mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-06 16:49:22 +00:00
Code Issues Releases Wiki Activity
linux-stable/fs
History
Chao Yu 3d07209b23 f2fs: fix to avoid deadlock in f2fs_read_inline_dir() 
[ Upstream commit aadcef64b2 ]

As Jiqun Li reported in bugzilla:

https://bugzilla.kernel.org/show_bug.cgi?id=202883

sometimes, dead lock when make system call SYS_getdents64 with fsync() is
called by another process.

monkey running on android9.0

1.  task 9785 held sbi->cp_rwsem and waiting lock_page()
2.  task 10349 held mm_sem and waiting sbi->cp_rwsem
3. task 9709 held lock_page() and waiting mm_sem

so this is a dead lock scenario.

task stack is show by crash tools as following

crash_arm64> bt ffffffc03c354080
PID: 9785   TASK: ffffffc03c354080  CPU: 1   COMMAND: "RxIoScheduler-3"
>> #7 [ffffffc01b50fac0] __lock_page at ffffff80081b11e8

crash-arm64> bt 10349
PID: 10349  TASK: ffffffc018b83080  CPU: 1   COMMAND: "BUGLY_ASYNC_UPL"
>> #3 [ffffffc01f8cfa40] rwsem_down_read_failed at ffffff8008a93afc
     PC: 00000033  LR: 00000000  SP: 00000000  PSTATE: ffffffffffffffff

crash-arm64> bt 9709
PID: 9709   TASK: ffffffc03e7f3080  CPU: 1   COMMAND: "IntentService[A"
>> #3 [ffffffc001e67850] rwsem_down_read_failed at ffffff8008a93afc
>> #8 [ffffffc001e67b80] el1_ia at ffffff8008084fc4
     PC: ffffff8008274114  [compat_filldir64+120]
     LR: ffffff80083584d4  [f2fs_fill_dentries+448]
     SP: ffffffc001e67b80  PSTATE: 80400145
    X29: ffffffc001e67b80  X28: 0000000000000000  X27: 000000000000001a
    X26: 00000000000093d7  X25: ffffffc070d52480  X24: 0000000000000008
    X23: 0000000000000028  X22: 00000000d43dfd60  X21: ffffffc001e67e90
    X20: 0000000000000011  X19: ffffff80093a4000  X18: 0000000000000000
    X17: 0000000000000000  X16: 0000000000000000  X15: 0000000000000000
    X14: ffffffffffffffff  X13: 0000000000000008  X12: 0101010101010101
    X11: 7f7f7f7f7f7f7f7f  X10: 6a6a6a6a6a6a6a6a   X9: 7f7f7f7f7f7f7f7f
     X8: 0000000080808000   X7: ffffff800827409c   X6: 0000000080808000
     X5: 0000000000000008   X4: 00000000000093d7   X3: 000000000000001a
     X2: 0000000000000011   X1: ffffffc070d52480   X0: 0000000000800238
>> #9 [ffffffc001e67be0] f2fs_fill_dentries at ffffff80083584d0
     PC: 0000003c  LR: 00000000  SP: 00000000  PSTATE: 000000d9
    X12: f48a02ff X11: d4678960 X10: d43dfc00  X9: d4678ae4
     X8: 00000058  X7: d4678994  X6: d43de800  X5: 000000d9
     X4: d43dfc0c  X3: d43dfc10  X2: d46799c8  X1: 00000000
     X0: 00001068

Below potential deadlock will happen between three threads:
Thread A		Thread B		Thread C
- f2fs_do_sync_file
 - f2fs_write_checkpoint
  - down_write(&sbi->node_change) -- 1)
			- do_page_fault
			 - down_write(&mm->mmap_sem) -- 2)
			  - do_wp_page
			   - f2fs_vm_page_mkwrite
						- getdents64
						 - f2fs_read_inline_dir
						  - lock_page -- 3)
  - f2fs_sync_node_pages
   - lock_page -- 3)
			    - __do_map_lock
			     - down_read(&sbi->node_change) -- 1)
						  - f2fs_fill_dentries
						   - dir_emit
						    - compat_filldir64
						     - do_page_fault
						      - down_read(&mm->mmap_sem) -- 2)

Since f2fs_readdir is protected by inode.i_rwsem, there should not be
any updates in inode page, we're safe to lookup dents in inode page
without its lock held, so taking off the lock to improve concurrency
of readdir and avoid potential deadlock.

