Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp4016285rwd;
        Sat, 10 Jun 2023 21:42:37 -0700 (PDT)
X-Google-Smtp-Source: ACHHUZ4p5vBZQbjbrwoMRYb2q0j3/qOP5S0srimWd2rdWeLD0nP5d0l574WyrgQXkFEMAnm0kweg
X-Received: by 2002:a17:902:e5c5:b0:1a6:b23c:3bf2 with SMTP id u5-20020a170902e5c500b001a6b23c3bf2mr4805592plf.10.1686458557289;
        Sat, 10 Jun 2023 21:42:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1686458557; cv=none;
        d=google.com; s=arc-20160816;
        b=J1eUpHsz3+TjTbsr9SbgGozjmU/+JAcVhVmrTmlVw1kCb9HLZshXnYlpvoCfCx+oAL
         CfrFAzPewVrtBHsVt0cyFyW72FbvHVS6FbzXnEGsCzSFsDu9WqLab5QlBQMjs46+Xc/c
         Agy7Mp+Yu7ZKA4HpmvNNzag6cI7vrSBBEkBxJId3Nl6uIEqnRDSdVgiTWwsAawLZQacN
         Pon4wFkwydcw6XhB7JyoZ/7d4azrJ8vnqoLIvTaQVXIuX4xi1/4Ag7J2tC02OkyfNzXi
         Oissh2OXsfxNLep+9DF6BMIukTzJeakb+wGRCbB9rxw4djWKFbTmQDH/UkkolU91tQcz
         ChMQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=W96TKHAZ6ESySZtEcS194nqdxBj1Tm+gm9r1oC+bMac=;
        b=LF4D4cCi5T07Uap8sCuwhLvlTtUzUxsrrZk4kTcG5CeorEIwFvqFMlvGI8h421Fujn
         w+9c1OErZ2IfoOO+bV8j2IOHbzyl7hA4NATKYh85aqokAqMYykwNA32uFPS8km41hf2H
         CuQ+WJYjjytSdo71RjufoKyv1uNZIyEF3R/0/wy+zskG+y9XFBV+Eg0IGmQgvUlbH5vA
         wY6qR7EyfnmzkkOtxLiyLqmBLE3XdT6jxRBWs/Pi1qFlH4GltqZqk883nqvqiTTzZpkv
         ZJRkM5hSfjxaFWv0AFsjZxvzxrtDFb/5KvQ0AD4w/jyG5Cgwvlj7+p4lz5sYt4D1fIBI
         PwUQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@mit.edu header.s=outgoing header.b="HdnHDs/1";
       spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mit.edu
Return-Path: <linux-ext4-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id z8-20020a170903018800b001b1be1317a1si5664391plg.219.2023.06.10.21.42.11;
        Sat, 10 Jun 2023 21:42:37 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@mit.edu header.s=outgoing header.b="HdnHDs/1";
       spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mit.edu
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229677AbjFKDUo (ORCPT <rfc822;hamilton.enfield28@gmail.com>
        + 99 others); Sat, 10 Jun 2023 23:20:44 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38204 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229450AbjFKDUn (ORCPT
        <rfc822;linux-ext4@vger.kernel.org>); Sat, 10 Jun 2023 23:20:43 -0400
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 852CB10E
        for <linux-ext4@vger.kernel.org>; Sat, 10 Jun 2023 20:20:40 -0700 (PDT)
Received: from cwcc.thunk.org (pool-173-48-82-39.bstnma.fios.verizon.net [173.48.82.39])
        (authenticated bits=0)
        (User authenticated as tytso@ATHENA.MIT.EDU)
        by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 35B3KXsA008999
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
        Sat, 10 Jun 2023 23:20:34 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing;
        t=1686453634; bh=W96TKHAZ6ESySZtEcS194nqdxBj1Tm+gm9r1oC+bMac=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To;
        b=HdnHDs/1xhavufI/6paF+oJua2+oGGo5S+ezgp/TmaDPWKrXXkcegGeknzSGXnnkM
         RhaDhrD9jOQTFQCYm28uEUdgjnjyqPcMAsQF6LlmnZ/pUkeaD5SKUgse6gYjOOQLyp
         1NJAlM9+DQ7SyM/MBxqgrNSbv99iclMuDH3nTb3EEmD6CFPhFGNACWMqr6Bdg3FRa5
         JuY9JIbKSVwmtQnW/DJ1iLCAhQiiBmCRqzWvJHzT6Yancv1ayjBu9JjKy0AYSWT03G
         gVn9ByAJ3Y93amWqFtk9itR5OWaL21vn7s1KOiSNII2A5kxJZdCF4yJwWT7vPbc4M3
         2D91DVRLrEnxA==
Received: by cwcc.thunk.org (Postfix, from userid 15806)
        id 0607F15C00B0; Sat, 10 Jun 2023 23:20:33 -0400 (EDT)
Date:   Sat, 10 Jun 2023 23:20:32 -0400
From:   "Theodore Ts'o" <tytso@mit.edu>
To:     "Fabio M. De Francesco" <fmdefrancesco@gmail.com>
Cc:     adilger.kernel@dilger.ca, linux-ext4@vger.kernel.org,
        syzkaller-bugs@googlegroups.com,
        syzbot <syzbot+4acc7d910e617b360859@syzkaller.appspotmail.com>
Subject: Re: [syzbot] [ext4?] BUG: sleeping function called from invalid
 context in ext4_update_super
Message-ID: <20230611032032.GC1436857@mit.edu>
References: <00000000000070575805fdc6cdb2@google.com>
 <7535327.EvYhyI6sBW@suse>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <7535327.EvYhyI6sBW@suse>
X-Spam-Status: No, score=-4.0 required=5.0 tests=BAYES_00,DKIM_INVALID,
        DKIM_SIGNED,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,
        T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-ext4.vger.kernel.org>
X-Mailing-List: linux-ext4@vger.kernel.org

