5e3cc1ee14
Use inode->i_lock to protect i_size_write(), else i_size_read() in generic_fillattr() may loop infinitely in read_seqcount_begin() when multiple processes invoke v9fs_vfs_getattr() or v9fs_vfs_getattr_dotl() simultaneously under 32-bit SMP environment, and a soft lockup will be triggered as show below: watchdog: BUG: soft lockup - CPU#5 stuck for 22s! [stat:2217] Modules linked in: CPU: 5 PID: 2217 Comm: stat Not tainted 5.0.0-rc1-00005-g7f702faf5a9e #4 Hardware name: Generic DT based system PC is at generic_fillattr+0x104/0x108 LR is at 0xec497f00 pc : [<802b8898>] lr : [<ec497f00>] psr: 200c0013 sp :ec497e20
ip : ed608030 fp : ec497e3c r10: 00000000 r9 : ec497f00 r8 : ed608030 r7 : ec497ebc r6 : ec497f00 r5 : ee5c1550 r4 : ee005780 r3 : 0000052d r2 : 00000000 r1 : ec497f00 r0 : ed608030 Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 10c5387d Table: ac48006a DAC: 00000051 CPU: 5 PID: 2217 Comm: stat Not tainted 5.0.0-rc1-00005-g7f702faf5a9e #4 Hardware name: Generic DT based system Backtrace: [<8010d974>] (dump_backtrace) from [<8010dc88>] (show_stack+0x20/0x24) [<8010dc68>] (show_stack) from [<80a1d194>] (dump_stack+0xb0/0xdc) [<80a1d0e4>] (dump_stack) from [<80109f34>] (show_regs+0x1c/0x20) [<80109f18>] (show_regs) from [<801d0a80>] (watchdog_timer_fn+0x280/0x2f8) [<801d0800>] (watchdog_timer_fn) from [<80198658>] (__hrtimer_run_queues+0x18c/0x380) [<801984cc>] (__hrtimer_run_queues) from [<80198e60>] (hrtimer_run_queues+0xb8/0xf0) [<80198da8>] (hrtimer_run_queues) from [<801973e8>] (run_local_timers+0x28/0x64) [<801973c0>] (run_local_timers) from [<80197460>] (update_process_times+0x3c/0x6c) [<80197424>] (update_process_times) from [<801ab2b8>] (tick_nohz_handler+0xe0/0x1bc) [<801ab1d8>] (tick_nohz_handler) from [<80843050>] (arch_timer_handler_virt+0x38/0x48) [<80843018>] (arch_timer_handler_virt) from [<80180a64>] (handle_percpu_devid_irq+0x8c/0x240) [<801809d8>] (handle_percpu_devid_irq) from [<8017ac20>] (generic_handle_irq+0x34/0x44) [<8017abec>] (generic_handle_irq) from [<8017b344>] (__handle_domain_irq+0x6c/0xc4) [<8017b2d8>] (__handle_domain_irq) from [<801022e0>] (gic_handle_irq+0x4c/0x88) [<80102294>] (gic_handle_irq) from [<80101a30>] (__irq_svc+0x70/0x98) [<802b8794>] (generic_fillattr) from [<8056b284>] (v9fs_vfs_getattr_dotl+0x74/0xa4) [<8056b210>] (v9fs_vfs_getattr_dotl) from [<802b8904>] (vfs_getattr_nosec+0x68/0x7c) [<802b889c>] (vfs_getattr_nosec) from [<802b895c>] (vfs_getattr+0x44/0x48) [<802b8918>] (vfs_getattr) from [<802b8a74>] (vfs_statx+0x9c/0xec) [<802b89d8>] (vfs_statx) from [<802b9428>] (sys_lstat64+0x48/0x78) [<802b93e0>] (sys_lstat64) from [<80101000>] (ret_fast_syscall+0x0/0x28) [dominique.martinet@cea.fr: updated comment to not refer to a function in another subsystem] Link: http://lkml.kernel.org/r/20190124063514.8571-2-houtao1@huawei.com Cc: stable@vger.kernel.org Fixes:7549ae3e81
("9p: Use the i_size_[read, write]() macros instead of using inode->i_size directly.") Reported-by: Xing Gaopeng <xingaopeng@huawei.com> Signed-off-by: Hou Tao <houtao1@huawei.com> Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
106 lines
4.1 KiB
C
106 lines
4.1 KiB
C
/*
|
|
* V9FS VFS extensions.
|
|
*
|
|
* Copyright (C) 2004 by Eric Van Hensbergen <ericvh@gmail.com>
|
|
* Copyright (C) 2002 by Ron Minnich <rminnich@lanl.gov>
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License version 2
|
|
* as published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to:
|
|
* Free Software Foundation
|
|
* 51 Franklin Street, Fifth Floor
|
|
* Boston, MA 02111-1301 USA
|
|
*
|
|
*/
|
|
#ifndef FS_9P_V9FS_VFS_H
|
|
#define FS_9P_V9FS_VFS_H
|
|
|
|
/* plan9 semantics are that created files are implicitly opened.
