Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp3421802pxf; Mon, 29 Mar 2021 01:35:32 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxD5Jbihc94hMlkT52eINJ8Y1pZzuLfauVO5riqDd2MIkpsxZ4XeCHwV+vV0/ClVecpRnEY X-Received: by 2002:a17:906:7946:: with SMTP id l6mr26822623ejo.500.1617006932039; Mon, 29 Mar 2021 01:35:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617006932; cv=none; d=google.com; s=arc-20160816; b=TazhSMj+ImjMhm8XmIKkU7hcdkZGbcTMSELhgiU8v7YO+rQIaLAeYGF+Ci7ujNqkc/ jAlqSXgOUPU8ZKmZWCj0ikc8bWjKRRRxi51+388dUcTG6T7uY7y3WpfINtyNcvF9neTd q/5oLBzmBK3rU4ZnKy+oV5MYKMJYa2stFB52p0KdJRfNj+oviMgKjIF0V7Z8KQdBk1gY ADZ9IyTduTbKoesSPh3ceevrVnF+jnvhF5mVGwUk64zp7Q7lKAyaXRXZkPx1UemriaZQ 6N1VWtqt2LganyU5IhNHmY45CF40mWNR5wHr5sfRqpL5K9s786fbU0qhYWRS8tc5sxzk sH+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=KzMjUCEIJS+ziAmDluAlhKNh5tLrSG0QgnYSMct0uiI=; b=BxnBgf7MV5J9PdrcCBzQ1i0W/uonv1DMUM+HThfF6TMXfH4jhOA3wFbU0tKyFRc4Lb +twZ+cNuyDLcnq61Wv35MX1pA0ctSXzsCljOmzRNlq489lKTW1MB06+fKJ06fhGMZC6R vrRGj75CK1l398r0JnYyl289KAriNfuIa6aBb8guu4OlmHFPri0ar+tVM+2r2ED83ZuN bCv6JtPioFYdRcYMOS1+11t2OXw0ASqLoy+O4UqGfZitVQffpf3T5brcbrf7wRLiAB6u 3RXTqryDCw5BEIQqZyMe6Ml6THho1Hg53r1ejUBN8KyKJyKea78PzGnZVJ2+vhBUJxpF pEEg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ErNUyTCd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b9si11539807ejg.509.2021.03.29.01.35.09; Mon, 29 Mar 2021 01:35:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ErNUyTCd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233804AbhC2IeN (ORCPT + 99 others); Mon, 29 Mar 2021 04:34:13 -0400 Received: from mail.kernel.org ([198.145.29.99]:38266 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233519AbhC2IVP (ORCPT ); Mon, 29 Mar 2021 04:21:15 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id CEB7361477; Mon, 29 Mar 2021 08:21:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1617006068; bh=xcp01r0k1NudcaNa9owoxRHKJxWlZ7Kamx080+mWuVY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ErNUyTCdcSu3RwKm2WZIClnrsoLfS8CHfSU440YT/tL8sPgcaFp6c7OQMuj1J9CZR q3tBzM5kWXyZqIu7rX7LKvKPVUaiRvWNPYNrjbMGNdWOEoVYdAgFZlmN6+acrBC1Bm hz3bPk3Jo+udYHPnBVjW+wk50t0LUm/tGrDTQgF8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Stuart Shelton , Qu Wenruo , Filipe Manana , David Sterba Subject: [PATCH 5.10 062/221] btrfs: fix sleep while in non-sleep context during qgroup removal Date: Mon, 29 Mar 2021 09:56:33 +0200 Message-Id: <20210329075631.258503309@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210329075629.172032742@linuxfoundation.org> References: <20210329075629.172032742@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Filipe Manana commit 0bb788300990d3eb5582d3301a720f846c78925c upstream. While removing a qgroup's sysfs entry we end up taking the kernfs_mutex, through kobject_del(), while holding the fs_info->qgroup_lock spinlock, producing the following trace: [821.843637] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:281 [821.843641] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 28214, name: podman [821.843644] CPU: 3 PID: 28214 Comm: podman Tainted: G W 5.11.6 #15 [821.843646] Hardware name: Dell Inc. PowerEdge R330/084XW4, BIOS 2.11.0 