linux-brain/fs/9p
Hou Tao be0b155c2b 9p: use inode->i_lock to protect i_size_write() under 32-bit
commit 5e3cc1ee14 upstream.

Use inode->i_lock to protect i_size_write(), else i_size_read() in
generic_fillattr() may loop infinitely in read_seqcount_begin() when
multiple processes invoke v9fs_vfs_getattr() or v9fs_vfs_getattr_dotl()
simultaneously under 32-bit SMP environment, and a soft lockup will be
triggered as show below:

  watchdog: BUG: soft lockup - CPU#5 stuck for 22s! [stat:2217]
  Modules linked in:
  CPU: 5 PID: 2217 Comm: stat Not tainted 5.0.0-rc1-00005-g7f702faf5a9e #4
  Hardware name: Generic DT based system
  PC is at generic_fillattr+0x104/0x108
  LR is at 0xec497f00
  pc : [<802b8898>]    lr : [<ec497f00>]    psr: 200c0013
  sp : ec497e20  ip : ed608030  fp : ec497e3c
  r10: 00000000  r9 : ec497f00  r8 : ed608030
  r7 : ec497ebc  r6 : ec497f00  r5 : ee5c1550  r4 : ee005780
  r3 : 0000052d  r2 : 00000000  r1 : ec497f00  r0 : ed608030
  Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
  Control: 10c5387d  Table: ac48006a  DAC: 00000051
  CPU: 5 PID: 2217 Comm: stat Not tainted 5.0.0-rc1-00005-g7f702faf5a9e #4
  Hardware name: Generic DT based system
  Backtrace:
  [<8010d974>] (dump_backtrace) from [<8010dc88>] (show_stack+0x20/0x24)
  [<8010dc68>] (show_stack) from [<80a1d194>] (dump_stack+0xb0/0xdc)
  [<80a1d0e4>] (dump_stack) from [<80109f34>] (show_regs+0x1c/0x20)
  [<80109f18>] (show_regs) from [<801d0a80>] (watchdog_timer_fn+0x280/0x2f8)
  [<801d0800>] (watchdog_timer_fn) from [<80198658>] (__hrtimer_run_queues+0x18c/0x380)
  [<801984cc>] (__hrtimer_run_queues) from [<80198e60>] (hrtimer_run_queues+0xb8/0xf0)
  [<80198da8>] (hrtimer_run_queues) from [<801973e8>] (run_local_timers+0x28/0x64)
  [<801973c0>] (run_local_timers) from [<80197460>] (update_process_times+0x3c/0x6c)
  [<80197424>] (update_process_times) from [<801ab2b8>] (tick_nohz_handler+0xe0/0x1bc)
  [<801ab1d8>] (tick_nohz_handler) from [<80843050>] (arch_timer_handler_virt+0x38/0x48)
  [<80843018>] (arch_timer_handler_virt) from [<80180a64>] (handle_percpu_devid_irq+0x8c/0x240)
  [<801809d8>] (handle_percpu_devid_irq) from [<8017ac20>] (generic_handle_irq+0x34/0x44)
  [<8017abec>] (generic_handle_irq) from [<8017b344>] (__handle_domain_irq+0x6c/0xc4)
  [<8017b2d8>] (__handle_domain_irq) from [<801022e0>] (gic_handle_irq+0x4c/0x88)
  [<80102294>] (gic_handle_irq) from [<80101a30>] (__irq_svc+0x70/0x98)
  [<802b8794>] (generic_fillattr) from [<8056b284>] (v9fs_vfs_getattr_dotl+0x74/0xa4)
  [<8056b210>] (v9fs_vfs_getattr_dotl) from [<802b8904>] (vfs_getattr_nosec+0x68/0x7c)
  [<802b889c>] (vfs_getattr_nosec) from [<802b895c>] (vfs_getattr+0x44/0x48)
  [<802b8918>] (vfs_getattr) from [<802b8a74>] (vfs_statx+0x9c/0xec)
  [<802b89d8>] (vfs_statx) from [<802b9428>] (sys_lstat64+0x48/0x78)
  [<802b93e0>] (sys_lstat64) from [<80101000>] (ret_fast_syscall+0x0/0x28)

[dominique.martinet@cea.fr: updated comment to not refer to a function
in another subsystem]
Link: http://lkml.kernel.org/r/20190124063514.8571-2-houtao1@huawei.com
Cc: stable@vger.kernel.org
Fixes: 7549ae3e81 ("9p: Use the i_size_[read, write]() macros instead of using inode->i_size directly.")
Reported-by: Xing Gaopeng <xingaopeng@huawei.com>
Signed-off-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-03-23 14:35:09 +01:00
..
acl.c 9p: fix a potential acl leak 2017-02-22 16:41:27 -08:00
acl.h 9p: switch v9fs_set_create_acl() to inode+fid, do it before d_instantiate() 2013-02-26 02:46:07 -05:00
cache.c fscache: remove unused ->now_uncached callback 2017-09-06 17:27:26 -07:00
cache.h fs: 9p: cache.h: Add #define of include guard 2015-11-11 02:19:50 -05:00
fid.c 9p: constify ->d_name handling 2017-01-12 04:01:17 -05:00
fid.h 9p: use clone_fid() 2016-08-03 11:12:12 -04:00
Kconfig fs/9p: xattr: add trusted and security namespaces 2013-07-07 22:02:18 -05:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
v9fs_vfs.h 9p: use inode->i_lock to protect i_size_write() under 32-bit 2019-03-23 14:35:09 +01:00
v9fs.c 9p: Implement show_options 2017-07-11 06:08:58 -04:00
v9fs.h 9p: Implement show_options 2017-07-11 06:08:58 -04:00
vfs_addr.c 9p: set page uptodate when required in write_end() 2017-10-11 09:30:08 -07:00
vfs_dentry.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
vfs_dir.c v9fs_dir_readdir: fix double-free on p9stat_read error 2018-12-01 09:42:50 +01:00
vfs_file.c 9p: use inode->i_lock to protect i_size_write() under 32-bit 2019-03-23 14:35:09 +01:00
vfs_inode_dotl.c 9p: use inode->i_lock to protect i_size_write() under 32-bit 2019-03-23 14:35:09 +01:00
vfs_inode.c 9p: use inode->i_lock to protect i_size_write() under 32-bit 2019-03-23 14:35:09 +01:00
vfs_super.c 9p: use inode->i_lock to protect i_size_write() under 32-bit 2019-03-23 14:35:09 +01:00
xattr.c fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed 2018-09-09 19:55:55 +02:00
xattr.h 9p: xattr simplifications 2015-11-13 20:34:33 -05:00