From 39745c8b5493159bbca62add54ca9be7cac6564f Mon Sep 17 00:00:00 2001 From: Bobi Jam Date: Thu, 2 Sep 2021 22:24:50 +0800 Subject: [PATCH] LU-14713 llite: mend the trunc_sem_up_write() The original lli_trunc_sem replace change (commit e5914a61ac) fixed a lock scenario: t1 (page fault) t2 (dio read) t3 (truncate) |- vm_mmap_pgoff() |- vvp_io_read_start() |- vvp_io_setattr |- down_write(mmap_sem) |- down_read(trunc_sem) _start() |- do_map() |- ll_direct_IO_impl() |- vvp_io_fault_start |- ll_get_user_pages() |- down_write( |- down_read(mmap_sem) trunc_sem) |- down_read(trunc_sem) t1 waits for read semaphore of trunc_sem which is hindered by t3, since t3 is waiting for the write semaphore while t2 take its read semaphore,and t2 is waiting for mmap_sem which has been taken by t1, and a deadlock ensues. commit e5914a61ac changes the down_read(trunc_sem) to trunc_sem_down_read_nowait() in page fault path, to make it ignore that there is a down_write(trunc_sem) waiting, just takes the read semaphore if no writer has taken the semaphore, and breaks the deadlock. But there is a delicacy in using wake_up_var(), wake_up_var()-> __wake_up_bit()->waitqueue_active() locklessly test for waiters on the queue, and if it's called without explicit smp_mb() it's possible for the waitqueue_active() to ge hoisted before the condition store such that we'll observe an empty wait list and the waiter might not observe the condition, and the waiter won't get woke up whereafter. Fixes: e5914a61ac ("LU-12460 llite: replace lli_trunc_sem") Change-Id: Ifdda2c1c8a4171466be1723923c136e84de8ce0e Signed-off-by: Bobi Jam Reviewed-on: https://review.whamcloud.com/43844 Reviewed-by: Andreas Dilger Reviewed-by: Neil Brown Reviewed-by: Patrick Farrell Tested-by: Maloo Tested-by: Andreas Dilger Reviewed-by: Oleg Drokin --- lustre/llite/llite_internal.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lustre/llite/llite_internal.h b/lustre/llite/llite_internal.h index 0d914b4..7d27214 100644 --- a/lustre/llite/llite_internal.h +++ b/lustre/llite/llite_internal.h @@ -351,6 +351,8 @@ static inline void trunc_sem_down_write(struct ll_trunc_sem *sem) static inline void trunc_sem_up_write(struct ll_trunc_sem *sem) { atomic_set(&sem->ll_trunc_readers, 0); + /* match the smp_mb() in wait_var_event()->prepare_to_wait() */ + smp_mb(); wake_up_var(&sem->ll_trunc_readers); } -- 1.8.3.1