Re: [PATCH] sysv: convert pointers_lock from rw_lock to rw_sem

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Al Viro <viro@zeniv.linux.org.uk>
To: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: syzbot <syzbot+69b40dc5fd40f32c199f@syzkaller.appspotmail.com>,
	syzkaller-bugs@googlegroups.com,
	Andrew Morton <akpm@linux-foundation.org>,
	hch@infradead.org, linux-fsdevel <linux-fsdevel@vger.kernel.org>,
	"Matthew Wilcox (Oracle)" <willy@infradead.org>,
	Chen Zhongjin <chenzhongjin@huawei.com>,
	Dave Chinner <dchinner@redhat.com>,
	Christian Brauner <brauner@kernel.org>,
	Christoph Hellwig <hch@lst.de>
Subject: Re: [PATCH] sysv: convert pointers_lock from rw_lock to rw_sem
Date: Mon, 27 Mar 2023 01:04:40 +0100	[thread overview]
Message-ID: <20230327000440.GF3390869@ZenIV> (raw)
In-Reply-To: <6fcbdc89-6aff-064b-a040-0966152856e0@I-love.SAKURA.ne.jp>

On Mon, Mar 27, 2023 at 07:24:25AM +0900, Tetsuo Handa wrote:
> syzbot is reporting that __getblk_gfp() cannot be called from atomic
> context. Fix this problem by converting pointers_lock from rw_lock to
> rw_sem.
> 
> Reported-by: syzbot <syzbot+69b40dc5fd40f32c199f@syzkaller.appspotmail.com>
> Link: https://syzkaller.appspot.com/bug?extid=69b40dc5fd40f32c199f
> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> Tested-by: syzbot <syzbot+69b40dc5fd40f32c199f@syzkaller.appspotmail.com>

Hmm...  The bug is real, all right (introduced back in 2002 during the
conversion away from BKL;
commit 3ba77f860fa7f359660e9d498a5b35940021cfba
Author: Christoph Hellwig <hch@sb.bsdonline.org>
Date:   Thu Apr 4 00:25:37 2002 +0200

    Replace BKL for chain locking with sysvfs-private rwlock.
is where it had happened).

However, I don't think this is the right fix.  Note that the problem is
with get_branch() done under the rwlock; all other places are safe.  But
in get_branch() we only need the lock (and only shared, at that) around
the verify+add pair.  See how it's done in fs/minix/itree_common.c...
Something like this:

diff --git a/fs/sysv/itree.c b/fs/sysv/itree.c
index b22764fe669c..cfa281fb6578 100644
--- a/fs/sysv/itree.c
+++ b/fs/sysv/itree.c
@@ -104,15 +104,18 @@ static Indirect *get_branch(struct inode *inode,
 		bh = sb_bread(sb, block);
 		if (!bh)
 			goto failure;
+		read_lock(&pointers_lock);
 		if (!verify_chain(chain, p))
 			goto changed;
 		add_chain(++p, bh, (sysv_zone_t*)bh->b_data + *++offsets);
+		read_unlock(&pointers_lock);
 		if (!p->key)
 			goto no_block;
 	}
 	return NULL;
 
 changed:
+	read_unlock(&pointers_lock);
 	brelse(bh);
 	*err = -EAGAIN;
 	goto no_block;
@@ -214,9 +217,7 @@ static int get_block(struct inode *inode, sector_t iblock, struct buffer_head *b
 		goto out;
 
 reread:
-	read_lock(&pointers_lock);
 	partial = get_branch(inode, depth, offsets, chain, &err);
-	read_unlock(&pointers_lock);
 
 	/* Simplest case - block found, no allocation needed */
 	if (!partial) {
@@ -287,10 +288,11 @@ static Indirect *find_shared(struct inode *inode,
 	for (k = depth; k > 1 && !offsets[k-1]; k--)
 		;
 
-	write_lock(&pointers_lock);
 	partial = get_branch(inode, k, offsets, chain, &err);
 	if (!partial)
 		partial = chain + k-1;
+
+	write_lock(&pointers_lock);
 	/*
 	 * If the branch acquired continuation since we've looked at it -
 	 * fine, it should all survive and (new) top doesn't belong to us.

next prev parent reply	other threads:[~2023-03-27  0:04 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-28 10:01 [syzbot] BUG: sleeping function called from invalid context in __getblk_gfp syzbot
2023-03-26 22:24 ` [PATCH] sysv: convert pointers_lock from rw_lock to rw_sem Tetsuo Handa
2023-03-27  0:04   ` Al Viro [this message]
2023-03-27 10:19     ` Tetsuo Handa
2023-03-27 13:02       ` Al Viro
2023-03-27 13:09         ` Tetsuo Handa
2023-04-10 12:04     ` [PATCH] sysv: don't call sb_bread() with pointers_lock held Tetsuo Handa
2023-04-10 14:56       ` [PATCH v2] " Tetsuo Handa
2024-01-30  9:36       ` [PATCH] " Christian Brauner
2024-01-30  1:15 ` [syzbot] [fs?] BUG: sleeping function called from invalid context in __getblk_gfp syzbot
2024-01-30 11:54   ` Jan Kara
2024-01-30 15:57     ` Christoph Hellwig
2024-01-31 10:56     ` Christian Brauner

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:b22764fe669 dfblob:cfa281fb657 )
 OR (
bs:"Re: [PATCH] sysv: convert pointers_lock from rw_lock to rw_sem" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230327000440.GF3390869@ZenIV \
    --to=viro@zeniv.linux.org.uk \
    --cc=akpm@linux-foundation.org \
    --cc=brauner@kernel.org \
    --cc=chenzhongjin@huawei.com \
    --cc=dchinner@redhat.com \
    --cc=hch@infradead.org \
    --cc=hch@lst.de \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=penguin-kernel@i-love.sakura.ne.jp \
    --cc=syzbot+69b40dc5fd40f32c199f@syzkaller.appspotmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=willy@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.