Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp5578282img; Wed, 27 Mar 2019 11:03:14 -0700 (PDT) X-Google-Smtp-Source: APXvYqx4AHDLSVkwx07XrGRr4/LfX6qm9i9Ma7lc4I5udYktr9XZzQtNId62y7USnmDNjvErIt7u X-Received: by 2002:aa7:8390:: with SMTP id u16mr35890948pfm.63.1553709793976; Wed, 27 Mar 2019 11:03:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553709793; cv=none; d=google.com; s=arc-20160816; b=KZRgeY7EZBNYzt4ujs7nd0XHf9j6uPhbcpZ39LTBOOvacE2QjRiKgkK3uyUYaQjPAb 0gZ29V18aDhPZdw/+Tm7HuwRrd9bXc5G3lU9arWmjGCCPzsMMsXW1aNS2RKiH5prCdkN Vm2GAU6OAl4XDJFmZQTTMgirCT4mMFF3m6RBEU4j4X6PLRu/KnKbSoj4KhGlaI7pHYwB 0qMVayq6vnQOFsB2GR5qUxlCS+kbT+DGk+8rJM8Eht5hq3MuRb4d5U2Ezm9077p1SDRt yosABKfdeMQfl5BEmjPehsN4Dj9en33y5Pt1/l2CAQU+88M2SXHnWt5IqDuRoMrnV4AB Wv3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=7NEaPf/5lMH2fmxVfYr3+t1hJgTB+GLSitbKDU0S0fw=; b=nhaEaZ/HML4DSfjYLMr8Yrh8T/6UljAa6o3/vTJmRNnpo/GH3ngNfzP1fpzdb2zRsI f5dBAPgLDWV2Fdlaf5cLZc8ymnDbZz7wfwDm92SmhIBH62FA6mEc7jEXAmryHs/Z0mJr fpFV/Fh+XP7+xPa80OYLNGQIJ2fOBMwLUN4r9vza5uOccTvKDkvMPPbXRltGrsX23rOk i5/+5wzgpVvYZ3WnOa+w79q5LIL+D0cPEHGCWUE7a22/8Ez0DN4RU/oZuRXRI08T3i7K WPxACTrroHcMWMUjd7TSu4X3oNXc6Pp9eWXraC35YwopW6osYKharN2VbMrp4ZWxyeyH HqSg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="qu8NSu/v"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r12si18325077pgv.293.2019.03.27.11.02.58; Wed, 27 Mar 2019 11:03:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="qu8NSu/v"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729396AbfC0SCM (ORCPT + 99 others); Wed, 27 Mar 2019 14:02:12 -0400 Received: from mail.kernel.org ([198.145.29.99]:41854 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728994AbfC0SCG (ORCPT ); Wed, 27 Mar 2019 14:02:06 -0400 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id D1F3821734; Wed, 27 Mar 2019 18:02:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1553709725; bh=IA/9bk/gWuF42z3tDDdDEIII2n0KJA+vI1u8Marcwu4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qu8NSu/vCv7mJ2sAb/srXdpxFzoul39HBgxRHM3ULhaEaqyaWNc2v/4qR7H9m6IF+ B3IU0mj/svwTcinI0orMNujnvbMeAmKIV4/FRyYiAvt4UgfjKzJMpqJT8a0G/9ohIx fu0St0Kn1gcpXzZxSPIgj05RMTRORxDgjX+sq/Ho= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Chao Yu , Jaegeuk Kim , Sasha Levin , linux-f2fs-devel@lists.sourceforge.net Subject: [PATCH AUTOSEL 5.0 006/262] f2fs: fix to avoid deadlock in f2fs_read_inline_dir() Date: Wed, 27 Mar 2019 13:57:41 -0400 Message-Id: <20190327180158.10245-6-sashal@kernel.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20190327180158.10245-1-sashal@kernel.org> References: <20190327180158.10245-1-sashal@kernel.org> MIME-Version: 1.0 X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Chao Yu [ Upstream commit aadcef64b22f668c1a107b86d3521d9cac915c24 ] As Jiqun Li reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=202883 sometimes, dead lock when make system call SYS_getdents64 with fsync() is called by another process. monkey running on android9.0 1. task 9785 held sbi->cp_rwsem and waiting lock_page() 2. task 10349 held mm_sem and waiting sbi->cp_rwsem 3. task 9709 held lock_page() and waiting mm_sem so this is a dead lock scenario. task stack is show by crash tools as following crash_arm64> bt ffffffc03c354080 PID: 