• Hou Tao's avatar
    9p: use inode->i_lock to protect i_size_write() under 32-bit · 5e3cc1ee
    Hou Tao authored
    Use inode->i_lock to protect i_size_write(), else i_size_read() in
    generic_fillattr() may loop infinitely in read_seqcount_begin() when
    multiple processes invoke v9fs_vfs_getattr() or v9fs_vfs_getattr_dotl()
    simultaneously under 32-bit SMP environment, and a soft lockup will be
    triggered as show below:
    
      watchdog: BUG: soft lockup - CPU#5 stuck for 22s! [stat:2217]
      Modules linked in:
      CPU: 5 PID: 2217 Comm: stat Not tainted 5.0.0-rc1-00005-g7f702faf5a9e #4
      Hardware name: Generic DT based system
      PC is at generic_fillattr+0x104/0x108
      LR is at 0xec497f00
      pc : [<802b8898>]    lr : [<ec497f00>]    psr: 200c0013
      sp : ec497e20  ip : ed608030  fp : ec497e3c
      r10: 00000000  r9 : ec497f00  r8 : ed608030
      r7 : ec497ebc  r6 : ec497f00  r5 : ee5c1550  r4 : ee005780
      r3 : 0000052d  r2 : 00000000  r1 : ec497f00  r0 : ed608030
      Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
      Control: 10c5387d  Table: ac48006a  DAC: 00000051
      CPU: 5 PID: 2217 Comm: stat Not tainted 5.0.0-rc1-00005-g7f702faf5a9e #4
      Hardware name: Generic DT based system
      Backtrace:
      [<8010d974>] (dump_backtrace) from [<8010dc88>] (show_stack+0x20/0x24)
      [<8010dc68>] (show_stack) from [<80a1d194>] (dump_stack+0xb0/0xdc)
      [<80a1d0e4>] (dump_stack) from [<80109f34>] (show_regs+0x1c/0x20)
      [<80109f18>] (show_regs) from [<801d0a80>] (watchdog_timer_fn+0x280/0x2f8)
      [<801d0800>] (watchdog_timer_fn) from [<80198658>] (__hrtimer_run_queues+0x18c/0x380)
      [<801984cc>] (__hrtimer_run_queues) from [<80198e60>] (hrtimer_run_queues+0xb8/0xf0)
      [<80198da8>] (hrtimer_run_queues) from [<801973e8>] (run_local_timers+0x28/0x64)
      [<801973c0>] (run_local_timers) from [<80197460>] (update_process_times+0x3c/0x6c)
      [<80197424>] (update_process_times) from [<801ab2b8>] (tick_nohz_handler+0xe0/0x1bc)
      [<801ab1d8>] (tick_nohz_handler) from [<80843050>] (arch_timer_handler_virt+0x38/0x48)
      [<80843018>] (arch_timer_handler_virt) from [<80180a64>] (handle_percpu_devid_irq+0x8c/0x240)
      [<801809d8>] (handle_percpu_devid_irq) from [<8017ac20>] (generic_handle_irq+0x34/0x44)
      [<8017abec>] (generic_handle_irq) from [<8017b344>] (__handle_domain_irq+0x6c/0xc4)
      [<8017b2d8>] (__handle_domain_irq) from [<801022e0>] (gic_handle_irq+0x4c/0x88)
      [<80102294>] (gic_handle_irq) from [<80101a30>] (__irq_svc+0x70/0x98)
      [<802b8794>] (generic_fillattr) from [<8056b284>] (v9fs_vfs_getattr_dotl+0x74/0xa4)
      [<8056b210>] (v9fs_vfs_getattr_dotl) from [<802b8904>] (vfs_getattr_nosec+0x68/0x7c)
      [<802b889c>] (vfs_getattr_nosec) from [<802b895c>] (vfs_getattr+0x44/0x48)
      [<802b8918>] (vfs_getattr) from [<802b8a74>] (vfs_statx+0x9c/0xec)
      [<802b89d8>] (vfs_statx) from [<802b9428>] (sys_lstat64+0x48/0x78)
      [<802b93e0>] (sys_lstat64) from [<80101000>] (ret_fast_syscall+0x0/0x28)
    
    [dominique.martinet@cea.fr: updated comment to not refer to a function
    in another subsystem]
    Link: http://lkml.kernel.org/r/20190124063514.8571-2-houtao1@huawei.com
    Cc: stable@vger.kernel.org
    Fixes: 7549ae3e ("9p: Use the i_size_[read, write]() macros instead of using inode->i_size directly.")
    Reported-by: default avatarXing Gaopeng <xingaopeng@huawei.com>
    Signed-off-by: default avatarHou Tao <houtao1@huawei.com>
    Signed-off-by: default avatarDominique Martinet <dominique.martinet@cea.fr>
    5e3cc1ee
vfs_inode_dotl.c 24.6 KB