|
|
* But linux semantics are that you call create, then open.
|
|
* the plan9 approach is superior as it provides an atomic
|
|
* open.
|
|
* we track the create fid here. When the file is opened, if fidopen is
|
|
* non-zero, we use the fid and can skip some steps.
|
|
* there may be a better way to do this, but I don't know it.
|
|
* one BAD way is to clunk the fid on create, then open it again:
|
|
* you lose the atomicity of file open
|
|
*/
|
|
|
|
/* special case:
|
|
* unlink calls remove, which is an implicit clunk. So we have to track
|
|
* that kind of thing so that we don't try to clunk a dead fid.
|
|
*/
|
|
#define P9_LOCK_TIMEOUT (30*HZ)
|
|
|
|
/* flags for v9fs_stat2inode() & v9fs_stat2inode_dotl() */
|
|
#define V9FS_STAT2INODE_KEEP_ISIZE 1
|
|
|
|
extern struct file_system_type v9fs_fs_type;
|
|
extern const struct address_space_operations v9fs_addr_operations;
|
|
extern const struct file_operations v9fs_file_operations;
|
|
extern const struct file_operations v9fs_file_operations_dotl;
|
|
extern const struct file_operations v9fs_dir_operations;
|
|
extern const struct file_operations v9fs_dir_operations_dotl;
|
|
extern const struct dentry_operations v9fs_dentry_operations;
|
|
extern const struct dentry_operations v9fs_cached_dentry_operations;
|
|
extern const struct file_operations v9fs_cached_file_operations;
|
|
extern const struct file_operations v9fs_cached_file_operations_dotl;
|
|
extern const struct file_operations v9fs_mmap_file_operations;
|
|
extern const struct file_operations v9fs_mmap_file_operations_dotl;
|
|
extern struct kmem_cache *v9fs_inode_cache;
|
|
|
|
struct inode *v9fs_alloc_inode(struct super_block *sb);
|
|
void v9fs_destroy_inode(struct inode *inode);
|
|
struct inode *v9fs_get_inode(struct super_block *sb, umode_t mode, dev_t);
|
|
int v9fs_init_inode(struct v9fs_session_info *v9ses,
|
|
struct inode *inode, umode_t mode, dev_t);
|
|
void v9fs_evict_inode(struct inode *inode);
|
|
ino_t v9fs_qid2ino(struct p9_qid *qid);
|
|
void v9fs_stat2inode(struct p9_wstat *stat, struct inode *inode,
|
|
struct super_block *sb, unsigned int flags);
|
|
void v9fs_stat2inode_dotl(struct p9_stat_dotl *stat, struct inode *inode,
|
|
unsigned int flags);
|
|
int v9fs_dir_release(struct inode *inode, struct file *filp);
|
|
int v9fs_file_open(struct inode *inode, struct file *file);
|
|
void v9fs_inode2stat(struct inode *inode, struct p9_wstat *stat);
|
|
int v9fs_uflags2omode(int uflags, int extended);
|
|
|
|
void v9fs_blank_wstat(struct p9_wstat *wstat);
|
|
int v9fs_vfs_setattr_dotl(struct dentry *, struct iattr *);
|
|
int v9fs_file_fsync_dotl(struct file *filp, loff_t start, loff_t end,
|
|
int datasync);
|
|
int v9fs_refresh_inode(struct p9_fid *fid, struct inode *inode);
|
|
int v9fs_refresh_inode_dotl(struct p9_fid *fid, struct inode *inode);
|
|
static inline void v9fs_invalidate_inode_attr(struct inode *inode)
|
|
{
|
|
struct v9fs_inode *v9inode;
|
|
v9inode = V9FS_I(inode);
|
|
v9inode->cache_validity |= V9FS_INO_INVALID_ATTR;
|
|
return;
|
|
}
|
|
|
|
int v9fs_open_to_dotl_flags(int flags);
|
|
|
|
static inline void v9fs_i_size_write(struct inode *inode, loff_t i_size)
|
|
{
|
|
/*
|
|
* 32-bit need the lock, concurrent updates could break the
|
|
* sequences and make i_size_read() loop forever.
|
|
* 64-bit updates are atomic and can skip the locking.
|
|
*/
|
|
if (sizeof(i_size) > sizeof(long))
|
|
spin_lock(&inode->i_lock);
|
|
i_size_write(inode, i_size);
|
|
if (sizeof(i_size) > sizeof(long))
|
|
spin_unlock(&inode->i_lock);
|
|
}
|
|
#endif
|