From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Kyeong Yoo <kyeong.yoo@alliedtelesis.co.nz>,
Richard Weinberger <richard@nod.at>,
Sasha Levin <sashal@kernel.org>,
dwmw2@infradead.org, joel@jms.id.au,
linux-mtd@lists.infradead.org
Subject: [PATCH AUTOSEL 4.14 42/56] jffs2: GC deadlock reading a page that is used in jffs2_write_begin()
Date: Mon, 17 Jan 2022 21:48:54 -0500 [thread overview]
Message-ID: <20220118024908.1953673-42-sashal@kernel.org> (raw)
In-Reply-To: <20220118024908.1953673-1-sashal@kernel.org>
From: Kyeong Yoo <kyeong.yoo@alliedtelesis.co.nz>
[ Upstream commit aa39cc675799bc92da153af9a13d6f969c348e82 ]
GC task can deadlock in read_cache_page() because it may attempt
to release a page that is actually allocated by another task in
jffs2_write_begin().
The reason is that in jffs2_write_begin() there is a small window
a cache page is allocated for use but not set Uptodate yet.
This ends up with a deadlock between two tasks:
1) A task (e.g. file copy)
- jffs2_write_begin() locks a cache page
- jffs2_write_end() tries to lock "alloc_sem" from
jffs2_reserve_space() <-- STUCK
2) GC task (jffs2_gcd_mtd3)
- jffs2_garbage_collect_pass() locks "alloc_sem"
- try to lock the same cache page in read_cache_page() <-- STUCK
So to avoid this deadlock, hold "alloc_sem" in jffs2_write_begin()
while reading data in a cache page.
Signed-off-by: Kyeong Yoo <kyeong.yoo@alliedtelesis.co.nz>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/jffs2/file.c | 40 +++++++++++++++++++++++++---------------
1 file changed, 25 insertions(+), 15 deletions(-)
diff --git a/fs/jffs2/file.c b/fs/jffs2/file.c
index bd0428bebe9b7..221eb2bd205e4 100644
--- a/fs/jffs2/file.c
+++ b/fs/jffs2/file.c
@@ -135,20 +135,15 @@ static int jffs2_write_begin(struct file *filp, struct address_space *mapping,
struct page *pg;
struct inode *inode = mapping->host;
struct jffs2_inode_info *f = JFFS2_INODE_INFO(inode);
+ struct jffs2_sb_info *c = JFFS2_SB_INFO(inode->i_sb);
pgoff_t index = pos >> PAGE_SHIFT;
uint32_t pageofs = index << PAGE_SHIFT;
int ret = 0;
- pg = grab_cache_page_write_begin(mapping, index, flags);
- if (!pg)
- return -ENOMEM;
- *pagep = pg;
-
jffs2_dbg(1, "%s()\n", __func__);
if (pageofs > inode->i_size) {
/* Make new hole frag from old EOF to new page */
- struct jffs2_sb_info *c = JFFS2_SB_INFO(inode->i_sb);
struct jffs2_raw_inode ri;
struct jffs2_full_dnode *fn;
uint32_t alloc_len;
@@ -159,7 +154,7 @@ static int jffs2_write_begin(struct file *filp, struct address_space *mapping,
ret = jffs2_reserve_space(c, sizeof(ri), &alloc_len,
ALLOC_NORMAL, JFFS2_SUMMARY_INODE_SIZE);
if (ret)
- goto out_page;
+ goto out_err;
mutex_lock(&f->sem);
memset(&ri, 0, sizeof(ri));
@@ -189,7 +184,7 @@ static int jffs2_write_begin(struct file *filp, struct address_space *mapping,
ret = PTR_ERR(fn);
jffs2_complete_reservation(c);
mutex_unlock(&f->sem);
- goto out_page;
+ goto out_err;
}
ret = jffs2_add_full_dnode_to_inode(c, f, fn);
if (f->metadata) {
@@ -204,13 +199,26 @@ static int jffs2_write_begin(struct file *filp, struct address_space *mapping,
jffs2_free_full_dnode(fn);
jffs2_complete_reservation(c);
mutex_unlock(&f->sem);
- goto out_page;
+ goto out_err;
}
jffs2_complete_reservation(c);
inode->i_size = pageofs;
mutex_unlock(&f->sem);
}
+ /*
+ * While getting a page and reading data in, lock c->alloc_sem until
+ * the page is Uptodate. Otherwise GC task may attempt to read the same
+ * page in read_cache_page(), which causes a deadlock.
