ext4: deaccount delayed allocations at freeing inode in ext4_evict_inode()
diff mbox series

Message ID 157233344808.4027.17162642259754563372.stgit@buzz
State New
Headers show
Series
  • ext4: deaccount delayed allocations at freeing inode in ext4_evict_inode()
Related show

Commit Message

Konstantin Khlebnikov Oct. 29, 2019, 7:17 a.m. UTC
If inode->i_blocks is zero then ext4_evict_inode() skips ext4_truncate().
Delayed allocation extents are freed later in ext4_clear_inode() but this
happens when quota reference is already dropped. This leads to leak of
reserved space in quota block, which disappears after umount-mount.

This seems broken for a long time but worked somehow until recent changes
in delayed allocation.

Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
---
 fs/ext4/inode.c |    9 +++++++++
 1 file changed, 9 insertions(+)

Comments

Konstantin Khlebnikov Oct. 29, 2019, 7:20 a.m. UTC | #1
On 29/10/2019 10.17, Konstantin Khlebnikov wrote:
> If inode->i_blocks is zero then ext4_evict_inode() skips ext4_truncate().
> Delayed allocation extents are freed later in ext4_clear_inode() but this
> happens when quota reference is already dropped. This leads to leak of
> reserved space in quota block, which disappears after umount-mount.
> 
> This seems broken for a long time but worked somehow until recent changes
> in delayed allocation.

FYI, perf cannot correctly parse related perf events without this:

https://lore.kernel.org/lkml/157228145325.7530.4974461761228678289.stgit@buzz/
Konstantin Khlebnikov Nov. 7, 2019, 5:58 p.m. UTC | #2
+jack@suse.cz into Cc.

On 29/10/2019 10.17, Konstantin Khlebnikov wrote:
> If inode->i_blocks is zero then ext4_evict_inode() skips ext4_truncate().
> Delayed allocation extents are freed later in ext4_clear_inode() but this
> happens when quota reference is already dropped. This leads to leak of
> reserved space in quota block, which disappears after umount-mount.
> 
> This seems broken for a long time but worked somehow until recent changes
> in delayed allocation.
> 
> Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
> ---
>   fs/ext4/inode.c |    9 +++++++++
>   1 file changed, 9 insertions(+)
> 
> diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
> index 516faa280ced..580898145e8f 100644
> --- a/fs/ext4/inode.c
> +++ b/fs/ext4/inode.c
> @@ -293,6 +293,15 @@ void ext4_evict_inode(struct inode *inode)
>   				   inode->i_ino, err);
>   			goto stop_handle;
>   		}
> +	} else if (EXT4_I(inode)->i_reserved_data_blocks) {
> +		/* Deaccount reserve if inode has only delayed allocations. */
> +		err = ext4_es_remove_extent(inode, 0, EXT_MAX_BLOCKS);
> +		if (err) {
> +			ext4_warning(inode->i_sb,
> +				     "couldn't remove extents %lu (err %d)",
> +				     inode->i_ino, err);
> +			goto stop_handle;
> +		}
>   	}
>   
>   	/* Remove xattr references. */
>
Ritesh Harjani Nov. 8, 2019, 2:08 a.m. UTC | #3
On 10/29/19 12:47 PM, Konstantin Khlebnikov wrote:
> If inode->i_blocks is zero then ext4_evict_inode() skips ext4_truncate().
> Delayed allocation extents are freed later in ext4_clear_inode() but this
> happens when quota reference is already dropped. This leads to leak of
> reserved space in quota block, which disappears after umount-mount.
> 
> This seems broken for a long time but worked somehow until recent changes
> in delayed allocation.

Sorry, I may have missed it, but could you please help understand
what recent changes in delayed allocation make this break or worse?


A silly query, since I couldn't figure it out. Maybe the code has been
there ever since like this:-
So why can't we just move drop_dquot later after the 
ext4_es_remove_extent() (in function ext4_clear_inode)? Any known
problems around that?

-ritesh


> 
> Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
> ---
>   fs/ext4/inode.c |    9 +++++++++
>   1 file changed, 9 insertions(+)
> 
> diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
> index 516faa280ced..580898145e8f 100644
> --- a/fs/ext4/inode.c
> +++ b/fs/ext4/inode.c
> @@ -293,6 +293,15 @@ void ext4_evict_inode(struct inode *inode)
>   				   inode->i_ino, err);
>   			goto stop_handle;
>   		}
> +	} else if (EXT4_I(inode)->i_reserved_data_blocks) {
> +		/* Deaccount reserve if inode has only delayed allocations. */
> +		err = ext4_es_remove_extent(inode, 0, EXT_MAX_BLOCKS);
> +		if (err) {
> +			ext4_warning(inode->i_sb,
> +				     "couldn't remove extents %lu (err %d)",
> +				     inode->i_ino, err);
> +			goto stop_handle;
> +		}
>   	}
> 
>   	/* Remove xattr references. */
>
Konstantin Khlebnikov Nov. 8, 2019, 8:30 a.m. UTC | #4
On 08/11/2019 05.08, Ritesh Harjani wrote:
> 
> 
> On 10/29/19 12:47 PM, Konstantin Khlebnikov wrote:
>> If inode->i_blocks is zero then ext4_evict_inode() skips ext4_truncate().
>> Delayed allocation extents are freed later in ext4_clear_inode() but this
>> happens when quota reference is already dropped. This leads to leak of
>> reserved space in quota block, which disappears after umount-mount.
>>
>> This seems broken for a long time but worked somehow until recent changes
>> in delayed allocation.
> 
> Sorry, I may have missed it, but could you please help understand
> what recent changes in delayed allocation make this break or worse?