Reported-by: Jiqun Li <jiqun.li@unisoc.com>
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2019-04-05 22:31:25 +02:00
..
9p 9p: use inode->i_lock to protect i_size_write() under 32-bit 2019-03-23 14:35:09 +01:00
adfs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
affs affs_lookup(): close a race with affs_remove_link() 2018-05-30 07:51:47 +02:00
afs afs: Fix directory permissions check 2018-07-08 15:30:51 +02:00
autofs4 autofs: fix error return in autofs_fill_super() 2019-03-13 14:03:19 -07:00
befs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
bfs bfs: add sanity check at bfs_fill_super() 2018-12-01 09:42:51 +01:00
btrfs btrfs: raid56: properly unmap parity page in finish_parity_scrub() 2019-04-03 06:25:15 +02:00
cachefiles fscache, cachefiles: remove redundant variable 'cache' 2018-12-17 09:28:53 +01:00
ceph ceph: avoid repeatedly adding inode to mdsc->snap_flush_list 2019-02-27 10:08:01 +01:00
cifs CIFS: fix POSIX lock leak and invalid ptr deref 2019-04-05 22:31:25 +02:00
coda coda: fix 'kernel memory exposure attempt' in fsync 2017-11-24 08:37:05 +01:00
configfs configfs: replace strncpy with memcpy 2018-11-21 09:24:15 +01:00
cramfs Cramfs: fix abad comparison when wrap-arounds occur 2018-11-13 11:15:12 -08:00
crypto fscrypt: use unbound workqueue for decryption 2018-08-03 07:50:32 +02:00
debugfs debugfs: fix debugfs_rename parameter checking 2019-02-15 08:09:12 +01:00
devpts fs/devpts: always delete dcache dentry-s in dput() 2019-03-23 14:35:21 +01:00
dlm dlm: Don't swamp the CPU with callbacks queued during recovery 2019-02-12 19:45:57 +01:00
ecryptfs eCryptfs: don't pass up plaintext names when using filename encryption 2018-06-21 04:02:42 +09:00
efivarfs VFS: Kill off s_options and helpers 2017-07-11 06:09:21 -04:00
efs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
exofs fs/exofs: fix potential memory leak in mount option parsing 2018-11-27 16:10:47 +01:00
exportfs exportfs: do not read dentry after free 2018-12-17 09:28:50 +01:00
ext2 ext2: Fix underflow in ext2_max_size() 2019-03-23 14:35:23 +01:00
ext4 ext4: cleanup bh release code in ext4_ind_remove_space() 2019-04-05 22:31:24 +02:00
f2fs f2fs: fix to avoid deadlock in f2fs_read_inline_dir() 2019-04-05 22:31:25 +02:00
fat fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters() 2018-11-04 14:52:47 +01:00
freevxfs
fscache fscache: fix race between enablement and dropping of object 2018-12-17 09:28:53 +01:00
fuse fuse: handle zero sized retrieve correctly 2019-02-12 19:46:11 +01:00
gfs2 gfs2: Fix missed wakeups in find_insert_glock 2019-03-13 14:03:23 -07:00
hfs hfs: do not free node before using 2018-12-17 09:28:54 +01:00
hfsplus hfsplus: do not free node before using 2018-12-17 09:28:54 +01:00
hostfs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
hpfs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
hugetlbfs hugetlbfs: fix races and page leaks during migration 2019-03-13 14:03:10 -07:00
isofs isofs: reject hardware sector size > 2048 bytes 2018-10-03 17:00:57 -07:00
jbd2 jbd2: fix compile warning when using JBUFFER_TRACE 2019-03-23 14:35:26 +01:00
jffs2 jffs2: Fix use of uninitialized delayed_work, lockdep breakage 2019-01-26 09:37:02 +01:00
jfs jfs: Fix inconsistency between memory allocation and ea_buf->max_size 2018-08-09 12:16:39 +02:00
kernfs fix cgroup_do_mount() handling of failure exits 2019-03-23 14:35:18 +01:00
lockd lockd: Show pid of lockd for remote locks 2019-01-13 10:01:06 +01:00
minix License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ncpfs staging: ncpfs: memory corruption in ncp_read_kernel() 2018-03-28 18:24:43 +02:00
