Re: [PATCH] fs: xfs: Fix a lock-twice and sleep-in-atomic bug in xfs_iget
On 06/05/2017 04:32 PM, Shan Hai wrote:
On 2017年06月05日 16:17, Jia-Ju Bai wrote:
The driver may sleep under a read rcu lock, and function call path is:
xfs_iget (acquire the lock by rcu_read_lock)
"goto out_error_or_again" after xfs_iget_cache_hit
delay
schedule_timeout_uninterruptible --> may sleep
Meanwhile, the rcu_read_lock will be called twice in this situation.
To fix it, the lock is released before "goto".
Signed-off-by: Jia-Ju Bai
---
fs/xfs/xfs_icache.c |4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/xfs/xfs_icache.c b/fs/xfs/xfs_icache.c
index f61c84f8..c2a4722 100644
--- a/fs/xfs/xfs_icache.c
+++ b/fs/xfs/xfs_icache.c
@@ -600,8 +600,10 @@ struct xfs_inode *
if (ip) {
error = xfs_iget_cache_hit(pag, ip, ino, flags, lock_flags);
-if (error)
+if (error) {
+rcu_read_unlock();
Seems you are going to double unlock by doing this, since it is
unlocked in the xfs_iget_cache_hit.
Thanks
Shan Hai
goto out_error_or_again;
+}
} else {
rcu_read_unlock();
XFS_STATS_INC(mp, xs_ig_missed);
I think you are right. Please ignore my patch.
Thanks,
Jia-Ju Bai
Re: [PATCH] fs: xfs: Fix a lock-twice and sleep-in-atomic bug in xfs_iget
On 2017年06月05日 16:17, Jia-Ju Bai wrote:
The driver may sleep under a read rcu lock, and function call path is:
xfs_iget (acquire the lock by rcu_read_lock)
"goto out_error_or_again" after xfs_iget_cache_hit
delay
schedule_timeout_uninterruptible --> may sleep
Meanwhile, the rcu_read_lock will be called twice in this situation.
To fix it, the lock is released before "goto".
Signed-off-by: Jia-Ju Bai
---
fs/xfs/xfs_icache.c |4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/xfs/xfs_icache.c b/fs/xfs/xfs_icache.c
index f61c84f8..c2a4722 100644
--- a/fs/xfs/xfs_icache.c
+++ b/fs/xfs/xfs_icache.c
@@ -600,8 +600,10 @@ struct xfs_inode *
if (ip) {
error = xfs_iget_cache_hit(pag, ip, ino, flags, lock_flags);
- if (error)
+ if (error) {
+ rcu_read_unlock();
Seems you are going to double unlock by doing this, since it is unlocked
in the xfs_iget_cache_hit.
Thanks
Shan Hai
goto out_error_or_again;
+ }
} else {
rcu_read_unlock();
XFS_STATS_INC(mp, xs_ig_missed);
[PATCH] fs: xfs: Fix a lock-twice and sleep-in-atomic bug in xfs_iget
The driver may sleep under a read rcu lock, and function call path is:
xfs_iget (acquire the lock by rcu_read_lock)
"goto out_error_or_again" after xfs_iget_cache_hit
delay
schedule_timeout_uninterruptible --> may sleep
Meanwhile, the rcu_read_lock will be called twice in this situation.
To fix it, the lock is released before "goto".
Signed-off-by: Jia-Ju Bai
---
fs/xfs/xfs_icache.c |4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/xfs/xfs_icache.c b/fs/xfs/xfs_icache.c
index f61c84f8..c2a4722 100644
--- a/fs/xfs/xfs_icache.c
+++ b/fs/xfs/xfs_icache.c
@@ -600,8 +600,10 @@ struct xfs_inode *
if (ip) {
error = xfs_iget_cache_hit(pag, ip, ino, flags, lock_flags);
- if (error)
+ if (error) {
+ rcu_read_unlock();
goto out_error_or_again;
+ }
} else {
rcu_read_unlock();
XFS_STATS_INC(mp, xs_ig_missed);
--
1.7.9.5
