iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/fs
History
Chao Yu 312d272dc4 hfsplus: fix to avoid false alarm of circular locking 
[ Upstream commit be4edd1642ee205ed7bbf66edc0453b1be1fb8d7 ]

Syzbot report potential ABBA deadlock as below:

loop0: detected capacity change from 0 to 1024
======================================================
WARNING: possible circular locking dependency detected
6.9.0-syzkaller-10323-g8f6a15f095a6 #0 Not tainted
------------------------------------------------------
syz-executor171/5344 is trying to acquire lock:
ffff88807cb980b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x811/0xb50 fs/hfsplus/extents.c:595

but task is already holding lock:
ffff88807a930108 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x2da/0xb50 fs/hfsplus/extents.c:576

which lock already depends on the new lock.

the existing dependency chain (in reverse order) is:

-> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}:
       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
       __mutex_lock_common kernel/locking/mutex.c:608 [inline]
       __mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752
       hfsplus_file_extend+0x21b/0x1b70 fs/hfsplus/extents.c:457
       hfsplus_bmap_reserve+0x105/0x4e0 fs/hfsplus/btree.c:358
       hfsplus_rename_cat+0x1d0/0x1050 fs/hfsplus/catalog.c:456
       hfsplus_rename+0x12e/0x1c0 fs/hfsplus/dir.c:552
       vfs_rename+0xbdb/0xf00 fs/namei.c:4887
       do_renameat2+0xd94/0x13f0 fs/namei.c:5044
       __do_sys_rename fs/namei.c:5091 [inline]
       __se_sys_rename fs/namei.c:5089 [inline]
       __x64_sys_rename+0x86/0xa0 fs/namei.c:5089
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #0 (&tree->tree_lock){+.+.}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:3134 [inline]
       check_prevs_add kernel/locking/lockdep.c:3253 [inline]
       validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869
       __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
       __mutex_lock_common kernel/locking/mutex.c:608 [inline]
       __mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752
       hfsplus_file_truncate+0x811/0xb50 fs/hfsplus/extents.c:595
       hfsplus_setattr+0x1ce/0x280 fs/hfsplus/inode.c:265
       notify_change+0xb9d/0xe70 fs/attr.c:497
       do_truncate+0x220/0x310 fs/open.c:65
       handle_truncate fs/namei.c:3308 [inline]
       do_open fs/namei.c:3654 [inline]
       path_openat+0x2a3d/0x3280 fs/namei.c:3807
       do_filp_open+0x235/0x490 fs/namei.c:3834
       do_sys_openat2+0x13e/0x1d0 fs/open.c:1406
       do_sys_open fs/open.c:1421 [inline]
       __do_sys_creat fs/open.c:1497 [inline]
       __se_sys_creat fs/open.c:1491 [inline]
       __x64_sys_creat+0x123/0x170 fs/open.c:1491
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&HFSPLUS_I(inode)->extents_lock);
                               lock(&tree->tree_lock);
                               lock(&HFSPLUS_I(inode)->extents_lock);
  lock(&tree->tree_lock);

This is a false alarm as tree_lock mutex are different, one is
from sbi->cat_tree, and another is from sbi->ext_tree:

Thread A			Thread B
- hfsplus_rename
 - hfsplus_rename_cat
  - hfs_find_init
   - mutext_lock(cat_tree->tree_lock)
				- hfsplus_setattr
				 - hfsplus_file_truncate
				  - mutex_lock(hip->extents_lock)
				  - hfs_find_init
				   - mutext_lock(ext_tree->tree_lock)
  - hfs_bmap_reserve
   - hfsplus_file_extend
    - mutex_lock(hip->extents_lock)

So, let's call mutex_lock_nested for tree_lock mutex lock, and pass
correct lock class for it.

