In an instrumented testing it is possible that the mount and
a newer mkfs.btrfs thread on the same device can race and if the new
mkfs.btrfs wins it will free the older fs_devices, then the mount thread
will lead to oops.
Thread1 Thread2
------- -------
mkfs.btrfs -fq /dev/sdb
mount /dev/sdb /btrfs
|_btrfs_mount_root()
|_btrfs_scan_one_device(... &fs_devices)
mkfs.btrfs -fq /dev/sdb
|_btrfs_contol_ioctl()
|_btrfs_scan_one_device(... &fs_devices)
|_::
|_btrfs_free_stale_devices()
|_btrfs_open_devices(fs_devices ..) <-- stale fs_devices.
Fix this with a mutually exclusive flag BTRFS_VOL_FLAG_EXCL_OPS.
Signed-off-by: Anand Jain <anand.jain@xxxxxxxxxx>
---
fs/btrfs/super.c | 6 ++++++
fs/btrfs/volumes.c | 10 +++++++++-
fs/btrfs/volumes.h | 1 +
3 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c
index f0c13defc9eb..b60e7cbe39f5 100644
--- a/fs/btrfs/super.c
+++ b/fs/btrfs/super.c
@@ -1565,7 +1565,13 @@ static struct dentry *btrfs_mount_root(struct file_system_type *fs_type,
goto error_fs_info;
}
+ if (test_and_set_bit(BTRFS_VOLUME_STATE_EXCL_OPS, &fs_devices->volume_state)) {
+ error = -EBUSY;
+ goto error_fs_info;
+ }
+
error = btrfs_open_devices(fs_devices, mode, fs_type);
+ clear_bit(BTRFS_VOLUME_STATE_EXCL_OPS, &fs_devices->volume_state);
if (error)
goto error_fs_info;
diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
index 87a4b12f98e3..3137cc990550 100644
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -635,7 +635,7 @@ static void pending_bios_fn(struct btrfs_work *work)
* devices.
*/
static void free_stale_devices(const char *path,
- struct btrfs_device *skip_device)
+ struct btrfs_device *skip_device)
{
struct btrfs_fs_devices *fs_devices, *tmp_fs_devices;
struct btrfs_device *device, *tmp_device;
@@ -643,9 +643,15 @@ static void free_stale_devices(const char *path,
list_for_each_entry_safe(fs_devices, tmp_fs_devices, &fs_uuids,
fs_list) {
+ if (test_and_set_bit(BTRFS_VOLUME_STATE_EXCL_OPS,
+ &fs_devices->volume_state))
+ continue;
+
mutex_lock(&fs_devices->device_list_mutex);
if (fs_devices->opened) {
mutex_unlock(&fs_devices->device_list_mutex);
+ clear_bit(BTRFS_VOLUME_STATE_EXCL_OPS,
+ &fs_devices->volume_state);
continue;
}
@@ -680,6 +686,8 @@ static void free_stale_devices(const char *path,
list_del(&fs_devices->fs_list);
free_fs_devices(fs_devices);
}
+ clear_bit(BTRFS_VOLUME_STATE_EXCL_OPS,
+ &fs_devices->volume_state);
}
}
diff --git a/fs/btrfs/volumes.h b/fs/btrfs/volumes.h
index cd18916f2bbc..60eea973a501 100644
--- a/fs/btrfs/volumes.h
+++ b/fs/btrfs/volumes.h
@@ -214,6 +214,7 @@ BTRFS_DEVICE_GETSET_FUNCS(bytes_used);
*/
#define BTRFS_VOLUME_STATE_ROTATING (0)
#define BTRFS_VOLUME_STATE_SEEDING (1)
+#define BTRFS_VOLUME_STATE_EXCL_OPS (2)
struct btrfs_fs_devices {
u8 fsid[BTRFS_FSID_SIZE]; /* FS specific uuid */
--
2.15.0
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