nfs NFSv4.1 don't free interrupted slot on open 2019-04-03 06:25:16 +02:00
nfs_common lockd: fix "list_add double add" caused by legacy signal interface 2018-02-03 17:39:08 +01:00
nfsd nfsd: fix wrong check in write_v4_end_grace() 2019-03-23 14:35:28 +01:00
nilfs2 do d_instantiate/unlock_new_inode combinations safely 2018-05-30 07:51:47 +02:00
nls License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
notify fanotify: fix handling of events on child sub-directory 2019-02-06 17:31:37 +01:00
ntfs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ocfs2 ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock 2019-04-03 06:25:17 +02:00
omfs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
openpromfs
orangefs orangefs: report attributes_mask and attributes for statx 2018-06-26 08:06:33 +08:00
overlayfs ovl: check whiteout in ovl_create_over_whiteout() 2018-11-21 09:24:17 +01:00
proc fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links 2019-04-03 06:25:19 +02:00
pstore pstore/ram: Do not treat empty buffers as valid 2019-01-26 09:37:02 +01:00
qnx4 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
qnx6 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
quota quota: Lock s_umount in exclusive mode for Q_XQUOTA{ON,OFF} quotactls. 2019-01-26 09:37:05 +01:00
ramfs mm: make pagevec_lookup() update index 2017-09-06 17:27:26 -07:00
reiserfs reiserfs: propagate errors from fill_with_dentries() properly 2018-11-27 16:10:46 +01:00
romfs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
squashfs Squashfs: Compute expected length from inode size rather than block length 2018-09-05 09:26:32 +02:00
sysfs scsi: sysfs: Introduce sysfs_{un,}break_active_protection() 2018-09-05 09:26:41 +02:00
sysv sysv: return 'err' instead of 0 in __sysv_write_inode 2018-12-17 09:28:48 +01:00
tracefs VFS: Don't use save/replace_mount_options if not using generic_show_options 2017-07-06 03:31:46 -04:00
ubifs ubifs: Handle re-linking of inodes correctly while recovery 2018-12-29 13:39:11 +01:00
udf udf: Fix crash on IO error during truncate 2019-03-27 14:13:52 +09:00
ufs do d_instantiate/unlock_new_inode combinations safely 2018-05-30 07:51:47 +02:00
xfs xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE 2018-12-05 19:41:16 +01:00
aio.c aio: fix spectre gadget in lookup_ioctx 2018-12-21 14:13:04 +01:00
anon_inodes.c
attr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
bad_inode.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
binfmt_aout.c fs: fix kernel_read prototype 2017-09-04 19:05:15 -04:00
binfmt_elf.c binfmt_elf: Respect error return from `regset->active' 2018-09-26 08:38:09 +02:00
binfmt_elf_fdpic.c Merge branch 'work.set_fs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-09-14 18:13:32 -07:00
binfmt_em86.c
binfmt_flat.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
binfmt_misc.c fs/binfmt_misc.c: do not allow offset overflow 2018-06-26 08:06:33 +08:00
binfmt_script.c Revert "exec: load_script: don't blindly truncate shebang string" 2019-02-15 09:08:56 +01:00
block_dev.c blockdev: Fix livelocks on loop device 2019-01-23 08:09:50 +01:00
buffer.c fs: ratelimit __find_get_block_slow() failure message. 2019-03-13 14:03:22 -07:00
char_dev.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
compat.c
compat_binfmt_elf.c
compat_ioctl.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
coredump.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
dax.c fs/dax.c: release PMD lock even when there is no PMD support in DAX 2018-04-26 11:02:14 +02:00
