Received: by 10.223.185.116 with SMTP id b49csp1613601wrg;
        Wed, 21 Feb 2018 23:34:34 -0800 (PST)
X-Google-Smtp-Source: AH8x225AeMjLAUG2sovdarhk/2zwOYQR8ix7RfQfNDmURHBCZQTJuiK663uILYDk4F4aI498LjC/
X-Received: by 10.98.202.23 with SMTP id n23mr6032149pfg.52.1519284874886;
        Wed, 21 Feb 2018 23:34:34 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1519284874; cv=none;
        d=google.com; s=arc-20160816;
        b=HJ+o2eQr1UUyEPmDnr1LZMrGv5vaE+vXaNMJAe5NgbSl6tZ38SJQ7JcbHH3UEF41GQ
         wBUdabbF9T06rqxg7H5F0NLsQv+rhyJm9joZvUSeTwczYUa+6Qi3jHDHIbZrB+zDB+iS
         bIigctaXVUjU5X6vbRtCspSvf9lZShVbGkgmsbztQZxil9rxvgdIZLBcMtjPc1Iyqow3
         /uPnJKBm0TvIdlVt/ArMnoyxlNdXO6NYLLGrg4VOcdTQtp/WwNf6LAbmakEV4BpOg2nU
         AcsUNxxiMuhOoKUO4tKBvUSQ9ElhCsGMtoisiYFEMYuyQsVTfpuYKnOZli9huZVFE8x8
         Hw5g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:to:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:from:dkim-signature
         :arc-authentication-results;
        bh=aamaIUbOcvMOgoVYjml3hhMyNXSYnJ9LTNoqJ7ZaQiM=;
        b=alpFjH0lW10xk25884FA6aZe/cB60sUzDrIGhD5aMXOQFNTIhS02UJycDaVhw5TFGm
         9EQK09CSFkDDx7pfMuZ+WXyXmgRqwAKazsuuIH3ClVLeuAHH0klpRH5fMYhq+qsIWMtK
         gtP8QmZN1CN3RB03ZB1wDwI3bnlRmUU3V22WOV8k54Bdqmlu3MOMQR8WsvsYo0lNshB4
         1x01+3P2RQQF7hi4t6ry+xQ9dOO1he/TUttUGf4WDG+QEi55lQhuGxcZ+u2dMuzEmzwn
         jGB60H881TX2DJj/1R4zGnQajzwr6JyNZC4WR7KM8EPv+kzbRjBf1p+JqI7I7asvdNIe
         D0ug==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=f43a+GJl;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q13si1277986pgs.277.2018.02.21.23.34.19;
        Wed, 21 Feb 2018 23:34:34 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=f43a+GJl;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752559AbeBVHdk (ORCPT <rfc822;xuyizhaos@gmail.com> + 99 others);
        Thu, 22 Feb 2018 02:33:40 -0500
Received: from mail-pl0-f66.google.com ([209.85.160.66]:36917 "EHLO
        mail-pl0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751681AbeBVHdi (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 22 Feb 2018 02:33:38 -0500
Received: by mail-pl0-f66.google.com with SMTP id ay8so2453865plb.4
        for <linux-kernel@vger.kernel.org>; Wed, 21 Feb 2018 23:33:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=aamaIUbOcvMOgoVYjml3hhMyNXSYnJ9LTNoqJ7ZaQiM=;
        b=f43a+GJlkzKlE+vAVH9kVAA0pA3fe93LJ+j+hA00/TmoNF73xi/uM99ha2dbshl7ep
         x5S2in8OyJWkEXVRq/Hb5ojgBoiATnDOSVC3KP9GvefPftX7awxVRTqdZI24wundDR7H
         phZayOQ1P8aM33HrN+R+8rE+qR756PLm1BGLwMlnxb6E/YG6r85Y5KiPr/LRdYl7OvPh
         UzFE+Bz8ghwA6nlPtd1JsnWfJMwEdVd5a/U3crF3vqpQE+gA5v4xobfduj40O770dY8J
         SPy5tzgHIU99LifNOXaYQOkcII846mXrvfaN7dUGOA4bhBbsap8K+SSg9mK2Yo9+vw3e
         4Rgg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=aamaIUbOcvMOgoVYjml3hhMyNXSYnJ9LTNoqJ7ZaQiM=;
        b=hUHYP4e8vTkDUwblzNgEf2XJ1eEQtxf3AANjE4J3fyN+levaFIToiRIzOyEAR3kPcc
         WgO6tbs7AdPYPEPmYY/wx07Y90YaZzSDf2l66Byf0naDUI0QfRwDHWEHWwuN8tRjz4G/
         l/4mF6+MZ0c7aXO0yp2Q/Jn2jBOECCasjZLu4Aweb5PMAHg92hb0m1WBtf+9fkG2RIrI
         cAGDuF5LjuK4hx2CYlHdzUSwAwkWZPSAVaD6RT6a+N/1wj4K9QpfSieD51aqIK7FwsXX
         pzy2GoWLiPfnhniITSV7cu1bvEcLM2XW1lh0IPVLwn2jctrkXLAQEevy2e2Eut1d1MUK
         EvmQ==
X-Gm-Message-State: APf1xPAE8b3u6BRxHkrnx/1QyBxUbKf2+b6/TjBwhQT0vO82NlpWFgPu
        ROLYlqnG3DVXwigkaUlNPpY=
X-Received: by 2002:a17:902:68cb:: with SMTP id x11-v6mr5695244plm.198.1519284818065;
        Wed, 21 Feb 2018 23:33:38 -0800 (PST)
Received: from localhost.localdomain ([2400:a980:fd:501:f93c:6204:9bd2:6ce])
        by smtp.gmail.com with ESMTPSA id 191sm28116565pfv.10.2018.02.21.23.33.36
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 21 Feb 2018 23:33:37 -0800 (PST)
From:   carmark.dlut@gmail.com
Cc:     Lei Xue <carmark.dlut@gmail.com>,
        David Howells <dhowells@redhat.com>, linux-cachefs@redhat.com,
        linux-kernel@vger.kernel.org
Subject: [PATCH] fscache: fix a kernel BUG at fs/fscache/operation.c:69!
Date:   Thu, 22 Feb 2018 15:33:30 +0800
Message-Id: <20180222073330.36259-1-carmark.dlut@gmail.com>
X-Mailer: git-send-email 2.14.3 (Apple Git-98)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
To:     unlisted-recipients:; (no To-header on input)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Lei Xue <carmark.dlut@gmail.com>

