[SRU,B,5/6] cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag

Message ID 20180802041734.22518-6-daniel.axtens@canonical.com
State New
Headers show
  • NFS FSCache Fixes: LP: #1774336, #1776277, #1776254
Related show

Commit Message

Daniel Axtens Aug. 2, 2018, 4:17 a.m.
From: Kiran Kumar Modukuri <kiran.modukuri@gmail.com>

BugLink: https://bugs.launchpad.net/bugs/1776254

In cachefiles_mark_object_active(), the new object is marked active and
then we try to add it to the active object tree.  If a conflicting object
is already present, we want to wait for that to go away.  After the wait,
we go round again and try to re-mark the object as being active - but it's
already marked active from the first time we went through and a BUG is

Fix this by clearing the CACHEFILES_OBJECT_ACTIVE flag before we try again.

Analysis from Kiran Kumar Modukuri:

Oops during heavy NFS + FSCache + Cachefiles

CacheFiles: Error: Overlong wait for old active object to go away.

BUG: unable to handle kernel NULL pointer dereference at 0000000000000002

CacheFiles: Error: Object already active kernel BUG at

In a heavily loaded system with big files being read and truncated, an
fscache object for a cookie is being dropped and a new object being
looked. The new object being looked for has to wait for the old object
to go away before the new object is moved to active state.

Clear the flag 'CACHEFILES_OBJECT_ACTIVE' for the new object when
retrying the object lookup.

Have run ~100 hours of NFS stress tests and have not seen this bug recur.

[Regression Potential]
 - Limited to fscache/cachefiles.

Fixes: 9ae326a69004 ("CacheFiles: A cache that backs onto a mounted filesystem")
Signed-off-by: Kiran Kumar Modukuri <kiran.modukuri@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
(backported from commit 5ce83d4bb7d8e11e8c1c687d09f4b5ae67ef3ce3)
Signed-off-by: Daniel Axtens <daniel.axtens@canonical.com>
 fs/cachefiles/namei.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)


diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c
index 3978b324cbca..6c9758ec8cef 100644
--- a/fs/cachefiles/namei.c
+++ b/fs/cachefiles/namei.c
@@ -191,6 +191,8 @@  static int cachefiles_mark_object_active(struct cachefiles_cache *cache,
 	/* an old object from a previous incarnation is hogging the slot - we
 	 * need to wait for it to be destroyed */
+	clear_bit(CACHEFILES_OBJECT_ACTIVE, &object->flags);
 	if (fscache_object_is_live(&xobject->fscache)) {
 		pr_err("Error: Unexpected object collision\n");
@@ -252,7 +254,6 @@  static int cachefiles_mark_object_active(struct cachefiles_cache *cache,
 	goto try_again;
-	clear_bit(CACHEFILES_OBJECT_ACTIVE, &object->flags);
 	_leave(" = -ETIMEDOUT");
 	return -ETIMEDOUT;