1. Patchew
  2. linux
  3. View series

[PATCH v3] ceph: fix writeback_count leak in write_folio_nounlock()

Wentao Liang posted 1 patch 5 days, 4 hours ago
There is a newer version of this series
fs/ceph/addr.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
[PATCH v3] ceph: fix writeback_count leak in write_folio_nounlock()
Posted by Wentao Liang 5 days, 4 hours ago 
write_folio_nounlock() increments fsc->writeback_count to track
in-flight writeback operations. On several error paths where the
function returns early (folio lookup failure, snapshot context
allocation failure, and writepages submission failure), the function
returns without calling atomic_long_dec_return() to decrement the
counter.

Each leaked increment keeps the counter above zero, which can prevent
the filesystem from cleanly unmounting or suspending writes.

Add atomic_long_dec_return() calls on all error paths that currently
return without decrementing the counter.

Fixes: d55207717ded ("ceph: add encryption support to writepage and writepages")
Cc: stable@vger.kernel.org
Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>

---
Changes in v3:
- Also clear write_congested flag when decrementing writeback_count
  on error paths, as suggested by Viacheslav Dubeyko.
- Fix typo error.
---
 fs/ceph/addr.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c
index a606378649c3..7fab73874068 100644
--- a/fs/ceph/addr.c
+++ b/fs/ceph/addr.c
@@ -790,7 +790,9 @@ static int write_folio_nounlock(struct folio *folio,
 				    ceph_wbc.truncate_size, true);
 	if (IS_ERR(req)) {
 		folio_redirty_for_writepage(wbc, folio);
-		atomic_long_dec(&fsc->writeback_count);
+		if (atomic_long_dec_return(&fsc->writeback_count) <
+				CONGESTION_OFF_THRESH(fsc->mount_options->congestion_kb))
+			fsc->write_congested = false;
 		return PTR_ERR(req);
 	}
 
@@ -810,7 +812,9 @@ static int write_folio_nounlock(struct folio *folio,
 			folio_redirty_for_writepage(wbc, folio);
 			folio_end_writeback(folio);
 			ceph_osdc_put_request(req);
-			atomic_long_dec(&fsc->writeback_count);
+			if (atomic_long_dec_return(&fsc->writeback_count) <
+					CONGESTION_OFF_THRESH(fsc->mount_options->congestion_kb))
+				fsc->write_congested = false;
 			return PTR_ERR(bounce_page);
 		}
 	}
@@ -849,7 +853,9 @@ static int write_folio_nounlock(struct folio *folio,
 			      ceph_vinop(inode), folio);
 			folio_redirty_for_writepage(wbc, folio);
 			folio_end_writeback(folio);
-			atomic_long_dec_return(&fsc->writeback_count);
+			if (atomic_long_dec_return(&fsc->writeback_count) <
+					CONGESTION_OFF_THRESH(fsc->mount_options->congestion_kb))
+				fsc->write_congested = false;
 			return err;
 		}
 		if (err == -EBLOCKLISTED)
-- 
2.34.1
Re: [PATCH v3] ceph: fix writeback_count leak in write_folio_nounlock()
Posted by Viacheslav Dubeyko 4 days, 12 hours ago 
On Wed, 2026-06-03 at 01:25 +0000, Wentao Liang wrote:
> write_folio_nounlock() increments fsc->writeback_count to track
> in-flight writeback operations. On several error paths where the
> function returns early (folio lookup failure, snapshot context
> allocation failure, and writepages submission failure), the function
> returns without calling atomic_long_dec_return() to decrement the
> counter.
> 
> Each leaked increment keeps the counter above zero, which can prevent
> the filesystem from cleanly unmounting or suspending writes.
> 
> Add atomic_long_dec_return() calls on all error paths that currently
> return without decrementing the counter.
> 
> Fixes: d55207717ded ("ceph: add encryption support to writepage and
> writepages")
> Cc: stable@vger.kernel.org
> Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>
> 
> ---
> Changes in v3:
> - Also clear write_congested flag when decrementing writeback_count
>   on error paths, as suggested by Viacheslav Dubeyko.
> - Fix typo error.
> ---
>  fs/ceph/addr.c | 12 +++++++++---
>  1 file changed, 9 insertions(+), 3 deletions(-)
> 
> diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c
> index a606378649c3..7fab73874068 100644
> --- a/fs/ceph/addr.c
> +++ b/fs/ceph/addr.c
> @@ -790,7 +790,9 @@ static int write_folio_nounlock(struct folio
> *folio,
>  				    ceph_wbc.truncate_size, true);
>  	if (IS_ERR(req)) {
>  		folio_redirty_for_writepage(wbc, folio);
> -		atomic_long_dec(&fsc->writeback_count);

Patch is not correctly prepared. Because, current state of the code
hasn't atomic_long_dec().

Thanks,
Slava.

> +		if (atomic_long_dec_return(&fsc->writeback_count) <
> +				CONGESTION_OFF_THRESH(fsc-
> >mount_options->congestion_kb))
> +			fsc->write_congested = false;
>  		return PTR_ERR(req);
>  	}
>  
> @@ -810,7 +812,9 @@ static int write_folio_nounlock(struct folio
> *folio,
>  			folio_redirty_for_writepage(wbc, folio);
>  			folio_end_writeback(folio);
>  			ceph_osdc_put_request(req);
> -			atomic_long_dec(&fsc->writeback_count);
> +			if (atomic_long_dec_return(&fsc-
> >writeback_count) <
> +					CONGESTION_OFF_THRESH(fsc-
> >mount_options->congestion_kb))
> +				fsc->write_congested = false;
>  			return PTR_ERR(bounce_page);
>  		}
>  	}
> @@ -849,7 +853,9 @@ static int write_folio_nounlock(struct folio
> *folio,
>  			      ceph_vinop(inode), folio);
>  			folio_redirty_for_writepage(wbc, folio);
>  			folio_end_writeback(folio);
> -			atomic_long_dec_return(&fsc-
> >writeback_count);
> +			if (atomic_long_dec_return(&fsc-
> >writeback_count) <
> +					CONGESTION_OFF_THRESH(fsc-
> >mount_options->congestion_kb))
> +				fsc->write_congested = false;
>  			return err;
>  		}
>  		if (err == -EBLOCKLISTED)

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.