[SRU X][PATCH 5/6] cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag

Daniel Axtens daniel.axtens at canonical.com
Thu Aug 2 04:18:09 UTC 2018

From: Kiran Kumar Modukuri <kiran.modukuri at gmail.com>

BugLink: https://bugs.launchpad.net/bugs/1776254

In cachefiles_mark_object_active(), the new object is marked active and
then we try to add it to the active object tree.  If a conflicting object
is already present, we want to wait for that to go away.  After the wait,
we go round again and try to re-mark the object as being active - but it's
already marked active from the first time we went through and a BUG is

Fix this by clearing the CACHEFILES_OBJECT_ACTIVE flag before we try again.

Analysis from Kiran Kumar Modukuri:

Oops during heavy NFS + FSCache + Cachefiles

CacheFiles: Error: Overlong wait for old active object to go away.

BUG: unable to handle kernel NULL pointer dereference at 0000000000000002

CacheFiles: Error: Object already active kernel BUG at

In a heavily loaded system with big files being read and truncated, an
fscache object for a cookie is being dropped and a new object being
looked. The new object being looked for has to wait for the old object
to go away before the new object is moved to active state.

Clear the flag 'CACHEFILES_OBJECT_ACTIVE' for the new object when
retrying the object lookup.

Have run ~100 hours of NFS stress tests and have not seen this bug recur.

[Regression Potential]
 - Limited to fscache/cachefiles.

Fixes: 9ae326a69004 ("CacheFiles: A cache that backs onto a mounted filesystem")
Signed-off-by: Kiran Kumar Modukuri <kiran.modukuri at gmail.com>
Signed-off-by: David Howells <dhowells at redhat.com>
(backported from commit 5ce83d4bb7d8e11e8c1c687d09f4b5ae67ef3ce3)
Signed-off-by: Daniel Axtens <daniel.axtens at canonical.com>
 fs/cachefiles/namei.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c
index c4b893453e0e..2bb1bae8d3bc 100644
--- a/fs/cachefiles/namei.c
+++ b/fs/cachefiles/namei.c
@@ -190,6 +190,8 @@ try_again:
 	/* an old object from a previous incarnation is hogging the slot - we
 	 * need to wait for it to be destroyed */
+	clear_bit(CACHEFILES_OBJECT_ACTIVE, &object->flags);
 	if (fscache_object_is_live(&xobject->fscache)) {
 		pr_err("Error: Unexpected object collision\n");
@@ -251,7 +253,6 @@ wait_for_old_object:
 	goto try_again;
-	clear_bit(CACHEFILES_OBJECT_ACTIVE, &object->flags);
 	_leave(" = -ETIMEDOUT");
 	return -ETIMEDOUT;

More information about the kernel-team mailing list