• Hou Tao's avatar
    9p: use inode->i_lock to protect i_size_write() under 32-bit · 3cccba9a
    Hou Tao authored
    commit 5e3cc1ee upstream.
    
    Use inode->i_lock to protect i_size_write(), else i_size_read() in
    generic_fillattr() may loop infinitely in read_seqcount_begin() when
    multiple processes invoke v9fs_vfs_getattr() or v9fs_vfs_getattr_dotl()
    simultaneously under 32-bit SMP environment, and a soft lockup will be
    triggered as show below:
    
      watchdog: BUG: soft lockup - CPU#5 stuck for 22s! [stat:2217]
      Modules linked in:
      CPU: 5 PID: 2217 Comm: stat Not tainted 5.0.0-rc1-00005-g7f702faf5a9e #4
      Hardware name: Generic DT based system
      PC is at generic_fillattr+0x104/0x108
      LR is at 0xec497f00
      pc : [<802b8898>]    lr : [<ec497f00>]    psr: 200c0013
      sp : ec497e20  ip : ed608030  fp : ec497e3c
      r10: 00000000  r9 : ec497f00  r8 : ed608030
      r7 : ec497ebc  r6 : ec497f00  r5 : ee5c1550  r4 : ee005780
      r3 : 0000052d  r2 : 00000000  r1 : ec497f00  r0 : ed608030
      Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
      Control: 10c5387d  Table: ac48006a  DAC: 00000051
      CPU: 5 PID: 2217 Comm: stat Not tainted 5.0.0-rc1-00005-g7f702faf5a9e #4
      Hardware name: Generic DT based system
      Backtrace:
      [<8010d974>] (dump_backtrace) from [<8010dc88>] (show_stack+0x20/0x24)
      [<8010dc68>] (show_stack) from [<80a1d194>] (dump_stack+0xb0/0xdc)
      [<80a1d0e4>] (dump_stack) from [<80109f34>] (show_regs+0x1c/0x20)
      [<80109f18>] (show_regs) from [<801d0a80>] (watchdog_timer_fn+0x280/0x2f8)
      [<801d0800>] (watchdog_timer_fn) from [<80198658>] (__hrtimer_run_queues+0x18c/0x380)
      [<801984cc>] (__hrtimer_run_queues) from [<80198e60>] (hrtimer_run_queues+0xb8/0xf0)
      [<80198da8>] (hrtimer_run_queues) from [<801973e8>] (run_local_timers+0x28/0x64)
      [<801973c0>] (run_local_timers) from [<80197460>] (update_process_times+0x3c/0x6c)
      [<80197424>] (update_process_times) from [<801ab2b8>] (tick_nohz_handler+0xe0/0x1bc)
      [<801ab1d8>] (tick_nohz_handler) from [<80843050>] (arch_timer_handler_virt+0x38/0x48)
      [<80843018>] (arch_timer_handler_virt) from [<80180a64>] (handle_percpu_devid_irq+0x8c/0x240)
      [<801809d8>] (handle_percpu_devid_irq) from [<8017ac20>] (generic_handle_irq+0x34/0x44)
      [<8017abec>] (generic_handle_irq) from [<8017b344>] (__handle_domain_irq+0x6c/0xc4)
      [<8017b2d8>] (__handle_domain_irq) from [<801022e0>] (gic_handle_irq+0x4c/0x88)
      [<80102294>] (gic_handle_irq) from [<80101a30>] (__irq_svc+0x70/0x98)
      [<802b8794>] (generic_fillattr) from [<8056b284>] (v9fs_vfs_getattr_dotl+0x74/0xa4)
      [<8056b210>] (v9fs_vfs_getattr_dotl) from [<802b8904>] (vfs_getattr_nosec+0x68/0x7c)
      [<802b889c>] (vfs_getattr_nosec) from [<802b895c>] (vfs_getattr+0x44/0x48)
      [<802b8918>] (vfs_getattr) from [<802b8a74>] (vfs_statx+0x9c/0xec)
      [<802b89d8>] (vfs_statx) from [<802b9428>] (sys_lstat64+0x48/0x78)
      [<802b93e0>] (sys_lstat64) from [<80101000>] (ret_fast_syscall+0x0/0x28)
    
    [dominique.martinet@cea.fr: updated comment to not refer to a function
    in another subsystem]
    Link: http://lkml.kernel.org/r/20190124063514.8571-2-houtao1@huawei.com
    Cc: stable@vger.kernel.org
    Fixes: 7549ae3e ("9p: Use the i_size_[read, write]() macros instead of using inode->i_size directly.")
    Reported-by: 's avatarXing Gaopeng <xingaopeng@huawei.com>
    Signed-off-by: 's avatarHou Tao <houtao1@huawei.com>
    Signed-off-by: 's avatarDominique Martinet <dominique.martinet@cea.fr>
    Signed-off-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    3cccba9a
Name
Last commit
Last update
..
Kconfig Loading commit data...
Makefile Loading commit data...
acl.c Loading commit data...
acl.h Loading commit data...
cache.c Loading commit data...
cache.h Loading commit data...
fid.c Loading commit data...
fid.h Loading commit data...
v9fs.c Loading commit data...
v9fs.h Loading commit data...
v9fs_vfs.h Loading commit data...
vfs_addr.c Loading commit data...
vfs_dentry.c Loading commit data...
vfs_dir.c Loading commit data...
vfs_file.c Loading commit data...
vfs_inode.c Loading commit data...
vfs_inode_dotl.c Loading commit data...
vfs_super.c Loading commit data...
xattr.c Loading commit data...
xattr.h Loading commit data...