc: Johannes Weiner <hannes@xxxxxxxxxxx>
Cc: Jan Kara <jack@xxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
---
include/linux/backing-dev.h | 14 +++++++++++++-
mm/backing-dev.c | 2 +-
2 files changed, 14 insertions(+), 2 deletions(-)
--- a/include/linux/backing-dev.h
+++ b/include/linux/backing-dev.h
@@ -220,6 +220,18 @@ static inline int bdi_sched_wait(void *w
return 0;
}
+static inline void __wb_congested_free(struct bdi_writeback_congested *congested)
+{
+ /*
+ * Make sure congestion states are cleared before freeing to avoid
+ * nr_wb_congested() corruption which can lead to misbehaving
+ * wait_iff_congested().
+ */
+ clear_wb_congested(congested, BLK_RW_SYNC);
+ clear_wb_congested(congested, BLK_RW_ASYNC);
+ kfree(congested);
+}
+
#ifdef CONFIG_CGROUP_WRITEBACK
struct bdi_writeback_congested *
@@ -409,7 +421,7 @@ wb_congested_get_create(struct backing_d
static inline void wb_congested_put(struct bdi_writeback_congested *congested)
{
if (atomic_dec_and_test(&congested->refcnt))
- kfree(congested);
+ __wb_congested_free(congested);
}
static inline struct bdi_writeback *wb_find_current(struct backing_dev_info *bdi)
--- a/mm/backing-dev.c
+++ b/mm/backing-dev.c
@@ -509,7 +509,7 @@ void wb_congested_put(struct bdi_writeba
}
spin_unlock_irqrestore(&cgwb_lock, flags);
- kfree(congested);
+ __wb_congested_free(congested);
}
static void cgwb_release_workfn(struct work_struct *work)