• Omar Sandoval's avatar
    btrfs: don't prematurely free work in end_workqueue_fn() · 9be490f1
    Omar Sandoval authored
    Currently, end_workqueue_fn() frees the end_io_wq entry (which embeds
    the work item) and then calls bio_endio(). This is another potential
    instance of the bug in "btrfs: don't prematurely free work in
    run_ordered_work()".
    
    In particular, the endio call may depend on other work items. For
    example, btrfs_end_dio_bio() can call btrfs_subio_endio_read() ->
    __btrfs_correct_data_nocsum() -> dio_read_error() ->
    submit_dio_repair_bio(), which submits a bio that is also completed
    through a end_workqueue_fn() work item. However,
    __btrfs_correct_data_nocsum() waits for the newly submitted bio to
    complete, thus it depends on another work item.
    
    This example currently usually works because we use different workqueue
    helper functions for BTRFS_WQ_ENDIO_DATA and BTRFS_WQ_ENDIO_DIO_REPAIR.
    However, it may deadlock with stacked filesystems and is fragile
    overall. The proper fix is to free the work item at the very end of the
    work function, so let's do that.
    Reviewed-by: default avatarJohannes Thumshirn <jthumshirn@suse.de>
    Signed-off-by: default avatarOmar Sandoval <osandov@fb.com>
    Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
    Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
    9be490f1
disk-io.c 125 KB