Commit eccc2df
xfs: release the dquot buf outside of qli_lock
commit 1aacd3f upstream.
Lai Yi reported a lockdep complaint about circular locking:
Chain exists of:
&lp->qli_lock --> &bch->bc_lock --> &l->lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&l->lock);
lock(&bch->bc_lock);
lock(&l->lock);
lock(&lp->qli_lock);
I /think/ the problem here is that xfs_dquot_attach_buf during
quotacheck will release the buffer while it's holding the qli_lock.
Because this is a cached buffer, xfs_buf_rele_cached takes b_lock before
decrementing b_hold. Other threads have taught lockdep that a locking
dependency chain is bp->b_lock -> bch->bc_lock -> l(ru)->lock; and that
another chain is l(ru)->lock -> lp->qli_lock. Hence we do not want to
take b_lock while holding qli_lock.
Reported-by: syzbot+3126ab3db03db42e7a31@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org> # v6.13-rc3
Fixes: ca37818 ("xfs: convert quotacheck to attach dquot buffers")
Tested-by: syzbot+3126ab3db03db42e7a31@syzkaller.appspotmail.com
Signed-off-by: "Darrick J. Wong" <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>1 parent 2aec967 commit eccc2df
1 file changed
Lines changed: 8 additions & 4 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1316 | 1316 | | |
1317 | 1317 | | |
1318 | 1318 | | |
1319 | | - | |
| 1319 | + | |
| 1320 | + | |
1320 | 1321 | | |
1321 | 1322 | | |
1322 | 1323 | | |
| |||
1337 | 1338 | | |
1338 | 1339 | | |
1339 | 1340 | | |
1340 | | - | |
1341 | | - | |
| 1341 | + | |
| 1342 | + | |
| 1343 | + | |
| 1344 | + | |
1342 | 1345 | | |
1343 | 1346 | | |
| 1347 | + | |
| 1348 | + | |
1344 | 1349 | | |
1345 | 1350 | | |
1346 | | - | |
1347 | 1351 | | |
1348 | 1352 | | |
1349 | 1353 | | |
| |||
0 commit comments