tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

FS-Cache: Clear remaining page count on retrieval cancellation

Provide fscache_cancel_op() with a pointer to a function it should invoke under
lock if it cancels an operation.

Use this to clear the remaining page count upon cancellation of a pending
retrieval operation so that fscache_release_retrieval_op() doesn't get an
assertion failure (see below). This can happen when a signal occurs, say from
CTRL-C being pressed during data retrieval.

FS-Cache: Assertion failed
3 == 0 is false
------------[ cut here ]------------
kernel BUG at fs/fscache/page.c:237!
invalid opcode: 0000 [#641] SMP
Modules linked in: cachefiles(F) nfsv4(F) nfsv3(F) nfsv2(F) nfs(F) fscache(F) auth_rpcgss(F) nfs_acl(F) lockd(F) sunrpc(F)
CPU 0
Pid: 6075, comm: slurp-q Tainted: GF D 3.7.0-rc8-fsdevel+ #411 /DG965RY
RIP: 0010:[<ffffffffa007f328>] [<ffffffffa007f328>] fscache_release_retrieval_op+0x75/0xff [fscache]
RSP: 0000:ffff88001c6d7988 EFLAGS: 00010296
RAX: 000000000000000f RBX: ffff880014cdfe00 RCX: ffffffff6c102000
RDX: ffffffff8102d1ad RSI: ffffffff6c102000 RDI: ffffffff8102d1d6
RBP: ffff88001c6d7998 R08: 0000000000000002 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 00000000fffffe00
R13: ffff88001c6d7ab4 R14: ffff88001a8638a0 R15: ffff88001552b190
FS: 00007f877aaf0700(0000) GS:ffff88003bc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00007fff11378fd2 CR3: 000000001c6c6000 CR4: 00000000000007f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process slurp-q (pid: 6075, threadinfo ffff88001c6d6000, task ffff88001c6c4080)
Stack:
ffffffffa007ec07 ffff880014cdfe00 ffff88001c6d79c8 ffffffffa007db4d
ffffffffa007ec07 ffff880014cdfe00 00000000fffffe00 ffff88001c6d7ab4
ffff88001c6d7a38 ffffffffa008116d 0000000000000000 ffff88001c6c4080
Call Trace:
[<ffffffffa007ec07>] ? fscache_cancel_op+0x194/0x1cf [fscache]
[<ffffffffa007db4d>] fscache_put_operation+0x135/0x2ed [fscache]
[<ffffffffa007ec07>] ? fscache_cancel_op+0x194/0x1cf [fscache]
[<ffffffffa008116d>] __fscache_read_or_alloc_pages+0x413/0x4bc [fscache]
[<ffffffff810ac8ae>] ? __alloc_pages_nodemask+0x195/0x75c
[<ffffffffa00aab0f>] __nfs_readpages_from_fscache+0x86/0x13d [nfs]
[<ffffffffa00a5fe0>] nfs_readpages+0x186/0x1bd [nfs]
[<ffffffff810d23c8>] ? alloc_pages_current+0xc7/0xe4
[<ffffffff810a68b5>] ? __page_cache_alloc+0x84/0x91
[<ffffffff810af912>] ? __do_page_cache_readahead+0xa6/0x2e0
[<ffffffff810afaa3>] __do_page_cache_readahead+0x237/0x2e0
[<ffffffff810af912>] ? __do_page_cache_readahead+0xa6/0x2e0
[<ffffffff810afe3e>] ra_submit+0x1c/0x20
[<ffffffff810b019b>] ondemand_readahead+0x359/0x382
[<ffffffff810b0279>] page_cache_sync_readahead+0x38/0x3a
[<ffffffff810a77b5>] generic_file_aio_read+0x26b/0x637
[<ffffffffa00f1852>] ? nfs_mark_delegation_referenced+0xb/0xb [nfsv4]
[<ffffffffa009cc85>] nfs_file_read+0xaa/0xcf [nfs]
[<ffffffff810db5b3>] do_sync_read+0x91/0xd1
[<ffffffff810dbb8b>] vfs_read+0x9b/0x144
[<ffffffff810dbc78>] sys_read+0x44/0x75
[<ffffffff81422892>] system_call_fastpath+0x16/0x1b

Signed-off-by: David Howells <dhowells@redhat.com>

David Howells 91c7fbbf 1f372dff

+20 -5
+2 -1
fs/fscache/internal.h
··· 121 121 struct fscache_operation *); 122 122 extern int fscache_submit_op(struct fscache_object *, 123 123 struct fscache_operation *); 124 - extern int fscache_cancel_op(struct fscache_operation *); 124 + extern int fscache_cancel_op(struct fscache_operation *, 125 + void (*)(struct fscache_operation *)); 125 126 extern void fscache_cancel_all_ops(struct fscache_object *); 126 127 extern void fscache_abort_object(struct fscache_object *); 127 128 extern void fscache_start_operations(struct fscache_object *);
+4 -1
fs/fscache/operation.c
··· 298 298 /* 299 299 * cancel an operation that's pending on an object 300 300 */ 301 - int fscache_cancel_op(struct fscache_operation *op) 301 + int fscache_cancel_op(struct fscache_operation *op, 302 + void (*do_cancel)(struct fscache_operation *)) 302 303 { 303 304 struct fscache_object *object = op->object; 304 305 int ret; ··· 317 316 ASSERT(!list_empty(&op->pend_link)); 318 317 fscache_stat(&fscache_n_op_cancelled); 319 318 list_del_init(&op->pend_link); 319 + if (do_cancel) 320 + do_cancel(op); 320 321 op->state = FSCACHE_OP_ST_CANCELLED; 321 322 if (test_bit(FSCACHE_OP_EXCLUSIVE, &op->flags)) 322 323 object->n_exclusive--;
+14 -3
fs/fscache/page.c
··· 303 303 } 304 304 305 305 /* 306 + * Handle cancellation of a pending retrieval op 307 + */ 308 + static void fscache_do_cancel_retrieval(struct fscache_operation *_op) 309 + { 310 + struct fscache_retrieval *op = 311 + container_of(_op, struct fscache_retrieval, op); 312 + 313 + op->n_pages = 0; 314 + } 315 + 316 + /* 306 317 * wait for an object to become active (or dead) 307 318 */ 308 319 static int fscache_wait_for_retrieval_activation(struct fscache_object *object, ··· 331 320 if (wait_on_bit(&op->op.flags, FSCACHE_OP_WAITING, 332 321 fscache_wait_bit_interruptible, 333 322 TASK_INTERRUPTIBLE) != 0) { 334 - ret = fscache_cancel_op(&op->op); 323 + ret = fscache_cancel_op(&op->op, fscache_do_cancel_retrieval); 335 324 if (ret == 0) 336 325 return -ERESTARTSYS; 337 326 ··· 349 338 return -ENOBUFS; 350 339 } 351 340 if (unlikely(fscache_object_is_dead(object))) { 352 - pr_err("%s() = -ENOBUFS [obj dead %d]", __func__, op->op.state); 353 - fscache_cancel_op(&op->op); 341 + pr_err("%s() = -ENOBUFS [obj dead %d]\n", __func__, op->op.state); 342 + fscache_cancel_op(&op->op, fscache_do_cancel_retrieval); 354 343 fscache_stat(stat_object_dead); 355 344 return -ENOBUFS; 356 345 }