Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dmu_objset_from_ds must be called with dp_config_rwlock held #10115

Merged
merged 1 commit into from
Mar 12, 2020
Merged

dmu_objset_from_ds must be called with dp_config_rwlock held #10115

merged 1 commit into from
Mar 12, 2020

Conversation

ahrens
Copy link
Member

@ahrens ahrens commented Mar 10, 2020
edited
Loading

Motivation and Context

The normal lock order is that the dp_config_rwlock must be held before
the ds_opening_lock. For example, dmu_objset_hold() does this.
However, dmu_objset_open_impl() is called with the ds_opening_lock held,
and if the dp_config_rwlock is not already held, it will attempt to
acquire it. This may lead to deadlock, since the lock order is
reversed.

Looking at all the callers of dmu_objset_open_impl() (which is
principally the callers of dmu_objset_from_ds()), almost all callers
already have the dp_config_rwlock. However, there are a few places in
the send and receive code paths that do not. For example:
dsl_crypto_populate_key_nvlist, send_cb, dmu_recv_stream,
receive_write_byref, redact_traverse_thread.

Closes #9662

Description

This commit resolves the problem by requiring all callers to
dmu_objset_from_ds() to hold the dp_config_rwlock. In most cases, the
code has been restructured such that we call dmu_objset_from_ds()
earlier on in the send and receive processes, when we already have the
dp_config_rwlock, and save the objset_t until we need it in the middle
of the send or receive (similar to what we already do with the
dsl_dataset_t). Thus we do not need to acquire the dp_config_rwlock in
many new places.

I also cleaned up code in dmu_redact_snap() and send_traverse_thread().

How Has This Been Tested?

test suite

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Performance enhancement (non-breaking change which improves efficiency)
  • Code cleanup (non-breaking change which makes code smaller or more readable)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation (a change to man pages or other documentation)

Checklist:

  • My code follows the ZFS on Linux code style requirements.
  • I have updated the documentation accordingly.
  • I have read the contributing document.
  • I have added tests to cover my changes.
  • I have run the ZFS Test Suite with this change applied.
  • All commit messages are properly formatted and contain Signed-off-by.

@ahrens
dmu_objset_from_ds must be called with dp_config_rwlock held
945ea0f 
The normal lock order is that the dp_config_rwlock must be held before
the ds_opening_lock.  For example, dmu_objset_hold() does this.
However, dmu_objset_open_impl() is called with the ds_opening_lock held,
and if the dp_config_rwlock is not already held, it will attempt to
acquire it.  This may lead to deadlock, since the lock order is
reversed.

Looking at all the callers of dmu_objset_open_impl() (which is
principally the callers of dmu_objset_from_ds()), almost all callers
already have the dp_config_rwlock.  However, there are a few places in
the send and receive code paths that do not.  For example:
dsl_crypto_populate_key_nvlist, send_cb, dmu_recv_stream,
receive_write_byref, redact_traverse_thread.

This commit resolves the problem by requiring all callers ot
dmu_objset_from_ds() to hold the dp_config_rwlock.  In most cases, the
code has been restructured such that we call dmu_objset_from_ds()
earlier on in the send and receive processes, when we already have the
dp_config_rwlock, and save the objset_t until we need it in the middle
of the send or receive (similar to what we already do with the
dsl_dataset_t).  Thus we do not need to acquire the dp_config_rwlock in
many new places.

I also cleaned up code in dmu_redact_snap() and send_traverse_thread().

Closes openzfs#9662

Signed-off-by: Matthew Ahrens <mahrens@delphix.com>
@ahrens ahrens added Type: Defect Incorrect behavior (e.g. crash, hang) Status: Code Review Needed Ready for review and testing labels Mar 10, 2020
PaulZ-98
PaulZ-98 approved these changes Mar 10, 2020
View reviewed changes
Copy link
Contributor

@PaulZ-98 PaulZ-98 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Comments make it pretty clear. I'm not too familiar with the redacted send code so that part could probably use another set of eyes.

module/os/linux/zfs/zfs_vfsops.c Show resolved Hide resolved
module/os/linux/zfs/zfs_vfsops.c Show resolved Hide resolved
behlendorf
behlendorf approved these changes Mar 11, 2020
View reviewed changes
Copy link
Contributor

@behlendorf behlendorf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@freqlabs I wanted to make sure you saw this. After this is merged you'll want to make similar minor updates to the FreeBSD zfs_resume_fs and zfs_end_fs functions.

@ghost
Copy link

ghost commented Mar 11, 2020

@freqlabs I wanted to make sure you saw this. After this is merged you'll want to make similar minor updates to the FreeBSD zfs_resume_fs and zfs_end_fs functions.

Thanks, I appreciate the heads-up.

@behlendorf behlendorf added Status: Accepted Ready to integrate (reviewed, tested) and removed Status: Code Review Needed Ready for review and testing labels Mar 11, 2020
@behlendorf behlendorf merged commit 0fdd610 into openzfs:master Mar 12, 2020
ghost pushed a commit to zfsonfreebsd/ZoF that referenced this pull request Mar 12, 2020
Obey pool config locking in zfs_resume_fs and zfs_end_fs (openzfs#10115)
3e8d6b1
jsai20 pushed a commit to jsai20/zfs that referenced this pull request Mar 30, 2021
@ahrens @jsai20
dmu_objset_from_ds must be called with dp_config_rwlock held
913f9bd 
The normal lock order is that the dp_config_rwlock must be held before
the ds_opening_lock.  For example, dmu_objset_hold() does this.
However, dmu_objset_open_impl() is called with the ds_opening_lock held,
and if the dp_config_rwlock is not already held, it will attempt to
acquire it.  This may lead to deadlock, since the lock order is
reversed.

Looking at all the callers of dmu_objset_open_impl() (which is
principally the callers of dmu_objset_from_ds()), almost all callers
already have the dp_config_rwlock.  However, there are a few places in
the send and receive code paths that do not.  For example:
dsl_crypto_populate_key_nvlist, send_cb, dmu_recv_stream,
receive_write_byref, redact_traverse_thread.

This commit resolves the problem by requiring all callers ot
dmu_objset_from_ds() to hold the dp_config_rwlock.  In most cases, the
code has been restructured such that we call dmu_objset_from_ds()
earlier on in the send and receive processes, when we already have the
dp_config_rwlock, and save the objset_t until we need it in the middle
of the send or receive (similar to what we already do with the
dsl_dataset_t).  Thus we do not need to acquire the dp_config_rwlock in
many new places.

I also cleaned up code in dmu_redact_snap() and send_traverse_thread().

Reviewed-by: Paul Dagnelie <pcd@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Paul Zuchowski <pzuchowski@datto.com>
Signed-off-by: Matthew Ahrens <mahrens@delphix.com>
Closes openzfs#9662
Closes openzfs#10115
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pcd1193182 pcd1193182 pcd1193182 approved these changes

@behlendorf behlendorf behlendorf approved these changes

@PaulZ-98 PaulZ-98 PaulZ-98 approved these changes

Assignees
No one assigned
Labels
Status: Accepted Ready to integrate (reviewed, tested) Type: Defect Incorrect behavior (e.g. crash, hang)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

deadlock when calling dmu_objset_from_ds() without dp_config_rwlock
4 participants
@ahrens @pcd1193182 @behlendorf @PaulZ-98