There is a potential race in fscache operation enqueuing for reading and
copying multiple pages from cachefiles to netfs.
Under some heavy load system, it will happen very often.

If this race occurs, an oops similar to the following is seen:

 kernel BUG at fs/fscache/operation.c:69!
 invalid opcode: 0000 [#1] SMP
 …
 #0 [ffff883fff0838d8] machine_kexec at ffffffff81051beb
 #1 [ffff883fff083938] crash_kexec at ffffffff810f2542
 #2 [ffff883fff083a08] oops_end at ffffffff8163e1a8
 #3 [ffff883fff083a30] die at ffffffff8101859b
 #4 [ffff883fff083a60] do_trap at ffffffff8163d860
 #5 [ffff883fff083ab0] do_invalid_op at ffffffff81015204
 #6 [ffff883fff083b60] invalid_op at ffffffff8164701e
    [exception RIP: fscache_enqueue_operation+246]
    RIP: ffffffffa0b793c6  RSP: ffff883fff083c18  RFLAGS: 00010046
    RAX: 0000000000000019  RBX: ffff8832ed1a9ec0  RCX: 0000000000000006
    RDX: 0000000000000000  RSI: 0000000000000046  RDI: 0000000000000046
    RBP: ffff883fff083c20   R8: 0000000000000086   R9: 000000000000178f
    R10: ffffffff816aeb00  R11: ffff883fff08392e  R12: ffff8802f0525620
    R13: ffff88407ffc01d8  R14: 0000000000000000  R15: 0000000000000003
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0000
 #7 [ffff883fff083c10] fscache_enqueue_operation at ffffffffa0b793c6
 #8 [ffff883fff083c28] cachefiles_read_waiter at ffffffffa0b15a48
 #9 [ffff883fff083c48] __wake_up_common at ffffffff810af028

Signed-off-by: Lei Xue <carmark.dlut@gmail.com>
---
 fs/cachefiles/rdwr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/cachefiles/rdwr.c b/fs/cachefiles/rdwr.c
index 883bc7bb12c5..9d5d13e150fb 100644
--- a/fs/cachefiles/rdwr.c
+++ b/fs/cachefiles/rdwr.c
@@ -58,9 +58,9 @@ static int cachefiles_read_waiter(wait_queue_entry_t *wait, unsigned mode,
 
 	spin_lock(&object->work_lock);
 	list_add_tail(&monitor->op_link, &monitor->op->to_do);
+	fscache_enqueue_retrieval(monitor->op);
 	spin_unlock(&object->work_lock);
 
-	fscache_enqueue_retrieval(monitor->op);
 	return 0;
 }
 
-- 
2.14.3 (Apple Git-98)