[v4] ceph: fix writeback_count leak in write_folio_nounlock()

[PATCH v4] ceph: fix writeback_count leak in write_folio_nounlock()

Posted by Wentao Liang 4 days ago

write_folio_nounlock() increments fsc->writeback_count to track
in-flight writeback operations. On several error paths where the
function returns early (folio lookup failure, snapshot context
allocation failure, and writepages submission failure), the function
returns without calling atomic_long_dec_return() to decrement the
counter.

Each leaked increment keeps the counter above zero, which can prevent
the filesystem from cleanly unmounting or suspending writes.

Add atomic_long_dec_return() calls on all error paths that currently
return without decrementing the counter.

Fixes: d55207717ded ("ceph: add encryption support to writepage and writepages")
Cc: stable@vger.kernel.org
Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>

---
Changes in v4:
- Also clear write_congested flag when decrementing writeback_count
  on error paths, as suggested by Viacheslav Dubeyko.
- Fix typo error.
- Fix diff error
---
 fs/ceph/addr.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c
index 0a86f672cc09..7fab73874068 100644
--- a/fs/ceph/addr.c
+++ b/fs/ceph/addr.c
@@ -790,6 +790,9 @@ static int write_folio_nounlock(struct folio *folio,
 				    ceph_wbc.truncate_size, true);
 	if (IS_ERR(req)) {
 		folio_redirty_for_writepage(wbc, folio);
+		if (atomic_long_dec_return(&fsc->writeback_count) <
+				CONGESTION_OFF_THRESH(fsc->mount_options->congestion_kb))
+			fsc->write_congested = false;
 		return PTR_ERR(req);
 	}
 
@@ -809,6 +812,9 @@ static int write_folio_nounlock(struct folio *folio,
 			folio_redirty_for_writepage(wbc, folio);
 			folio_end_writeback(folio);
 			ceph_osdc_put_request(req);
+			if (atomic_long_dec_return(&fsc->writeback_count) <
+					CONGESTION_OFF_THRESH(fsc->mount_options->congestion_kb))
+				fsc->write_congested = false;
 			return PTR_ERR(bounce_page);
 		}
 	}
@@ -847,6 +853,9 @@ static int write_folio_nounlock(struct folio *folio,
 			      ceph_vinop(inode), folio);
 			folio_redirty_for_writepage(wbc, folio);
 			folio_end_writeback(folio);
+			if (atomic_long_dec_return(&fsc->writeback_count) <
+					CONGESTION_OFF_THRESH(fsc->mount_options->congestion_kb))
+				fsc->write_congested = false;
 			return err;
 		}
 		if (err == -EBLOCKLISTED)
-- 
2.34.1

Re: [PATCH v4] ceph: fix writeback_count leak in write_folio_nounlock()

Posted by Viacheslav Dubeyko 3 days, 7 hours ago

On Thu, 2026-06-04 at 02:19 +0000, Wentao Liang wrote:
> write_folio_nounlock() increments fsc->writeback_count to track
> in-flight writeback operations. On several error paths where the
> function returns early (folio lookup failure, snapshot context
> allocation failure, and writepages submission failure), the function
> returns without calling atomic_long_dec_return() to decrement the
> counter.
> 
> Each leaked increment keeps the counter above zero, which can prevent
> the filesystem from cleanly unmounting or suspending writes.
> 
> Add atomic_long_dec_return() calls on all error paths that currently
> return without decrementing the counter.
> 
> Fixes: d55207717ded ("ceph: add encryption support to writepage and
> writepages")
> Cc: stable@vger.kernel.org
> Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>
> 
> ---
> Changes in v4:
> - Also clear write_congested flag when decrementing writeback_count
>   on error paths, as suggested by Viacheslav Dubeyko.
> - Fix typo error.
> - Fix diff error
> ---
>  fs/ceph/addr.c | 9 +++++++++
>  1 file changed, 9 insertions(+)
> 
> diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c
> index 0a86f672cc09..7fab73874068 100644
> --- a/fs/ceph/addr.c
> +++ b/fs/ceph/addr.c
> @@ -790,6 +790,9 @@ static int write_folio_nounlock(struct folio
> *folio,
>  				    ceph_wbc.truncate_size, true);
>  	if (IS_ERR(req)) {
>  		folio_redirty_for_writepage(wbc, folio);
> +		if (atomic_long_dec_return(&fsc->writeback_count) <
> +				CONGESTION_OFF_THRESH(fsc-
> >mount_options->congestion_kb))
> +			fsc->write_congested = false;
>  		return PTR_ERR(req);
>  	}
>  
> @@ -809,6 +812,9 @@ static int write_folio_nounlock(struct folio
> *folio,
>  			folio_redirty_for_writepage(wbc, folio);
>  			folio_end_writeback(folio);
>  			ceph_osdc_put_request(req);
> +			if (atomic_long_dec_return(&fsc-
> >writeback_count) <
> +					CONGESTION_OFF_THRESH(fsc-
> >mount_options->congestion_kb))
> +				fsc->write_congested = false;
>  			return PTR_ERR(bounce_page);
>  		}
>  	}
> @@ -847,6 +853,9 @@ static int write_folio_nounlock(struct folio
> *folio,
>  			      ceph_vinop(inode), folio);
>  			folio_redirty_for_writepage(wbc, folio);
>  			folio_end_writeback(folio);
> +			if (atomic_long_dec_return(&fsc-
> >writeback_count) <
> +					CONGESTION_OFF_THRESH(fsc-
> >mount_options->congestion_kb))
> +				fsc->write_congested = false;
>  			return err;
>  		}
>  		if (err == -EBLOCKLISTED)

Looks good.

Reviewed-by: Viacheslav Dubeyko <Slava.Dubeyko@ibm.com>

Thanks,
Slava.