dcache.c fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() 2019-02-06 17:31:34 +01:00
dcookies.c
direct-io.c direct-io: allow direct writes to empty inodes 2019-03-05 17:58:01 +01:00
drop_caches.c fs/drop_caches.c: avoid softlockups in drop_pagecache_sb() 2019-03-13 14:03:18 -07:00
eventfd.c There has been a fair amount of activity in the docs tree this time 2017-07-03 21:13:25 -07:00
eventpoll.c fs/epoll: drop ovflist branch prediction 2019-02-12 19:46:10 +01:00
exec.c exec: Fix mem leak in kernel_read_file 2019-03-13 14:03:11 -07:00
fcntl.c fcntl: don't cap l_start and l_end values for F_GETLK64 in compat syscall 2017-12-17 15:07:59 +01:00
fhandle.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
file.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
file_table.c fput: Don't reinvent the wheel but use existing llist API 2017-08-28 00:50:23 -04:00
filesystems.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fs-writeback.c writeback: synchronize sync(2) against cgroup writeback membership switches 2019-03-05 17:58:01 +01:00
fs_pin.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fs_struct.c
inode.c Fix up non-directory creation in SGID directories 2018-07-17 11:39:27 +02:00
internal.h Merge branch 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs 2017-09-13 09:11:44 -07:00
ioctl.c vfs: swap names of {do,vfs}_clone_file_range() 2018-11-10 07:48:33 -08:00
iomap.c iomap: complete partial direct I/O writes synchronously 2018-10-03 17:00:53 -07:00
Kconfig fs/Kconfig: kill CONFIG_PERCPU_RWSEM some more 2017-07-12 16:26:00 -07:00
Kconfig.binfmt
libfs.c fs: convert __generic_file_fsync to use errseq_t based reporting 2017-07-06 07:02:29 -04:00
locks.c fs/lock: skip lock owner pid translation in case we are in init_pid_ns 2018-10-03 17:00:53 -07:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mbcache.c mbcache: initialize entry->e_referenced in mb_cache_entry_create() 2018-02-22 15:42:25 +01:00
mount.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mpage.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
namei.c namei: allow restricted O_CREAT of FIFOs and regular files 2018-12-01 09:42:59 +01:00
namespace.c mount: Prevent MNT_DETACH from disconnecting locked mounts 2018-11-21 09:24:14 +01:00
no-block.c
nsfs.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
open.c fs/open.c: allow opening only regular files during execve() 2019-04-03 06:25:17 +02:00
pipe.c splice: don't merge into linked buffers 2019-03-23 14:35:21 +01:00
pnode.c
pnode.h
posix_acl.c
proc_namespace.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
read_write.c vfs: swap names of {do,vfs}_clone_file_range() 2018-11-10 07:48:33 -08:00
readdir.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
select.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
seq_file.c seq_file: fix incomplete reset on read from zero offset 2018-02-22 15:42:28 +01:00
signalfd.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
splice.c splice: don't merge into linked buffers 2019-03-23 14:35:21 +01:00
stack.c
stat.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
statfs.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
super.c fs: don't scan the inode cache before SB_BORN is set 2018-05-30 07:51:47 +02:00
sync.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
timerfd.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
userfaultfd.c userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered 2018-12-21 14:13:04 +01:00
utimes.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xattr.c sysfs: Do not return POSIX ACL xattrs via listxattr 2018-10-10 08:54:27 +02:00