Re: [PATCH] ext2: do not sleep in ext2_error()

["Theodore Ts'o" <tytso@mit.edu>]

On Fri, Sep 03, 2021 at 12:05:38PM +0300, Dan Carpenter wrote:
> No one expects error logging functions to sleep so sometimes they are
> called with spinlocks held.  In this case the problematic call tree is:
> 
> ext2_statfs() <- disables preempt
> -> ext2_count_free_inodes()
>    -> ext2_get_group_desc()
>       -> ext2_error()
> 
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> This is just from static analysis.  NOT TESTED!
> 
> Probably a safer fix would be to just call pr_err() instead of
> ext2_error() in ext2_get_group_desc().  I can send that fix instead if
> people want.

Looking at both of the ext2_error() calls in ext2_get_group_desc(),
those are really more in the way of assertions rather than warning of
an on-disk corruption issue.  The second "group descriptor not loaded"
should never happen, and the "block_group >= groups_count" should have
been caught via an invalid block number or check by the caller (or an
outright code bug in say ext2_statfs().

So I suspect both of those would be more usefule as a WARN() rather
than a call to ext2_error(), since stack trace would actually provide
more useful data to root causing the issue.  Jan, what do you think?

     	    	    	 	 - Ted

P.S.  The same analysis applies for ext4_get_group_desc(), BTW.  We
don't take a lock in ext4_statfs() so trying to take a lock while
sleeping is not an issue.

For both ext2 and ext4, the caller is not supposed to holding spin
locks when it calls ext[24]_error().  In cases where it is absolutely
not avoidable, special measures are required --- see for example
__ext4_grp_locked_error().