lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <FB6D02AD-62D8-4D29-81DF-B8BF81BD5FAC@dilger.ca>
Date:   Wed, 12 Oct 2016 16:58:35 -0600
From:   Andreas Dilger <adilger@...ger.ca>
To:     Taesoo Kim <tsgatesv@...il.com>, Theodore Ts'o <tytso@....edu>
Cc:     Ext4 Developers List <linux-ext4@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>, taesoo@...ech.edu,
        changwoo@...ech.edu, sanidhya@...ech.edu, blee@...ech.edu,
        csong84@...ech.edu, stable@...r.kernel.org,
        "Faccini, Bruno" <bruno.faccini@...el.com>
Subject: Re: [PATCH 1/1] jbd2: fix incorrect unlock on j_list_lock

On Mar 17, 2015, at 8:08 PM, Taesoo Kim <tsgatesv@...il.com> wrote:
> 
> When 'jh->b_transaction == transaction' (asserted by below)
> 
>         J_ASSERT_JH(jh, (jh->b_transaction == transaction || ...
> 
> 'journal->j_list_lock' will be incorrectly unlocked, since
> spin_lock() is called only in the 'if' and 'else-if' blocks but
> not in the missing 'else' case, which results in a hang or an oops:
> 
>     ------------[ cut here ]------------
>     kernel BUG at fs/jbd2/transaction.c:2239!
>     invalid opcode: 0000 [#1] SMP
>     RIP: 0010: __jbd2_journal_file_buffer+0x206/0x220 [jbd2]
>     Call Trace:
>     do_get_write_access+0x33c/0x4e0 [jbd2]
>     jbd2_journal_get_write_access+0x27/0x40 [jbd2]
>     __ext4_journal_get_write_access+0x3b/0x80 [ext4]
>     ext4_delete_entry+0xa9/0x1a0 [ext4]
>     ext4_unlink+0x600/0xa90 [ext4]
> 
> which is assert_spin_locked(&transaction->t_journal->j_list_lock).
> 
> Move spin_unlock() into the two cases where it is actually locked.
> 
> Signed-off-by: Taesoo Kim <tsgatesv@...il.com>

We've hit this repeatedly on kernels with commit v3.14-rc2-30-g6e4862a
"jbd2: minimize region locked by j_list_lock in journal_get_create_access"
under heavy load and this patch has fixed the problem.

It should also be considered for stable kernels after 3.14.

[I've updated the above commit message slightly to give more details.]

Reviewed-by: Andreas Dilger <adilger@...ger.ca>

> ---
> fs/jbd2/transaction.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c
> index 5f09370..edb7f59 100644
> --- a/fs/jbd2/transaction.c
> +++ b/fs/jbd2/transaction.c
> @@ -1091,6 +1091,7 @@ int jbd2_journal_get_create_access(handle_t
>  		JBUFFER_TRACE(jh, "file as BJ_Reserved");
>  		spin_lock(&journal->j_list_lock);
>  		__jbd2_journal_file_buffer(jh, transaction, BJ_Reserved);
> +		spin_unlock(&journal->j_list_lock);
>  	} else if (jh->b_transaction == journal->j_committing_transaction) {
>  		/* first access by this transaction */
>  		jh->b_modified = 0;
> @@ -1098,8 +1099,8 @@ int jbd2_journal_get_create_access(handle_t
>  		JBUFFER_TRACE(jh, "set next transaction");
>  		spin_lock(&journal->j_list_lock);
>  		jh->b_next_transaction = transaction;
> +		spin_unlock(&journal->j_list_lock);
>  	}
> -	spin_unlock(&journal->j_list_lock);
>  	jbd_unlock_bh_state(bh);
> 
>  	/*
> --
> 2.3.3


Cheers, Andreas






Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