9785 TASK: ffffffc03c354080 CPU: 1 COMMAND: "RxIoScheduler-3" >> #7 [ffffffc01b50fac0] __lock_page at ffffff80081b11e8 crash-arm64> bt 10349 PID: 10349 TASK: ffffffc018b83080 CPU: 1 COMMAND: "BUGLY_ASYNC_UPL" >> #3 [ffffffc01f8cfa40] rwsem_down_read_failed at ffffff8008a93afc PC: 00000033 LR: 00000000 SP: 00000000 PSTATE: ffffffffffffffff crash-arm64> bt 9709 PID: 9709 TASK: ffffffc03e7f3080 CPU: 1 COMMAND: "IntentService[A" >> #3 [ffffffc001e67850] rwsem_down_read_failed at ffffff8008a93afc >> #8 [ffffffc001e67b80] el1_ia at ffffff8008084fc4 PC: ffffff8008274114 [compat_filldir64+120] LR: ffffff80083584d4 [f2fs_fill_dentries+448] SP: ffffffc001e67b80 PSTATE: 80400145 X29: ffffffc001e67b80 X28: 0000000000000000 X27: 000000000000001a X26: 00000000000093d7 X25: ffffffc070d52480 X24: 0000000000000008 X23: 0000000000000028 X22: 00000000d43dfd60 X21: ffffffc001e67e90 X20: 0000000000000011 X19: ffffff80093a4000 X18: 0000000000000000 X17: 0000000000000000 X16: 0000000000000000 X15: 0000000000000000 X14: ffffffffffffffff X13: 0000000000000008 X12: 0101010101010101 X11: 7f7f7f7f7f7f7f7f X10: 6a6a6a6a6a6a6a6a X9: 7f7f7f7f7f7f7f7f X8: 0000000080808000 X7: ffffff800827409c X6: 0000000080808000 X5: 0000000000000008 X4: 00000000000093d7 X3: 000000000000001a X2: 0000000000000011 X1: ffffffc070d52480 X0: 0000000000800238 >> #9 [ffffffc001e67be0] f2fs_fill_dentries at ffffff80083584d0 PC: 0000003c LR: 00000000 SP: 00000000 PSTATE: 000000d9 X12: f48a02ff X11: d4678960 X10: d43dfc00 X9: d4678ae4 X8: 00000058 X7: d4678994 X6: d43de800 X5: 000000d9 X4: d43dfc0c X3: d43dfc10 X2: d46799c8 X1: 00000000 X0: 00001068 Below potential deadlock will happen between three threads: Thread A Thread B Thread C - f2fs_do_sync_file - f2fs_write_checkpoint - down_write(&sbi->node_change) -- 1) - do_page_fault - down_write(&mm->mmap_sem) -- 2) - do_wp_page - f2fs_vm_page_mkwrite - getdents64 - f2fs_read_inline_dir - lock_page -- 3) - f2fs_sync_node_pages - lock_page -- 3) - __do_map_lock - down_read(&sbi->node_change) -- 1) - f2fs_fill_dentries - dir_emit - compat_filldir64 - do_page_fault - down_read(&mm->mmap_sem) -- 2) Since f2fs_readdir is protected by inode.i_rwsem, there should not be any updates in inode page, we're safe to lookup dents in inode page without its lock held, so taking off the lock to improve concurrency of readdir and avoid potential deadlock. Reported-by: Jiqun Li Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim Signed-off-by: Sasha Levin --- fs/f2fs/inline.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/fs/f2fs/inline.c b/fs/f2fs/inline.c index d636cbcf68f2..aacbb864ec1e 100644 --- a/fs/f2fs/inline.c +++ b/fs/f2fs/inline.c @@ -659,6 +659,12 @@ int f2fs_read_inline_dir(struct file *file, struct dir_context *ctx, if (IS_ERR(ipage)) return PTR_ERR(ipage); + /* + * f2fs_readdir was protected by inode.i_rwsem, it is safe to access + * ipage without page's lock held. + */ + unlock_page(ipage); + inline_dentry = inline_data_addr(inode, ipage); make_dentry_ptr_inline(inode, &d, inline_dentry); @@ -667,7 +673,7 @@ int f2fs_read_inline_dir(struct file *file, struct dir_context *ctx, if (!err) ctx->pos = d.max; - f2fs_put_page(ipage, 1); + f2fs_put_page(ipage, 0); return err < 0 ? err : 0; } -- 2.19.1