locks: protect most of the file_lock handling with i_lock
Having a global lock that protects all of this code is a clear scalability problem. Instead of doing that, move most of the code to be protected by the i_lock instead. The exceptions are the global lists that the ->fl_link sits on, and the ->fl_block list. ->fl_link is what connects these structures to the global lists, so we must ensure that we hold those locks when iterating over or updating these lists. Furthermore, sound deadlock detection requires that we hold the blocked_list state steady while checking for loops. We also must ensure that the search and update to the list are atomic. For the checking and insertion side of the blocked_list, push the acquisition of the global lock into __posix_lock_file and ensure that checking and update of the blocked_list is done without dropping the lock in between. On the removal side, when waking up blocked lock waiters, take the global lock before walking the blocked list and dequeue the waiters from the global list prior to removal from the fl_block list. With this, deadlock detection should be race free while we minimize excessive file_lock_lock thrashing. Finally, in order to avoid a lock inversion problem when handling /proc/locks output we must ensure that manipulations of the fl_block list are also protected by the file_lock_lock. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Jeff Layton
Al Viro
@@ -342,7 +342,7 @@ prototypes:
|
||||
|
||||
|
||||
locking rules:
|
||||
file_lock_lock may block
|
||||
inode->i_lock may block
|
||||
fl_copy_lock: yes no
|
||||
fl_release_private: maybe no
|
||||
|
||||
@@ -355,12 +355,19 @@ prototypes:
|
||||
int (*lm_change)(struct file_lock **, int);
|
||||
|
||||
locking rules:
|
||||
file_lock_lock may block
|
||||
lm_compare_owner: yes no
|
||||
lm_notify: yes no
|
||||
lm_grant: no no
|
||||
lm_break: yes no
|
||||
lm_change yes no
|
||||
|
||||
inode->i_lock file_lock_lock may block
|
||||
lm_compare_owner: yes[1] maybe no
|
||||
lm_notify: yes yes no
|
||||
lm_grant: no no no
|
||||
lm_break: yes no no
|
||||
lm_change yes no no
|
||||
|
||||
[1]: ->lm_compare_owner is generally called with *an* inode->i_lock held. It
|
||||
may not be the i_lock of the inode for either file_lock being compared! This is
|
||||
the case with deadlock detection, since the code has to chase down the owners
|
||||
of locks that may be entirely unrelated to the one on which the lock is being
|
||||
acquired. When doing a search for deadlocks, the file_lock_lock is also held.
|
||||
|
||||
--------------------------- buffer_head -----------------------------------
|
||||
prototypes:
|
||||
|
||||
Reference in New Issue
Block a user