linux-kernel - Re: [f2fs-dev] [PATCH] f2fs: Avoid double lock for cp

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date:   Thu, 23 Apr 2020 21:13:43 +0800
From:   Chao Yu <chao@...nel.org>
To:     Sayali Lokhande <sayalil@...eaurora.org>, jaegeuk@...nel.org,
        yuchao0@...wei.com, linux-f2fs-devel@...ts.sourceforge.net
Cc:     linux-kernel@...r.kernel.org
Subject: Re: [f2fs-dev] [PATCH] f2fs: Avoid double lock for cp_rwsem

Hi Sayali,

On 2020-4-23 18:13, Sayali Lokhande wrote:
> Call stack :
> f2fs_write_checkpoint()
> -> block_operations(sbi)
>     f2fs_lock_all(sbi);
>      down_write(&sbi->cp_rwsem); => write lock held
> <>

It looks the full race condition should be?

						Thread B
						- open()
						 - igrab()
						- write() write inline data
						- unlink()
> -> f2fs_sync_node_pages()
>     if (is_inline_node(page))
>      flush_inline_data()

	ilookup()

> 	page = f2fs_pagecache_get_page()
>          if (!page)
>            goto iput_out;
> 	iput_out:
						- close()
						 - iput()
> 	 iput(inode);
>           -> f2fs_evict_inode()
> 	      f2fs_truncate_blocks()
> 	       f2fs_lock_op()
> 	        down_read(&sbi->cp_rwsem); => read lock fail
>
> Signed-off-by: Sayali Lokhande <sayalil@...eaurora.org>
> ---
>  fs/f2fs/checkpoint.c | 10 ++++------
>  1 file changed, 4 insertions(+), 6 deletions(-)
>
> diff --git a/fs/f2fs/checkpoint.c b/fs/f2fs/checkpoint.c
> index 5ba649e..5c504cf 100644
> --- a/fs/f2fs/checkpoint.c
> +++ b/fs/f2fs/checkpoint.c
> @@ -1219,21 +1219,19 @@ static int block_operations(struct f2fs_sb_info *sbi)
>  		goto retry_flush_quotas;
>  	}
>
> -retry_flush_nodes:
>  	down_write(&sbi->node_write);
>
>  	if (get_pages(sbi, F2FS_DIRTY_NODES)) {
>  		up_write(&sbi->node_write);

Call up_write(&sbi->node_change) here could wake up threads earlier who hang on
this lock, how do you think?

Thanks,

> +		f2fs_unlock_all(sbi);
>  		atomic_inc(&sbi->wb_sync_req[NODE]);
>  		err = f2fs_sync_node_pages(sbi, &wbc, false, FS_CP_NODE_IO);
>  		atomic_dec(&sbi->wb_sync_req[NODE]);
> -		if (err) {
> -			up_write(&sbi->node_change);
> -			f2fs_unlock_all(sbi);
> +		up_write(&sbi->node_change);
> +		if (err)
>  			goto out;
> -		}
>  		cond_resched();
> -		goto retry_flush_nodes;
> +		goto retry_flush_quotas;
>  	}
>
>  	/*
>