Fixes: 31651c607151 ("hfsplus: avoid deadlock on file truncation")
Reported-by: syzbot+6030b3b1b9bf70e538c4@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/linux-fsdevel/000000000000e37a4005ef129563@google.com
Cc: Ernesto A. Fernández <ernesto.mnd.fernandez@gmail.com>
Signed-off-by: Chao Yu <chao@kernel.org>
Link: https://lore.kernel.org/r/20240607142304.455441-1-chao@kernel.org
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-08-03 08:59:11 +02:00
..
9p
Two fixes headed to stable trees:
2024-05-29 09:25:15 -07:00
adfs
mm, slab: remove last vestiges of SLAB_MEM_SPREAD
2024-03-12 20:32:19 -07:00
affs
affs: remove SLAB_MEM_SPREAD flag usage
2024-02-26 11:36:28 +01:00
afs
afs: Convert comma to semicolon
2024-07-02 21:23:00 +02:00
autofs
dcache stuff for this cycle
2024-01-11 20:11:35 -08:00
bcachefs
bcachefs: bch2_gc_btree() should not use btree_root_lock
2024-07-11 20:10:55 -04:00
befs
mm, slab: remove last vestiges of SLAB_MEM_SPREAD
2024-03-12 20:32:19 -07:00
bfs
mm, slab: remove last vestiges of SLAB_MEM_SPREAD
2024-03-12 20:32:19 -07:00
btrfs
for-6.10-rc7-tag
2024-07-12 12:08:42 -07:00
cachefiles
Merge patch series "cachefiles: random bugfixes"
2024-07-05 18:40:40 +02:00
ceph
We have a series from Xiubo that adds support for additional access
2024-05-25 14:23:58 -07:00
coda
mm, slab: remove last vestiges of SLAB_MEM_SPREAD
2024-03-12 20:32:19 -07:00
configfs
cramfs
use ->bd_mapping instead of ->bd_inode->i_mapping
2024-05-03 02:36:51 -04:00
crypto
The usual shower of singleton fixes and minor series all over MM,
2024-05-19 09:21:03 -07:00
debugfs
debugfs: continue to ignore unknown mount options
2024-05-28 14:32:42 +02:00
devpts
fs: Remove the now superfluous sentinel elements from ctl_table array
2023-12-28 04:57:57 -08:00
dlm
dlm: return -ENOMEM if ls_recover_buf fails
2024-04-23 16:08:55 -05:00
ecryptfs
hardening updates for 6.10-rc1
2024-05-13 14:14:05 -07:00
efivarfs
efi: Clear up misconceptions about a maximum variable name size
2024-04-13 10:33:02 +02:00
efs
efs: remove SLAB_MEM_SPREAD flag usage
2024-02-27 11:21:33 +01:00
erofs
erofs: ensure m_llen is reset to 0 if metadata is invalid
2024-06-30 10:54:28 +08:00
exfat
exfat: zero the reserved fields of file and stream extension dentries
2024-04-25 21:59:59 +09:00
exportfs
fs: Create a generic is_dot_dotdot() utility
2024-01-23 10:58:56 -05:00
ext2
ext2: Remove LEGACY_DIRECT_IO dependency
2024-05-03 11:50:28 +02:00
ext4
ext4: use memtostr_pad() for s_volume_name
2024-07-24 15:54:05 +02:00
f2fs
f2fs update for 6.10-rc1
2024-05-20 13:23:43 -07:00
fat
fs: add kernel-doc comments to fat_parse_long()
2024-04-25 21:07:02 -07:00
freevxfs
freevxfs: Convert freevxfs to the new mount API.
2024-03-26 09:04:53 +01:00
fuse
virtio: features, fixes, cleanups
2024-05-23 12:04:36 -07:00
gfs2
bd_inode series
2024-05-21 09:51:42 -07:00
hfs
hfs: really remove hfs_writepage
2023-12-29 11:58:34 -08:00
hfsplus
hfsplus: fix to avoid false alarm of circular locking
2024-08-03 08:59:11 +02:00
hostfs
hostfs: use d_splice_alias() calling conventions to simplify failure exits
2023-12-21 12:51:00 -05:00
hpfs
mm, slab: remove last vestiges of SLAB_MEM_SPREAD
2024-03-12 20:32:19 -07:00
hugetlbfs
The usual shower of singleton fixes and minor series all over MM,
2024-05-19 09:21:03 -07:00
iomap
iomap: Fix iomap_adjust_read_range for plen calculation
2024-06-05 17:27:03 +02:00
isofs
isofs: Use *-y instead of *-objs in Makefile
2024-05-09 18:09:57 +02:00
jbd2
bd_inode series
2024-05-21 09:51:42 -07:00
jffs2
This pull request contains the following changes for JFFS2:
2024-05-25 13:23:42 -07:00
jfs
jfs: don't walk off the end of ealist
2024-07-27 11:40:32 +02:00
kernfs
kernfs: mount: Remove unnecessary ‘NULL’ values from knparent