I don't see problem for 4.19. Haven't bisected yet.
Most likely this is around 'reserved cluster accounting'.

I suspect before these changes something always triggered da before unlink and
space usage committed and then truncated at eviction.

> 
> 
> A silly query, since I couldn't figure it out. Maybe the code has been
> there ever since like this:-

> So why can't we just move drop_dquot later after the ext4_es_remove_extent() (in function ext4_clear_inode)? Any known
> problems around that?

Clear_inode is called also when inode evicts from cache while it has nlinks
and stays at disk. I'm not sure how this must interact with reserves.

> 
> -ritesh
> 
> 
>>
>> Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
>> ---
>>   fs/ext4/inode.c |    9 +++++++++
>>   1 file changed, 9 insertions(+)
>>
>> diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
>> index 516faa280ced..580898145e8f 100644
>> --- a/fs/ext4/inode.c
>> +++ b/fs/ext4/inode.c
>> @@ -293,6 +293,15 @@ void ext4_evict_inode(struct inode *inode)
>>                      inode->i_ino, err);
>>               goto stop_handle;
>>           }
>> +    } else if (EXT4_I(inode)->i_reserved_data_blocks) {
>> +        /* Deaccount reserve if inode has only delayed allocations. */
>> +        err = ext4_es_remove_extent(inode, 0, EXT_MAX_BLOCKS);
>> +        if (err) {
>> +            ext4_warning(inode->i_sb,
>> +                     "couldn't remove extents %lu (err %d)",
>> +                     inode->i_ino, err);
>> +            goto stop_handle;
>> +        }
>>       }
>>
>>       /* Remove xattr references. */
>>
>
Jan Kara Nov. 8, 2019, 11:54 a.m. UTC | #5
On Fri 08-11-19 11:30:56, Konstantin Khlebnikov wrote:
> On 08/11/2019 05.08, Ritesh Harjani wrote:
> > 
> > 
> > On 10/29/19 12:47 PM, Konstantin Khlebnikov wrote:
> > > If inode->i_blocks is zero then ext4_evict_inode() skips ext4_truncate().
> > > Delayed allocation extents are freed later in ext4_clear_inode() but this
> > > happens when quota reference is already dropped. This leads to leak of
> > > reserved space in quota block, which disappears after umount-mount.
> > > 
> > > This seems broken for a long time but worked somehow until recent changes
> > > in delayed allocation.
> > 
> > Sorry, I may have missed it, but could you please help understand
> > what recent changes in delayed allocation make this break or worse?
> 
> I don't see problem for 4.19. Haven't bisected yet.
> Most likely this is around 'reserved cluster accounting'.
> 
> I suspect before these changes something always triggered da before
> unlink and space usage committed and then truncated at eviction.

Yes, I think it's commit 8fcc3a580651 "ext4: rework reserved cluster
accounting when invalidating pages". Because that commit moved releasing of
reserved space from page invalidation time to extent status tree eviction
time. Does attached patch fix the problem for you?

> > A silly query, since I couldn't figure it out. Maybe the code has been
> > there ever since like this:-
> 
> > So why can't we just move drop_dquot later after the ext4_es_remove_extent() (in function ext4_clear_inode)? Any known
> > problems around that?
> 
> Clear_inode is called also when inode evicts from cache while it has nlinks
> and stays at disk. I'm not sure how this must interact with reserves.

In that case all data should be written out for such inode and thus there
should be no reserves...

								Honza
Theodore Ts'o Nov. 15, 2019, 12:27 a.m. UTC | #6
> From ee27836b579d3bf750d45cd7081d3433ea6fedd5 Mon Sep 17 00:00:00 2001
> From: Jan Kara <jack@suse.cz>
> Date: Fri, 8 Nov 2019 12:45:11 +0100
> Subject: [PATCH] ext4: Fix leak of quota reservations
> 
> Commit 8fcc3a580651 ("ext4: rework reserved cluster accounting when
> invalidating pages") moved freeing of delayed allocation reservations
> from dirty page invalidation time to time when we evict corresponding
> status extent from extent status tree. For inodes which don't have any
> blocks allocated this may actually happen only in ext4_clear_blocks()
> which is after we've dropped references to quota structures from the
> inode. Thus reservation of quota leaked. Fix the problem by clearing
> quota information from the inode only after evicting extent status tree
> in ext4_clear_inode().
> 
> Reported-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
> Fixes: 8fcc3a580651 ("ext4: rework reserved cluster accounting when invalidating pages")
> Signed-off-by: Jan Kara <jack@suse.cz>

OK, I've applied this patch.

    	     				- Ted

Patch
diff mbox series

diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 516faa280ced..580898145e8f 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -293,6 +293,15 @@  void ext4_evict_inode(struct inode *inode)
 				   inode->i_ino, err);
 			goto stop_handle;
 		}
+	} else if (EXT4_I(inode)->i_reserved_data_blocks) {
+		/* Deaccount reserve if inode has only delayed allocations. */
+		err = ext4_es_remove_extent(inode, 0, EXT_MAX_BLOCKS);
+		if (err) {
+			ext4_warning(inode->i_sb,
+				     "couldn't remove extents %lu (err %d)",
+				     inode->i_ino, err);
+			goto stop_handle;
+		}
 	}
 
 	/* Remove xattr references. */