2024-05-31 10:16:32

by Sungjong Seo

[permalink] [raw]
Subject: [PATCH] exfat: fix potential deadlock on __exfat_get_dentry_set

When accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array
is allocated in __exfat_get_entry_set. The problem is that the bh-array is
allocated with GFP_KERNEL. It does not make sense. In the following cases,
a deadlock for sbi->s_lock between the two processes may occur.

CPU0 CPU1
---- ----
kswapd
balance_pgdat
lock(fs_reclaim)
exfat_iterate
lock(&sbi->s_lock)
exfat_readdir
exfat_get_uniname_from_ext_entry
exfat_get_dentry_set
__exfat_get_dentry_set
kmalloc_array
...
lock(fs_reclaim)
...
evict
exfat_evict_inode
lock(&sbi->s_lock)

To fix this, let's allocate bh-array with GFP_NOFS.

Fixes: a3ff29a95fde ("exfat: support dynamic allocate bh for exfat_entry_set_cache")
Cc: [email protected] # v6.2+
Reported-by: [email protected]
Closes: https://lore.kernel.org/lkml/[email protected]
Signed-off-by: Sungjong Seo <[email protected]>
---
fs/exfat/dir.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/exfat/dir.c b/fs/exfat/dir.c
index 84572e11cc05..7446bf09a04a 100644
--- a/fs/exfat/dir.c
+++ b/fs/exfat/dir.c
@@ -813,7 +813,7 @@ static int __exfat_get_dentry_set(struct exfat_entry_set_cache *es,

num_bh = EXFAT_B_TO_BLK_ROUND_UP(off + num_entries * DENTRY_SIZE, sb);
if (num_bh > ARRAY_SIZE(es->__bh)) {
- es->bh = kmalloc_array(num_bh, sizeof(*es->bh), GFP_KERNEL);
+ es->bh = kmalloc_array(num_bh, sizeof(*es->bh), GFP_NOFS);
if (!es->bh) {
brelse(bh);
return -ENOMEM;
--
2.25.1



2024-06-03 11:50:51

by Namjae Jeon

[permalink] [raw]
Subject: Re: [PATCH] exfat: fix potential deadlock on __exfat_get_dentry_set

2024년 5월 31일 (금) 오후 7:16, Sungjong Seo <[email protected]>님이 작성:
>
> When accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array
> is allocated in __exfat_get_entry_set. The problem is that the bh-array is
> allocated with GFP_KERNEL. It does not make sense. In the following cases,
> a deadlock for sbi->s_lock between the two processes may occur.
>
> CPU0 CPU1
> ---- ----
> kswapd
> balance_pgdat
> lock(fs_reclaim)
> exfat_iterate
> lock(&sbi->s_lock)
> exfat_readdir
> exfat_get_uniname_from_ext_entry
> exfat_get_dentry_set
> __exfat_get_dentry_set
> kmalloc_array
> ...
> lock(fs_reclaim)
> ...
> evict
> exfat_evict_inode
> lock(&sbi->s_lock)
>
> To fix this, let's allocate bh-array with GFP_NOFS.
>
> Fixes: a3ff29a95fde ("exfat: support dynamic allocate bh for exfat_entry_set_cache")
> Cc: [email protected] # v6.2+
> Reported-by: [email protected]
> Closes: https://lore.kernel.org/lkml/[email protected]
> Signed-off-by: Sungjong Seo <[email protected]>
Applied it to #dev.
Thanks for your patch!