linux-stable.git - Linux kernel stable tree

diff options

author	Heming Zhao <heming.zhao@suse.com>	2026-03-02 14:17:05 +0800
committer	Andrew Morton <akpm@linux-foundation.org>	2026-03-27 21:19:38 -0700
commit	19aa667ace53c7398b08d01def44f96f03708bda (patch)
tree	908b4254ec7aa4940a6a0f1951a55d0b7c4c259a /tools/perf/scripts/python
parent	420849332f9f9f1ce6ff142868ae2e6ae9f98f65 (diff)

ocfs2: fix deadlock when creating quota file

syzbot detected a circular locking dependency. the scenarios: CPU0 CPU1 ---- ---- lock(&ocfs2_quota_ip_alloc_sem_key); lock(&ocfs2_sysfile_lock_key[USER_QUOTA_SYSTEM_INODE]); lock(&ocfs2_quota_ip_alloc_sem_key); lock(&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]); or: CPU0 CPU1 ---- ---- lock(&ocfs2_quota_ip_alloc_sem_key); lock(&dquot->dq_lock); lock(&ocfs2_quota_ip_alloc_sem_key); lock(&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]); Following are the code paths for above scenarios: path_openat ocfs2_create ocfs2_mknod + ocfs2_reserve_new_inode | ocfs2_reserve_suballoc_bits | inode_lock(alloc_inode) //C0: hold INODE_ALLOC_SYSTEM_INODE | //ocfs2_free_alloc_context(inode_ac) is called at the end of | //caller ocfs2_mknod to handle the release | + ocfs2_get_init_inode __dquot_initialize dqget ocfs2_acquire_dquot + ocfs2_lock_global_qf | down_write(&OCFS2_I(oinfo->dqi_gqinode)->ip_alloc_sem)//A2:grabbing + ocfs2_create_local_dquot down_write(&OCFS2_I(lqinode)->ip_alloc_sem)//A3:grabbing evict ocfs2_evict_inode ocfs2_delete_inode ocfs2_wipe_inode + inode_lock(orphan_dir_inode) //B0:hold + ... + ocfs2_remove_inode inode_lock(inode_alloc_inode) //INODE_ALLOC_SYSTEM_INODE down_write(&inode->i_rwsem) //C1:grabbing generic_file_direct_write ocfs2_direct_IO __blockdev_direct_IO dio_complete ocfs2_dio_end_io ocfs2_dio_end_io_write + down_write(&oi->ip_alloc_sem) //A0:hold + ocfs2_del_inode_from_orphan inode_lock(orphan_dir_inode) //B1:grabbing Root cause for the circular locking: DIO completion path: holds oi->ip_alloc_sem and is trying to acquire the orphan_dir_inode lock. evict path: holds the orphan_dir_inode lock and is trying to acquire the inode_alloc_inode lock. ocfs2_mknod path: Holds the inode_alloc_inode lock (to allocate a new quota file) and is blocked waiting for oi->ip_alloc_sem in ocfs2_acquire_dquot(). How to fix: Replace down_write() with down_write_trylock() in ocfs2_acquire_dquot(). If acquiring oi->ip_alloc_sem fails, return -EBUSY to abort the file creation routine and break the deadlock. Link: https://lkml.kernel.org/r/20260302061707.7092-1-heming.zhao@suse.com Signed-off-by: Heming Zhao <heming.zhao@suse.com> Reported-by: syzbot+78359d5fbb04318c35e9@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=78359d5fbb04318c35e9 Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com> Cc: Mark Fasheh <mark@fasheh.com> Cc: Joel Becker <jlbec@evilplan.org> Cc: Junxiao Bi <junxiao.bi@oracle.com> Cc: Changwei Ge <gechangwei@live.cn> Cc: Jun Piao <piaojun@huawei.com> Cc: Heming Zhao <heming.zhao@suse.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

Diffstat (limited to 'tools/perf/scripts/python')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: