• Jie Liu's avatar
    xfs: fix infinite loop by detaching the group/project hints from user dquot · df8052e7
    Jie Liu authored
    xfs_quota(8) will hang up if trying to turn group/project quota off
    before the user quota is off, this could be 100% reproduced by:
      # mount -ouquota,gquota /dev/sda7 /xfs
      # mkdir /xfs/test
      # xfs_quota -xc 'off -g' /xfs <-- hangs up
      # echo w > /proc/sysrq-trigger
      # dmesg
    
      SysRq : Show Blocked State
      task                        PC stack   pid father
      xfs_quota       D 0000000000000000     0 27574   2551 0x00000000
      [snip]
      Call Trace:
      [<ffffffff81aaa21d>] schedule+0xad/0xc0
      [<ffffffff81aa327e>] schedule_timeout+0x35e/0x3c0
      [<ffffffff8114b506>] ? mark_held_locks+0x176/0x1c0
      [<ffffffff810ad6c0>] ? call_timer_fn+0x2c0/0x2c0
      [<ffffffffa0c25380>] ? xfs_qm_shrink_count+0x30/0x30 [xfs]
      [<ffffffff81aa3306>] schedule_timeout_uninterruptible+0x26/0x30
      [<ffffffffa0c26155>] xfs_qm_dquot_walk+0x235/0x260 [xfs]
      [<ffffffffa0c059d8>] ? xfs_perag_get+0x1d8/0x2d0 [xfs]
      [<ffffffffa0c05805>] ? xfs_perag_get+0x5/0x2d0 [xfs]
      [<ffffffffa0b7707e>] ? xfs_inode_ag_iterator+0xae/0xf0 [xfs]
      [<ffffffffa0c22280>] ? xfs_trans_free_dqinfo+0x50/0x50 [xfs]
      [<ffffffffa0b7709f>] ? xfs_inode_ag_iterator+0xcf/0xf0 [xfs]
      [<ffffffffa0c261e6>] xfs_qm_dqpurge_all+0x66/0xb0 [xfs]
      [<ffffffffa0c2497a>] xfs_qm_scall_quotaoff+0x20a/0x5f0 [xfs]
      [<ffffffffa0c2b8f6>] xfs_fs_set_xstate+0x136/0x180 [xfs]
      [<ffffffff8136cf7a>] do_quotactl+0x53a/0x6b0
      [<ffffffff812fba4b>] ? iput+0x5b/0x90
      [<ffffffff8136d257>] SyS_quotactl+0x167/0x1d0
      [<ffffffff814cf2ee>] ? trace_hardirqs_on_thunk+0x3a/0x3f
      [<ffffffff81abcd19>] system_call_fastpath+0x16/0x1b
    
    It's fine if we turn user quota off at first, then turn off other
    kind of quotas if they are enabled since the group/project dquot
    refcount is decreased to zero once the user quota if off. Otherwise,
    those dquots refcount is non-zero due to the user dquot might refer
    to them as hint(s).  Hence, above operation cause an infinite loop
    at xfs_qm_dquot_walk() while trying to purge dquot cache.
    
    This problem has been around since Linux 3.4, it was introduced by:
      [ b84a3a96 xfs: remove the per-filesystem list of dquots ]
    
    Originally we will release the group dquot pointers because the user
    dquots maybe carrying around as a hint via xfs_qm_detach_gdquots().
    However, with above change, there is no such work to be done before
    purging group/project dquot cache.
    
    In order to solve this problem, this patch introduces a special routine
    xfs_qm_dqpurge_hints(), and it would release the group/project dquot
    pointers the user dquots maybe carrying around as a hint, and then it
    will proceed to purge the user dquot cache if requested.
    
    Cc: stable@vger.kernel.org
    Signed-off-by: default avatarJie Liu <jeff.liu@oracle.com>
    Reviewed-by: default avatarDave Chinner <dchinner@redhat.com>
    Signed-off-by: default avatarBen Myers <bpm@sgi.com>
    df8052e7
xfs_qm.c 51.2 KB