public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-08-05 16:54:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/fs/btrfs
History
Filipe Manana 232796df8c btrfs: fix deadlock between quota enable and other quota operations 
When enabling quotas, we attempt to commit a transaction while holding the
mutex fs_info->qgroup_ioctl_lock. This can result on a deadlock with other
quota operations such as:

- qgroup creation and deletion, ioctl BTRFS_IOC_QGROUP_CREATE;

- adding and removing qgroup relations, ioctl BTRFS_IOC_QGROUP_ASSIGN.

This is because these operations join a transaction and after that they
attempt to lock the mutex fs_info->qgroup_ioctl_lock. Acquiring that mutex
after joining or starting a transaction is a pattern followed everywhere
in qgroups, so the quota enablement operation is the one at fault here,
and should not commit a transaction while holding that mutex.

Fix this by making the transaction commit while not holding the mutex.
We are safe from two concurrent tasks trying to enable quotas because
we are serialized by the rw semaphore fs_info->subvol_sem at
btrfs_ioctl_quota_ctl(), which is the only call site for enabling
quotas.

When this deadlock happens, it produces a trace like the following:

  INFO: task syz-executor:25604 blocked for more than 143 seconds.
  Not tainted 5.15.0-rc6 #4
  "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
  task:syz-executor state:D stack:24800 pid:25604 ppid: 24873 flags:0x00004004
  Call Trace:
  context_switch kernel/sched/core.c:4940 [inline]
  __schedule+0xcd9/0x2530 kernel/sched/core.c:6287
  schedule+0xd3/0x270 kernel/sched/core.c:6366
  btrfs_commit_transaction+0x994/0x2e90 fs/btrfs/transaction.c:2201
  btrfs_quota_enable+0x95c/0x1790 fs/btrfs/qgroup.c:1120
  btrfs_ioctl_quota_ctl fs/btrfs/ioctl.c:4229 [inline]
  btrfs_ioctl+0x637e/0x7b70 fs/btrfs/ioctl.c:5010
  vfs_ioctl fs/ioctl.c:51 [inline]
  __do_sys_ioctl fs/ioctl.c:874 [inline]
  __se_sys_ioctl fs/ioctl.c:860 [inline]
  __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:860
  do_syscall_x64 arch/x86/entry/common.c:50 [inline]
  do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
  entry_SYSCALL_64_after_hwframe+0x44/0xae
  RIP: 0033:0x7f86920b2c4d
  RSP: 002b:00007f868f61ac58 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
  RAX: ffffffffffffffda RBX: 00007f86921d90a0 RCX: 00007f86920b2c4d
  RDX: 0000000020005e40 RSI: 00000000c0109428 RDI: 0000000000000008
  RBP: 00007f869212bd80 R08: 0000000000000000 R09: 0000000000000000
  R10: 0000000000000000 R11: 0000000000000246 R12: 00007f86921d90a0
  R13: 00007fff6d233e4f R14: 00007fff6d233ff0 R15: 00007f868f61adc0
  INFO: task syz-executor:25628 blocked for more than 143 seconds.
  Not tainted 5.15.0-rc6 #4
  "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
  task:syz-executor state:D stack:29080 pid:25628 ppid: 24873 flags:0x00004004
  Call Trace:
  context_switch kernel/sched/core.c:4940 [inline]
  __schedule+0xcd9/0x2530 kernel/sched/core.c:6287
  schedule+0xd3/0x270 kernel/sched/core.c:6366
  schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425
  __mutex_lock_common kernel/locking/mutex.c:669 [inline]
  __mutex_lock+0xc96/0x1680 kernel/locking/mutex.c:729
  btrfs_remove_qgroup+0xb7/0x7d0 fs/btrfs/qgroup.c:1548
  btrfs_ioctl_qgroup_create fs/btrfs/ioctl.c:4333 [inline]
  btrfs_ioctl+0x683c/0x7b70 fs/btrfs/ioctl.c:5014
  vfs_ioctl fs/ioctl.c:51 [inline]
  __do_sys_ioctl fs/ioctl.c:874 [inline]
  __se_sys_ioctl fs/ioctl.c:860 [inline]
  __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:860
  do_syscall_x64 arch/x86/entry/common.c:50 [inline]
  do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
  entry_SYSCALL_64_after_hwframe+0x44/0xae