(Dropping linux-fsdevel and linux-kernel from the cc list.)

On Sat, Jun 10, 2023 at 10:41:18PM +0200, Fabio M. De Francesco wrote:
> Well, I'm a new to filesystems. However, I'd like to test a change in 
> ext4_handle_error().
> 
> Currently I see that errors are handled according to the next snippet of code 
> from the above-mentioned function (please note that we are in atomic context):
> 
> 	if (continue_fs && journal)
> 		schedule_work(&EXT4_SB(sb)->s_error_work);
> 	else
> 		ext4_commit_super(sb);
> 
> If evaluates false, we directly call ext4_commit_super(), forgetting that, 
> AFAICS we are in atomic context.
> 
> As I said I have only little experience with filesystems, so my question is: 
> despite the overhead, can we delete the check and do the following?
>
> [ Unconditionally call schedule_work(&EXT4_SB(sb)->s_error_work) ]

That doesn't work, for the simple reason that it's possible that file
system might be configured to immediately panic on an error.  (See
later in the ext4_handle_error() function after the check for
test_opt(sb, ERRORS_PANIC).  If that happens, the workqueue will never
have a chance to run.  In that case, we have to call
ext4_commit_super().

The real answer here is that ext4_error() must never be called from an
atomic context, and a recent commit 5354b2af3406 ("ext4: allow
ext4_get_group_info() to fail") added a call to ext4_error() which is
problematic since some callers of the ext4_get_group_info() function
may be holding a spinlock.  And so the best solution is to just simply
to drop the call to ext4_error(), since it's not strictly necessary.
If there is an antagonist process which is actively corrupting the
superblock, some other code path will report the fact that the file
system is corrupted soon enough.

						- Ted

P.S.  There is an exception to what I've described above, and that's
special ext4_grp_locked_error() which is used in fs/ext4/mballoc.c.
But that's a special case which requires very careful handling, In
general, you simply must not be in atomic context when you want to
report a problem.