12/08/2020 [821.843647] Call Trace: [821.843650] dump_stack+0xa1/0xfb [821.843656] ___might_sleep+0x144/0x160 [821.843659] mutex_lock+0x17/0x40 [821.843662] kernfs_remove_by_name_ns+0x1f/0x80 [821.843666] sysfs_remove_group+0x7d/0xe0 [821.843668] sysfs_remove_groups+0x28/0x40 [821.843670] kobject_del+0x2a/0x80 [821.843672] btrfs_sysfs_del_one_qgroup+0x2b/0x40 [btrfs] [821.843685] __del_qgroup_rb+0x12/0x150 [btrfs] [821.843696] btrfs_remove_qgroup+0x288/0x2a0 [btrfs] [821.843707] btrfs_ioctl+0x3129/0x36a0 [btrfs] [821.843717] ? __mod_lruvec_page_state+0x5e/0xb0 [821.843719] ? page_add_new_anon_rmap+0xbc/0x150 [821.843723] ? kfree+0x1b4/0x300 [821.843725] ? mntput_no_expire+0x55/0x330 [821.843728] __x64_sys_ioctl+0x5a/0xa0 [821.843731] do_syscall_64+0x33/0x70 [821.843733] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [821.843736] RIP: 0033:0x4cd3fb [821.843741] RSP: 002b:000000c000906b20 EFLAGS: 00000206 ORIG_RAX: 0000000000000010 [821.843744] RAX: ffffffffffffffda RBX: 000000c000050000 RCX: 00000000004cd3fb [821.843745] RDX: 000000c000906b98 RSI: 000000004010942a RDI: 000000000000000f [821.843747] RBP: 000000c000907cd0 R08: 000000c000622901 R09: 0000000000000000 [821.843748] R10: 000000c000d992c0 R11: 0000000000000206 R12: 000000000000012d [821.843749] R13: 000000000000012c R14: 0000000000000200 R15: 0000000000000049 Fix this by removing the qgroup sysfs entry while not holding the spinlock, since the spinlock is only meant for protection of the qgroup rbtree. Reported-by: Stuart Shelton Link: https://lore.kernel.org/linux-btrfs/7A5485BB-0628-419D-A4D3-27B1AF47E25A@gmail.com/ Fixes: 49e5fb46211de0 ("btrfs: qgroup: export qgroups in sysfs") CC: stable@vger.kernel.org # 5.10+ Reviewed-by: Qu Wenruo Signed-off-by: Filipe Manana Reviewed-by: David Sterba Signed-off-by: David Sterba Signed-off-by: Greg Kroah-Hartman --- fs/btrfs/qgroup.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) --- a/fs/btrfs/qgroup.c +++ b/fs/btrfs/qgroup.c @@ -226,7 +226,6 @@ static void __del_qgroup_rb(struct btrfs { struct btrfs_qgroup_list *list; - btrfs_sysfs_del_one_qgroup(fs_info, qgroup); list_del(&qgroup->dirty); while (!list_empty(&qgroup->groups)) { list = list_first_entry(&qgroup->groups, @@ -243,7 +242,6 @@ static void __del_qgroup_rb(struct btrfs list_del(&list->next_member); kfree(list); } - kfree(qgroup); } /* must be called with qgroup_lock held */ @@ -569,6 +567,8 @@ void btrfs_free_qgroup_config(struct btr qgroup = rb_entry(n, struct btrfs_qgroup, node); rb_erase(n, &fs_info->qgroup_tree); __del_qgroup_rb(fs_info, qgroup); + btrfs_sysfs_del_one_qgroup(fs_info, qgroup); + kfree(qgroup); } /* * We call btrfs_free_qgroup_config() when unmounting @@ -1580,6 +1580,14 @@ int btrfs_remove_qgroup(struct btrfs_tra spin_lock(&fs_info->qgroup_lock); del_qgroup_rb(fs_info, qgroupid); spin_unlock(&fs_info->qgroup_lock); + + /* + * Remove the qgroup from sysfs now without holding the qgroup_lock + * spinlock, since the sysfs_remove_group() function needs to take + * the mutex kernfs_mutex through kernfs_remove_by_name_ns(). + */ + btrfs_sysfs_del_one_qgroup(fs_info, qgroup); + kfree(qgroup); out: mutex_unlock(&fs_info->qgroup_ioctl_lock); return ret;