Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp4016285rwd; Sat, 10 Jun 2023 21:42:37 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4p5vBZQbjbrwoMRYb2q0j3/qOP5S0srimWd2rdWeLD0nP5d0l574WyrgQXkFEMAnm0kweg X-Received: by 2002:a17:902:e5c5:b0:1a6:b23c:3bf2 with SMTP id u5-20020a170902e5c500b001a6b23c3bf2mr4805592plf.10.1686458557289; Sat, 10 Jun 2023 21:42:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686458557; cv=none; d=google.com; s=arc-20160816; b=J1eUpHsz3+TjTbsr9SbgGozjmU/+JAcVhVmrTmlVw1kCb9HLZshXnYlpvoCfCx+oAL CfrFAzPewVrtBHsVt0cyFyW72FbvHVS6FbzXnEGsCzSFsDu9WqLab5QlBQMjs46+Xc/c Agy7Mp+Yu7ZKA4HpmvNNzag6cI7vrSBBEkBxJId3Nl6uIEqnRDSdVgiTWwsAawLZQacN Pon4wFkwydcw6XhB7JyoZ/7d4azrJ8vnqoLIvTaQVXIuX4xi1/4Ag7J2tC02OkyfNzXi Oissh2OXsfxNLep+9DF6BMIukTzJeakb+wGRCbB9rxw4djWKFbTmQDH/UkkolU91tQcz ChMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=W96TKHAZ6ESySZtEcS194nqdxBj1Tm+gm9r1oC+bMac=; b=LF4D4cCi5T07Uap8sCuwhLvlTtUzUxsrrZk4kTcG5CeorEIwFvqFMlvGI8h421Fujn w+9c1OErZ2IfoOO+bV8j2IOHbzyl7hA4NATKYh85aqokAqMYykwNA32uFPS8km41hf2H CuQ+WJYjjytSdo71RjufoKyv1uNZIyEF3R/0/wy+zskG+y9XFBV+Eg0IGmQgvUlbH5vA wY6qR7EyfnmzkkOtxLiyLqmBLE3XdT6jxRBWs/Pi1qFlH4GltqZqk883nqvqiTTzZpkv ZJRkM5hSfjxaFWv0AFsjZxvzxrtDFb/5KvQ0AD4w/jyG5Cgwvlj7+p4lz5sYt4D1fIBI PwUQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@mit.edu header.s=outgoing header.b="HdnHDs/1"; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mit.edu Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z8-20020a170903018800b001b1be1317a1si5664391plg.219.2023.06.10.21.42.11; Sat, 10 Jun 2023 21:42:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=fail header.i=@mit.edu header.s=outgoing header.b="HdnHDs/1"; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mit.edu Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229677AbjFKDUo (ORCPT + 99 others); Sat, 10 Jun 2023 23:20:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38204 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229450AbjFKDUn (ORCPT ); Sat, 10 Jun 2023 23:20:43 -0400 Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 852CB10E for ; Sat, 10 Jun 2023 20:20:40 -0700 (PDT) Received: from cwcc.thunk.org (pool-173-48-82-39.bstnma.fios.verizon.net [173.48.82.39]) (authenticated bits=0) (User authenticated as tytso@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 35B3KXsA008999 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 10 Jun 2023 23:20:34 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing; t=1686453634; bh=W96TKHAZ6ESySZtEcS194nqdxBj1Tm+gm9r1oC+bMac=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=HdnHDs/1xhavufI/6paF+oJua2+oGGo5S+ezgp/TmaDPWKrXXkcegGeknzSGXnnkM RhaDhrD9jOQTFQCYm28uEUdgjnjyqPcMAsQF6LlmnZ/pUkeaD5SKUgse6gYjOOQLyp 1NJAlM9+DQ7SyM/MBxqgrNSbv99iclMuDH3nTb3EEmD6CFPhFGNACWMqr6Bdg3FRa5 JuY9JIbKSVwmtQnW/DJ1iLCAhQiiBmCRqzWvJHzT6Yancv1ayjBu9JjKy0AYSWT03G gVn9ByAJ3Y93amWqFtk9itR5OWaL21vn7s1KOiSNII2A5kxJZdCF4yJwWT7vPbc4M3 2D91DVRLrEnxA== Received: by cwcc.thunk.org (Postfix, from userid 15806) id 0607F15C00B0; Sat, 10 Jun 2023 23:20:33 -0400 (EDT) Date: Sat, 10 Jun 2023 23:20:32 -0400 From: "Theodore Ts'o" To: "Fabio M. De Francesco" Cc: adilger.kernel@dilger.ca, linux-ext4@vger.kernel.org, syzkaller-bugs@googlegroups.com, syzbot Subject: Re: [syzbot] [ext4?] BUG: sleeping function called from invalid context in ext4_update_super Message-ID: <20230611032032.GC1436857@mit.edu> References: <00000000000070575805fdc6cdb2@google.com> <7535327.EvYhyI6sBW@suse> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7535327.EvYhyI6sBW@suse> X-Spam-Status: No, score=-4.0 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org (Dropping linux-fsdevel and linux-kernel from the cc list.) On Sat, Jun 10, 2023 at 10:41:18PM +0200, Fabio M. De Francesco wrote: > Well, I'm a new to filesystems. However, I'd like to test a change in > ext4_handle_error(). > > Currently I see that errors are handled according to the next snippet of code > from the above-mentioned function (please note that we are in atomic context): > > if (continue_fs && journal) > schedule_work(&EXT4_SB(sb)->s_error_work); > else > ext4_commit_super(sb); > > If evaluates false, we directly call ext4_commit_super(), forgetting that, > AFAICS we are in atomic context. > > As I said I have only little experience with filesystems, so my question is: > despite the overhead, can we delete the check and do the following? > > [ Unconditionally call schedule_work(&EXT4_SB(sb)->s_error_work) ] That doesn't work, for the simple reason that it's possible that file system might be configured to immediately panic on an error. (See later in the ext4_handle_error() function after the check for test_opt(sb, ERRORS_PANIC). If that happens, the workqueue will never have a chance to run. In that case, we have to call ext4_commit_super(). The real answer here is that ext4_error() must never be called from an atomic context, and a recent commit 5354b2af3406 ("ext4: allow ext4_get_group_info() to fail") added a call to ext4_error() which is problematic since some callers of the ext4_get_group_info() function may be holding a spinlock. And so the best solution is to just simply to drop the call to ext4_error(), since it's not strictly necessary. If there is an antagonist process which is actively corrupting the superblock, some other code path will report the fact that the file system is corrupted soon enough. - Ted P.S. There is an exception to what I've described above, and that's special ext4_grp_locked_error() which is used in fs/ext4/mballoc.c. But that's a special case which requires very careful handling, In general, you simply must not be in atomic context when you want to report a problem.