Fix kernel panic due to tsd_exit in ZFS_EXIT(zsb)

The following panic would occur under certain heavy load: [ 4692.202686] Kernel panic - not syncing: thread ffff8800c4f5dd60 terminating with rrw lock ffff8800da1b9c40 held [ 4692.228053] CPU: 1 PID: 6250 Comm: mmap_deadlock Tainted: P OE 3.18.10 openzfs#7 The culprit is that ZFS_EXIT(zsb) would call tsd_exit() every time, which would purge all tsd data for the thread. However, ZFS_ENTER is designed to be reentrant, so we cannot allow ZFS_EXIT to blindly purge tsd data. Instead, when we are doing rrw_exit, if we are removing the last rrn entry, then we calls tsd_exit_key(rrw_tsd_key), which would only remove the rrw_tsd_key tsd entry and also the PID_KEY tsd entry if it is the only entry left for this thread. Signed-off-by: Chunwei Chen <tuxoko@gmail.com>
tuxoko · Apr 1, 2015 · 62db238 · 62db238
1 parent 90cf021
commit 62db238
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/include/sys/zfs_znode.h b/include/sys/zfs_znode.h
@@ -263,7 +263,6 @@ typedef struct znode {
 #define	ZFS_EXIT(zsb) \
 	{ \
 		rrw_exit(&(zsb)->z_teardown_lock, FTAG); \
-		tsd_exit(); \
 	}
 
 /* Verifies the znode is valid */

diff --git a/module/zfs/rrwlock.c b/module/zfs/rrwlock.c
@@ -125,10 +125,16 @@ rrn_find_and_remove(rrwlock_t *rrl, void *tag)
 
 	for (rn = tsd_get(rrw_tsd_key); rn != NULL; rn = rn->rn_next) {
 		if (rn->rn_rrl == rrl && rn->rn_tag == tag) {
-			if (prev)
+			if (prev) {
 				prev->rn_next = rn->rn_next;
-			else
+			} else {
 				VERIFY(tsd_set(rrw_tsd_key, rn->rn_next) == 0);
+#ifdef _KERNEL
+				/* remove tsd entry if this is the last node */
+				if (rn->rn_next == NULL)
+					tsd_exit_key(rrw_tsd_key);
+#endif
+			}
 			kmem_free(rn, sizeof (*rn));
 			return (B_TRUE);
 		}