[lvc-project] [PATCH v3] ext4: fix i_data_sem unlock order in ext4_ind_migrate()

Fedor Pchelkin pchelkin at ispras.ru
Mon Aug 26 14:38:37 MSK 2024 

On Thu, 27. Jun 00:31, Mikhail Ukhin wrote:
> Fuzzing reports a possible deadlock in jbd2_log_wait_commit.
> 
> This issue is triggered when an EXT4_IOC_MIGRATE ioctl is set to require
> synchronous updates because the file descriptor is opened with O_SYNC.
> This can lead to the jbd2_journal_stop() function calling
> jbd2_might_wait_for_commit(), potentially causing a deadlock if the
> EXT4_IOC_MIGRATE call races with a write(2) system call.
> 
> This problem only arises when CONFIG_PROVE_LOCKING is enabled. In this
> case, the jbd2_might_wait_for_commit macro locks jbd2_handle in the
> jbd2_journal_stop function while i_data_sem is locked. This triggers
> lockdep because the jbd2_journal_start function might also lock the same
> jbd2_handle simultaneously.
> 
> Found by Linux Verification Center (linuxtesting.org) with syzkaller.
> 
> Reviewed-by: Ritesh Harjani (IBM) <ritesh.list at gmail.com>
> Signed-off-by: Artem Sadovnikov <ancowi69 at gmail.com>
> Signed-off-by: Mikhail Ukhin <mish.uxin2012 at yandex.ru>

Здравствуйте! Извините за задержку с ответом.

Если вопрос насчёт оформления, то здесь уже plain text, а не HTML, всё в
порядке - других проблем не вижу. Т.к. уже шло обсуждение с мэйнтейнером
[1], насколько понимаю, все его замечания вы подправили => можно отправлять
v3. Важно, чтобы последний Signed-off-by совпадал с отправителем письма.

[1]: https://lore.kernel.org/lkml/20240606210706.GE4182@mit.edu/

> ---
>  v2: New addresses have been added and Ritesh Harjani has been noted as a
>  reviewer.

Здесь бывает полезно указывать ссылки на обсуждения прошлых версий патча в
LKML, чтобы читатели вспомнили контекст.

>  v3: Description updated.
>  fs/hugetlbfs/inode.c | 2 +-
>  1 file changed, 1 insertions(+), 1 deletions(-)
>  
> diff --git a/fs/ext4/migrate.c b/fs/ext4/migrate.c
> index b0ea646454ac..59290356aa5b 100644
> --- a/fs/ext4/migrate.c
> +++ b/fs/ext4/migrate.c
> @@ -663,8 +663,8 @@ int ext4_ind_migrate(struct inode *inode)
>  	if (unlikely(ret2 && !ret))
>  		ret = ret2;
>  errout:
> -	ext4_journal_stop(handle);
>  	up_write(&EXT4_I(inode)->i_data_sem);
> +	ext4_journal_stop(handle);
>  out_unlock:
>  	percpu_up_write(&sbi->s_writepages_rwsem);
>  	return ret;
>  	
> -- 
> 2.25.1
>

More information about the lvc-project mailing list