]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph-client.git/commit
projects / ceph-client.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4350ac5) | patch
ceph: cleanup of processing ci->i_ceph_flags bits
authorViacheslav Dubeyko <Slava.Dubeyko@ibm.com>
Tue, 12 Aug 2025 19:53:26 +0000 (12:53 -0700)
committerIlya Dryomov <idryomov@gmail.com>
Mon, 16 Mar 2026 10:08:34 +0000 (11:08 +0100)
commit3a5a834cbaefc92ce9bd856ed82d2a616021291d
tree1b8d7bfa92c61502c23844bab6fd53613e4320f9tree | snapshot
parent4350ac524b9dfce4cd66312c1f96978c771712bbcommit | diff
ceph: cleanup of processing ci->i_ceph_flags bits

The Coverity Scan service has detected potential
race condition in ceph_check_delayed_caps() [1].

The CID 1590633 contains explanation: "Accessing
ci->i_ceph_flags without holding lock
ceph_inode_info.i_ceph_lock. The value of the shared data
will be determined by the interleaving of thread execution.
Thread shared data is accessed without holding an appropriate
lock, possibly causing a race condition (CWE-366)".

The patch reworks the logic of accessing ci->i_ceph_flags.
At first, it removes ci item from a mdsc->cap_delay_list.
Then it unlocks mdsc->cap_delay_lock and it locks
ci->i_ceph_lock. Then, it calls smp_mb__before_atomic()
to be sure that ci->i_ceph_flags has consistent state of
the bits. The is_metadata_under_flush variable stores
the state of CEPH_I_FLUSH_BIT. Finally, it unlocks
the ci->i_ceph_lock and it locks the mdsc->cap_delay_lock.
The is_metadata_under_flush is used to check the condition
that ci needs to be removed from mdsc->cap_delay_list.
If it is not the case, then ci will be added into the head of
mdsc->cap_delay_list.

This patch reworks the logic of checking the CEPH_I_FLUSH_BIT,
CEPH_I_FLUSH_SNAPS_BIT, CEPH_I_KICK_FLUSH_BIT,
CEPH_ASYNC_CREATE_BIT, CEPH_I_ERROR_FILELOCK_BIT by test_bit()
method and calling smp_mb__before_atomic() to ensure that
bit state is consistent. It switches on calling the set_bit(),
clear_bit() for these bits, and calling smp_mb__after_atomic()
after these methods to ensure that modified bit is visible.

Additionally, __must_hold() has been added for
__cap_delay_requeue(), __cap_delay_requeue_front(), and
__prep_cap() to help the sparse with lock checking and
it was commented that caller of __cap_delay_requeue_front()
and __prep_cap() must lock the ci->i_ceph_lock.

v.2
Alex Markuze suggested to rework all Ceph inode's flags.
Now, every declaration has CEPH_I_<*> and CEPH_I_<*>_BIT pair.

v.3
The logic of operating by ci->i_ceph_flags bits on using
test_bit(), clear_bit(), set_bit() and smp_mb__before_atomic(),
smp_mb__after_atomic() has been reworked in addr.c, inode.c,
locks.c, mds_client.c, snap.c, super.h, xattr.c additionally
to caps.c.

[1] https://scan5.scan.coverity.com/#/project-view/64304/10063?selectedIssue=1590633

Signed-off-by: Viacheslav Dubeyko <Slava.Dubeyko@ibm.com>
cc: Alex Markuze <amarkuze@redhat.com>
cc: Ilya Dryomov <idryomov@gmail.com>
cc: Ceph Development <ceph-devel@vger.kernel.org>
fs/ceph/addr.c diff | blob | history
fs/ceph/caps.c diff | blob | history
fs/ceph/inode.c diff | blob | history
fs/ceph/locks.c diff | blob | history
fs/ceph/mds_client.c diff | blob | history
fs/ceph/snap.c diff | blob | history
fs/ceph/super.h diff | blob | history
fs/ceph/xattr.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.