Reported-by: Hao Sun <sunhao.th@gmail.com>
Link: https://lore.kernel.org/linux-btrfs/CACkBjsZQF19bQ1C6=yetF3BvL10OSORpFUcWXTP6HErshDB4dQ@mail.gmail.com/
Fixes: 340f1aa27f ("btrfs: qgroups: Move transaction management inside btrfs_quota_enable/disable")
CC: stable@vger.kernel.org # 4.19
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2022-01-03 15:09:41 +01:00
..
tests btrfs: subpage: avoid potential deadlock with compression and delalloc 2021-10-26 19:08:05 +02:00
acl.c overlayfs update for 5.15 2021-09-02 09:21:27 -07:00
async-thread.c btrfs: fix memory ordering between normal and ordered work functions 2021-11-16 16:50:23 +01:00
async-thread.h
backref.c btrfs: remove ignore_offset argument from btrfs_find_all_roots() 2021-08-23 13:19:01 +02:00
backref.h btrfs: remove ignore_offset argument from btrfs_find_all_roots() 2021-08-23 13:19:01 +02:00
block-group.c btrfs: update comments for chunk allocation -ENOSPC cases 2021-10-26 19:08:07 +02:00
block-group.h btrfs: fix deadlock between chunk allocation and chunk btree modifications 2021-10-26 19:08:07 +02:00
block-rsv.c
block-rsv.h
btrfs_inode.h btrfs: rename btrfs_dio_private::logical_offset to file_offset 2021-10-26 19:08:06 +02:00
check-integrity.c btrfs: check-integrity: stop storing the block device name in btrfsic_dev_state 2021-10-26 19:08:07 +02:00
check-integrity.h
compression.c for-5.16-tag 2021-11-01 12:48:25 -07:00
compression.h btrfs: determine stripe boundary at bio allocation time in btrfs_submit_compressed_write 2021-10-26 19:08:04 +02:00
ctree.c for-5.16-rc5-tag 2021-12-17 13:50:58 -08:00
ctree.h btrfs: fix invalid delayed ref after subvolume creation failure 2021-12-15 17:07:33 +01:00
delalloc-space.c btrfs: free exchange changeset on failures 2021-12-08 15:42:32 +01:00
delalloc-space.h
delayed-inode.c btrfs: loop only once over data sizes array when inserting an item batch 2021-10-26 19:08:03 +02:00
delayed-inode.h
delayed-ref.c btrfs: pull up qgroup checks from delayed-ref core to init time 2021-10-26 19:08:06 +02:00
delayed-ref.h btrfs: make btrfs_ref::real_root optional 2021-10-26 19:08:06 +02:00
dev-replace.c for-5.16-tag 2021-11-01 12:48:25 -07:00
dev-replace.h
dir-item.c btrfs: unify lookup return value when dir entry is missing 2021-10-07 22:06:32 +02:00
discard.c btrfs: fix typos in comments 2021-06-22 14:11:57 +02:00
discard.h
disk-io.c for-5.16-rc5-tag 2021-12-17 13:50:58 -08:00
disk-io.h btrfs: make btrfs_super_block size match BTRFS_SUPER_INFO_SIZE 2021-10-26 19:08:07 +02:00
export.c
export.h
extent-io-tree.h
extent-tree.c btrfs: fix invalid delayed ref after subvolume creation failure 2021-12-15 17:07:33 +01:00
extent_io.c btrfs: check WRITE_ERR when trying to read an extent buffer 2021-12-15 17:07:31 +01:00
extent_io.h btrfs: cleanup for extent_write_locked_range() 2021-10-26 19:08:04 +02:00
extent_map.c btrfs: rename btrfs_bio to btrfs_io_context 2021-10-26 19:08:02 +02:00
extent_map.h
file-item.c btrfs: use bvec_kmap_local in btrfs_csum_one_bio 2021-10-26 19:08:06 +02:00
file.c btrfs: fix deadlock due to page faults during direct IO reads and writes 2021-11-09 13:46:07 +01:00
free-space-cache.c btrfs: subpage: add bitmap for PageChecked flag 2021-10-26 19:08:03 +02:00
free-space-cache.h
free-space-tree.c btrfs: fix invalid delayed ref after subvolume creation failure 2021-12-15 17:07:33 +01:00
free-space-tree.h
inode-item.c
inode.c btrfs: fix ENOSPC failure when attempting direct IO write into NOCOW range 2022-01-03 15:09:41 +01:00
ioctl.c for-5.16-rc5-tag 2021-12-17 13:50:58 -08:00
Kconfig btrfs: disable build on platforms having page size 256K 2021-06-22 14:11:57 +02:00
locking.c btrfs: fix typos in comments 2021-06-22 14:11:57 +02:00
locking.h btrfs: assert that extent buffers are write locked instead of only locked 2021-10-26 19:08:02 +02:00
