• Luis Henriques's avatar
    ceph: fix buffer free while holding i_ceph_lock in fill_inode() · 39c62cda
    Luis Henriques authored
    [ Upstream commit af8a85a4 ]
    
    Calling ceph_buffer_put() in fill_inode() may result in freeing the
    i_xattrs.blob buffer while holding the i_ceph_lock.  This can be fixed by
    postponing the call until later, when the lock is released.
    
    The following backtrace was triggered by fstests generic/070.
    
      BUG: sleeping function called from invalid context at mm/vmalloc.c:2283
      in_atomic(): 1, irqs_disabled(): 0, pid: 3852, name: kworker/0:4
      6 locks held by kworker/0:4/3852:
       #0: 000000004270f6bb ((wq_completion)ceph-msgr){+.+.}, at: process_one_work+0x1b8/0x5f0
       #1: 00000000eb420803 ((work_completion)(&(&con->work)->work)){+.+.}, at: process_one_work+0x1b8/0x5f0
       #2: 00000000be1c53a4 (&s->s_mutex){+.+.}, at: dispatch+0x288/0x1476
       #3: 00000000559cb958 (&mdsc->snap_rwsem){++++}, at: dispatch+0x2eb/0x1476
       #4: 000000000d5ebbae (&req->r_fill_mutex){+.+.}, at: dispatch+0x2fc/0x1476
       #5: 00000000a83d0514 (&(&ci->i_ceph_lock)->rlock){+.+.}, at: fill_inode.isra.0+0xf8/0xf70
      CPU: 0 PID: 3852 Comm: kworker/0:4 Not tainted 5.2.0+ #441
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58-prebuilt.qemu.org 04/01/2014
      Workqueue: ceph-msgr ceph_con_workfn
      Call Trace:
       dump_stack+0x67/0x90
       ___might_sleep.cold+0x9f/0xb1
       vfree+0x4b/0x60
       ceph_buffer_release+0x1b/0x60
       fill_inode.isra.0+0xa9b/0xf70
       ceph_fill_trace+0x13b/0xc70
       ? dispatch+0x2eb/0x1476
       dispatch+0x320/0x1476
       ? __mutex_unlock_slowpath+0x4d/0x2a0
       ceph_con_workfn+0xc97/0x2ec0
       ? process_one_work+0x1b8/0x5f0
       process_one_work+0x244/0x5f0
       worker_thread+0x4d/0x3e0
       kthread+0x105/0x140
       ? process_one_work+0x5f0/0x5f0
       ? kthread_park+0x90/0x90
       ret_from_fork+0x3a/0x50
    Signed-off-by: default avatarLuis Henriques <lhenriques@suse.com>
    Reviewed-by: default avatarJeff Layton <jlayton@kernel.org>
    Signed-off-by: default avatarIlya Dryomov <idryomov@gmail.com>
    Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
    39c62cda
Name
Last commit
Last update
Documentation Loading commit data...
LICENSES Loading commit data...
arch Loading commit data...
block Loading commit data...
certs Loading commit data...
crypto Loading commit data...
drivers Loading commit data...
fs Loading commit data...
include Loading commit data...
init Loading commit data...
ipc Loading commit data...
kernel Loading commit data...
lib Loading commit data...
mm Loading commit data...
net Loading commit data...
samples Loading commit data...
scripts Loading commit data...
security Loading commit data...
sound Loading commit data...
tools Loading commit data...
usr Loading commit data...
virt Loading commit data...
.clang-format Loading commit data...
.cocciconfig Loading commit data...
.get_maintainer.ignore Loading commit data...
.gitattributes Loading commit data...
.gitignore Loading commit data...
.mailmap Loading commit data...
COPYING Loading commit data...
CREDITS Loading commit data...
Kbuild Loading commit data...
Kconfig Loading commit data...
MAINTAINERS Loading commit data...
Makefile Loading commit data...
README Loading commit data...