+ */
+ mutex_lock(&c->alloc_sem);
+ pg = grab_cache_page_write_begin(mapping, index, flags);
+ if (!pg) {
+ ret = -ENOMEM;
+ goto release_sem;
+ }
+ *pagep = pg;
+
/*
* Read in the page if it wasn't already present. Cannot optimize away
* the whole page write case until jffs2_write_end can handle the
@@ -220,15 +228,17 @@ static int jffs2_write_begin(struct file *filp, struct address_space *mapping,
mutex_lock(&f->sem);
ret = jffs2_do_readpage_nolock(inode, pg);
mutex_unlock(&f->sem);
- if (ret)
- goto out_page;
+ if (ret) {
+ unlock_page(pg);
+ put_page(pg);
+ goto release_sem;
+ }
}
jffs2_dbg(1, "end write_begin(). pg->flags %lx\n", pg->flags);
- return ret;
-out_page:
- unlock_page(pg);
- put_page(pg);
+release_sem:
+ mutex_unlock(&c->alloc_sem);
+out_err:
return ret;
}
--
2.34.1
next prev parent reply other threads:[~2022-01-18 3:03 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-18 2:48 [PATCH AUTOSEL 4.14 01/56] Bluetooth: Fix debugfs entry leak in hci_register_dev() Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 02/56] fs: dlm: filter user dlm messages for kernel locks Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 03/56] ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 04/56] drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 05/56] usb: gadget: f_fs: Use stream_open() for endpoint files Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 06/56] amd: a2065/ariadne: use eth_hw_addr_set() Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 07/56] amd: hplance: " Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 08/56] amd: atarilance: " Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 09/56] amd: mvme147: " Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 10/56] 8390: hydra: " Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 11/56] 8390: mac8390: " Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 12/56] cirrus: mac89x0: " Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 13/56] HID: apple: Do not reset quirks when the Fn key is not found Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 14/56] media: b2c2: Add missing check in flexcop_pci_isr: Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 15/56] 82596: use eth_hw_addr_set() Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 16/56] ARM: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 17/56] mlxsw: pci: Add shutdown method in PCI driver Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 18/56] drm/bridge: megachips: Ensure both bridges are probed before registration Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 19/56] gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 20/56] HSI: core: Fix return freed object in hsi_new_client Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 21/56] mwifiex: Fix skb_over_panic in mwifiex_usb_recv() Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 22/56] usb: uhci: add aspeed ast2600 uhci support Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 23/56] floppy: Add max size check for user space request Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 24/56] media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 25/56] media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 26/56] media: m920x: don't use stack on USB reads Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 27/56] iwlwifi: mvm: synchronize with FW after multicast commands Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 28/56] ath10k: Fix tx hanging Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 29/56] net-sysfs: update the queue counts in the unregistration path Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 30/56] net: Enable neighbor sysctls that is save for userns root Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 31/56] net: bonding: debug: avoid printing debug logs when bond is not notifying peers Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 32/56] bpf: Do not WARN in bpf_warn_invalid_xdp_action() Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 33/56] media: igorplugusb: receiver overflow should be reported Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 34/56] media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 35/56] mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 36/56] arm64: tegra: Adjust length of CCPLEX cluster MMIO region Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 37/56] usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 38/56] ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 39/56] iwlwifi: fix leaks/bad data after failed firmware load Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 40/56] iwlwifi: remove module loading failure message Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 41/56] um: registers: Rename function names to avoid conflicts and build problems Sasha Levin
2022-01-18 2:48 ` Sasha Levin [this message]
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 43/56] ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 44/56] ACPICA: Utilities: Avoid deleting the same object twice in a row Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 45/56] ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 46/56] ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 47/56] btrfs: remove BUG_ON() in find_parent_nodes() Sasha Levin
2022-01-18 2:49 ` [PATCH AUTOSEL 4.14 48/56] btrfs: remove BUG_ON(!eie) in find_parent_nodes Sasha Levin
2022-01-18 2:49 ` [PATCH AUTOSEL 4.14 49/56] net: mdio: Demote probed message to debug print Sasha Levin
2022-01-18 2:49 ` [PATCH AUTOSEL 4.14 50/56] mac80211: allow non-standard VHT MCS-10/11 Sasha Levin
2022-01-18 2:49 ` [PATCH AUTOSEL 4.14 51/56] dm btree: add a defensive bounds check to insert_at() Sasha Levin
2022-01-18 2:49 ` [PATCH AUTOSEL 4.14 52/56] dm space map common: add bounds check to sm_ll_lookup_bitmap() Sasha Levin
2022-01-18 2:49 ` [PATCH AUTOSEL 4.14 53/56] net: phy: marvell: configure RGMII delays for 88E1118 Sasha Levin
2022-01-18 2:49 ` [PATCH AUTOSEL 4.14 54/56] serial: pl010: Drop CR register reset on set_termios Sasha Levin
2022-01-18 2:49 ` [PATCH AUTOSEL 4.14 55/56] serial: core: Keep mctrl register state and cached copy in sync Sasha Levin
2022-01-18 2:49 ` [PATCH AUTOSEL 4.14 56/56] parisc: Avoid calling faulthandler_disabled() twice Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220118024908.1953673-42-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=dwmw2@infradead.org \
--cc=joel@jms.id.au \
--cc=kyeong.yoo@alliedtelesis.co.nz \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=richard@nod.at \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).