lzo.c for-5.16-rc2-tag 2021-11-26 11:24:32 -08:00
Makefile btrfs: initial fsverity support 2021-08-23 13:19:09 +02:00
misc.h btrfs: use correct header for div_u64 in misc.h 2021-09-07 14:29:50 +02:00
ordered-data.c btrfs: zoned: fix double counting of split ordered extent 2021-09-07 14:30:41 +02:00
ordered-data.h btrfs: remove uptodate parameter from btrfs_dec_test_first_ordered_pending 2021-08-23 13:19:02 +02:00
orphan.c
print-tree.c
print-tree.h
props.c btrfs: props: change how empty value is interpreted 2021-06-22 14:11:58 +02:00
props.h
qgroup.c btrfs: fix deadlock between quota enable and other quota operations 2022-01-03 15:09:41 +01:00
qgroup.h btrfs: fix lock inversion problem when doing qgroup extent tracing 2021-07-22 15:50:07 +02:00
raid56.c btrfs: remove btrfs_raid_bio::fs_info member 2021-10-26 19:08:03 +02:00
raid56.h btrfs: remove btrfs_raid_bio::fs_info member 2021-10-26 19:08:03 +02:00
rcu-string.h
reada.c btrfs: rename btrfs_bio to btrfs_io_context 2021-10-26 19:08:02 +02:00
ref-verify.c btrfs: rename root fields in delayed refs structs 2021-10-26 19:08:06 +02:00
ref-verify.h
reflink.c btrfs: subpage: add bitmap for PageChecked flag 2021-10-26 19:08:03 +02:00
reflink.h
relocation.c btrfs: fix deadlock between chunk allocation and chunk btree modifications 2021-10-26 19:08:07 +02:00
root-tree.c for-5.16-rc4-tag 2021-12-10 17:28:02 -08:00
scrub.c btrfs: make 1-bit bit-fields of scrub_page unsigned int 2021-11-16 16:51:11 +01:00
send.c btrfs: send: prepare for v2 protocol 2021-10-29 12:38:43 +02:00
send.h btrfs: send: prepare for v2 protocol 2021-10-29 12:38:43 +02:00
space-info.c btrfs: do not infinite loop in data reclaim if we aborted 2021-10-26 19:08:05 +02:00
space-info.h btrfs: rip out btrfs_space_info::total_bytes_pinned 2021-06-22 14:55:25 +02:00
struct-funcs.c btrfs: add special case to setget helpers for 64k pages 2021-08-23 13:18:58 +02:00
subpage.c btrfs: handle page locking in btrfs_page_end_writer_lock with no writers 2021-10-26 19:08:05 +02:00
subpage.h btrfs: rework page locking in __extent_writepage() 2021-10-26 19:08:05 +02:00
super.c btrfs: add a BTRFS_FS_ERROR helper 2021-10-26 19:08:05 +02:00
sysfs.c btrfs: sysfs: convert scnprintf and snprintf to sysfs_emit 2021-10-26 19:08:07 +02:00
sysfs.h
transaction.c btrfs: add a BTRFS_FS_ERROR helper 2021-10-26 19:08:05 +02:00
transaction.h btrfs: rework chunk allocation to avoid exhaustion of the system chunk array 2021-07-07 17:42:41 +02:00
tree-checker.c btrfs: add ro compat flags to inodes 2021-08-23 13:19:09 +02:00
tree-checker.h
tree-defrag.c
tree-log.c btrfs: fix missing last dir item offset update when logging directory 2021-12-14 15:52:10 +01:00
tree-log.h btrfs: change error handling for btrfs_delete_*_in_log 2021-10-26 19:08:05 +02:00
tree-mod-log.c btrfs: fix race when picking most recent mod log operation for an old root 2021-04-20 19:27:17 +02:00
tree-mod-log.h btrfs: add and use helper to get lowest sequence number for the tree mod log 2021-04-19 17:25:17 +02:00
ulist.c
ulist.h
uuid-tree.c
verity.c btrfs: fix transaction handle leak after verity rollback failure 2021-09-17 19:29:41 +02:00
volumes.c for-5.16-rc5-tag 2021-12-17 13:50:58 -08:00
volumes.h btrfs: use btrfs_get_dev_args_from_path in dev removal ioctls 2021-10-26 19:08:07 +02:00
xattr.c btrfs: assert that extent buffers are write locked instead of only locked 2021-10-26 19:08:02 +02:00
xattr.h
zlib.c Revert "btrfs: compression: drop kmap/kunmap from zlib" 2021-10-29 13:03:05 +02:00
zoned.c btrfs: zoned: clear data relocation bg on zone finish 2021-12-08 15:42:32 +01:00
zoned.h btrfs: zoned: add a dedicated data relocation block group 2021-10-26 19:08:01 +02:00
zstd.c lib: zstd: Add kernel-specific API 2021-11-08 16:55:21 -08:00