2024-05-04 19:02:39 +02:00
lockd
lockd: host: Remove unnecessary statements'host = NULL;'
2024-05-06 09:07:20 -04:00
minix
minixfs: Fix minixfs_rename with HIGHMEM
2024-07-10 07:15:36 +02:00
netfs
vfs-6.10-rc8.fixes
2024-07-11 09:03:28 -07:00
nfs
nfs: drop the incorrect assertion in nfs_swap_rw()
2024-06-24 20:52:11 -07:00
nfs_common
nfsd
nfsd-6.10 fixes:
2024-06-28 09:32:33 -07:00
nilfs2
nilfs2: fix kernel bug on rename operation of broken directory
2024-07-03 22:40:38 -07:00
nls
notify
Revert "fanotify: remove unneeded sub-zero check for unsigned value"
2024-05-20 12:43:58 -07:00
ntfs3
fs/ntfs3: Validate ff offset
2024-07-27 11:40:32 +02:00
ocfs2
ocfs2: add bounds checking to ocfs2_check_dir_entry()
2024-07-27 11:40:32 +02:00
omfs
openpromfs
openpromfs: finish conversion to the new mount API
2024-03-26 09:04:54 +01:00
orangefs
orangefs: fix out-of-bounds fsid access
2024-05-14 17:44:14 -07:00
overlayfs
ovl: fix encoding fid for lower only root
2024-06-14 10:30:40 +02:00
proc
/proc/pid/smaps: add mseal info for vma
2024-06-24 20:52:09 -07:00
pstore
pstore/zone: Don't clear memory twice
2024-03-09 12:33:22 -08:00
qnx4
mm, slab: remove last vestiges of SLAB_MEM_SPREAD
2024-03-12 20:32:19 -07:00
qnx6
qnx6: convert qnx6 to use the new mount api
2024-03-26 09:04:53 +01:00
quota
quota: fix to propagate error of mark_dquot_dirty() to caller
2024-04-12 14:52:29 +02:00
ramfs
mm: switch mm->get_unmapped_area() to a flag
2024-04-25 20:56:25 -07:00
reiserfs
getting rid of bogus set_blocksize() uses, switching it
2024-05-21 08:34:51 -07:00
romfs
fs,block: yield devices early
2024-03-27 13:17:15 +01:00
smb
cifs: Fix setting of zero_point after DIO write
2024-07-24 15:54:06 +02:00
squashfs
Mainly singleton patches, documented in their respective changelogs.
2024-05-19 14:02:03 -07:00
sysfs
Merge 6.9-rc5 into driver-core-next
2024-04-23 13:27:43 +02:00
sysv
sysv: remove SLAB_MEM_SPREAD flag usage
2024-02-27 11:21:31 +01:00
tracefs
eventfs: Do not use attributes for events directory
2024-05-23 09:31:50 -04:00
ubifs
This pull request contains updates for UBI and UBIFS:
2024-03-21 15:09:29 -07:00
udf
udf: Use a folio in udf_write_end()
2024-04-23 15:37:02 +02:00
ufs
mm, slab: remove last vestiges of SLAB_MEM_SPREAD
2024-03-12 20:32:19 -07:00
unicode
kbuild: use $(src) instead of $(srctree)/$(src) for source directory
2024-05-10 04:34:52 +09:00
vboxsf
vboxsf: explicitly deny setlease attempts
2024-04-03 16:06:39 +02:00
verity
fsverity: use register_sysctl_init() to avoid kmemleak warning
2024-05-03 08:30:58 -07:00
xfs
xfs: honor init_xattrs in xfs_init_new_inode for !ATTR fs
2024-06-26 14:29:25 +05:30
zonefs
zonefs: Use str_plural() to fix Coccinelle warning
2024-04-10 07:23:47 +09:00
aio.c
Assorted commits that had missed the last merge window...
2024-05-21 13:11:44 -07:00
anon_inodes.c
fs: Create anon_inode_getfile_fmode()
2024-04-26 10:33:05 +02:00
attr.c
lsm/stable-6.9 PR 20240312
2024-03-12 20:03:34 -07:00
backing-file.c
ovl: implement tmpfile
2024-05-02 20:35:57 +02:00
bad_inode.c
binfmt_elf_fdpic.c
binfmt_elf_fdpic: fix /proc/<pid>/auxv
2024-04-24 15:55:28 -07:00
binfmt_elf_test.c
binfmt_elf.c
Mainly singleton patches, documented in their respective changelogs.
2024-05-19 14:02:03 -07:00
binfmt_flat.c
binfmt_misc.c
execve updates for v6.7-rc1
2023-10-30 19:28:19 -10:00
binfmt_script.c
buffer.c
bd_inode series
2024-05-21 09:51:42 -07:00
char_dev.c
As usual, lots of singleton and doubleton patches all over the tree and
2023-11-02 20:53:31 -10:00
compat_binfmt_elf.c
coredump.c
virtio: features, fixes, cleanups
2024-05-23 12:04:36 -07:00
d_path.c
dax.c
dax: use huge_zero_folio
2024-04-25 20:56:20 -07:00
dcache.c
vfs-6.10-rc8.fixes
2024-07-11 09:03:28 -07:00
direct-io.c
fs/direct-io: remove redundant assignment to variable retval
2024-04-11 10:21:24 +02:00
drop_caches.c
eventfd.c
eventfd: strictly check the count parameter of eventfd_write to avoid inputting illegal strings
2024-02-08 10:12:26 +01:00
eventpoll.c
epoll: be better about file lifetimes
2024-05-05 14:00:48 -07:00
exec.c
The usual shower of singleton fixes and minor series all over MM,
2024-05-19 09:21:03 -07:00
fcntl.c
fcntl: add F_DUPFD_QUERY fcntl()
2024-05-10 08:26:31 +02:00
fhandle.c
fs: Annotate struct file_handle with __counted_by() and use struct_size()
2024-04-05 15:53:47 +02:00
file_table.c
lsm/stable-6.9 PR 20240312
2024-03-12 20:03:34 -07:00
file.c
fs/file: fix the check in find_next_fd()
2024-05-30 09:11:47 +02:00
filesystems.c
fs_context.c
fs_parser.c
__fs_parse: Correct a documentation comment
2024-02-02 13:11:50 +01:00
fs_pin.c
fs_struct.c
fs_types.c
fs-writeback.c
fs/writeback: remove unnecessary return in writeback_inodes_sb
2024-04-05 15:53:45 +02:00
fsopen.c
init.c
inode.c
bcachefs updates for 6.9
2024-03-15 09:00:09 -07:00
internal.h
ovl: implement tmpfile
2024-05-02 20:35:57 +02:00
ioctl.c
fs/ioctl: Add a comment to keep the logic in sync with LSM policies
2024-05-13 06:58:35 +02:00
Kconfig
- Sumanth Korikkar has taught s390 to allocate hotplug-time page frames
2024-03-14 17:43:30 -07:00
Kconfig.binfmt
kernel_read_file.c
libfs.c
shmem: Fix shmem_rename2()
2024-04-17 13:49:44 +02:00
locks.c
filelock: Fix fcntl/close race recovery compat path
2024-07-27 11:40:36 +02:00
Makefile
vfs-6.9.pidfd
2024-03-11 10:21:06 -07:00
mbcache.c
vfs: remove SLAB_MEM_SPREAD flag usage
2024-02-27 11:21:31 +01:00
mnt_idmapping.c
fs/mnt_idmapping.c: Return -EINVAL when no map is written
2024-02-08 10:12:37 +01:00
mount.h
mounts: keep list of mounts in an rbtree
2023-11-18 14:56:16 +01:00
mpage.c
block, fs: Restore the per-bio/request data lifetime fields
2024-02-06 14:31:05 +01:00
namei.c
vfs: generate FS_CREATE before FS_OPEN when ->atomic_open used.
2024-06-18 16:26:09 +02:00
namespace.c
fs: relax mount_setattr() permission checks
2024-02-07 21:16:29 +01:00
nsfs.c
pidfs: remove config option
2024-03-13 12:53:53 -07:00
open.c
vfs-6.10-rc7.fixes
2024-07-01 09:22:08 -07:00
pidfs.c
fs/pidfs: make 'lsof' happy with our inode changes
2024-05-21 08:08:00 -07:00
pipe.c
fs/pipe: Convert to lockdep_cmp_fn
2024-02-02 13:11:49 +01:00
pnode.c
mounts: keep list of mounts in an rbtree
2023-11-18 14:56:16 +01:00
pnode.h
posix_acl.c
lsm/stable-6.9 PR 20240312
2024-03-12 20:03:34 -07:00
proc_namespace.c
namespace: extract show_path() helper
2023-11-18 14:56:16 +01:00
read_write.c
Assorted commits that had missed the last merge window...
2024-05-21 13:11:44 -07:00
readdir.c
fsnotify: optionally pass access range in file permission hooks
2023-12-12 16:20:02 +01:00
remap_range.c
vfs: export remap and write check helpers
2024-04-15 14:54:13 -07:00
select.c
fs/select: rework stack allocation hack for clang
2024-02-20 09:23:52 +01:00
seq_file.c
seq_file: Simplify __seq_puts()
2024-05-02 16:28:20 +02:00
signalfd.c
signalfd: drop an obsolete comment
2024-05-24 13:34:07 +02:00
splice.c
remove call_{read,write}_iter() functions
2024-04-15 16:03:25 -04:00
stack.c
stat.c
statx: stx_subvol
2024-03-26 09:01:18 +01:00
statfs.c
super.c
fs: don't misleadingly warn during thaw operations
2024-06-18 16:20:47 +02:00
sync.c
sysctls.c
fs: Remove the now superfluous sentinel elements from ctl_table array
2023-12-28 04:57:57 -08:00
timerfd.c
timerfd: convert to ->read_iter()
2024-04-10 16:23:02 -06:00
userfaultfd.c
Fix userfaultfd_api to return EINVAL as expected
2024-07-03 22:40:36 -07:00
utimes.c
xattr.c
evm: Move to LSM infrastructure
2024-02-15 23:43:47 -05:00