lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 15 Oct 2021 16:02:16 +0800
From:   Zqiang <qiang.zhang1211@...il.com>
To:     willy@...radead.org, hch@...radead.org, akpm@...ux-foundation.org,
        sunhao.th@...il.com
Cc:     linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        Zqiang <qiang.zhang1211@...il.com>
Subject: [PATCH] fs: inode: use queue_rcu_work() instead of call_rcu()

Call Trace:
 <IRQ>
 __init_work+0x2d/0x50 kernel/workqueue.c:519
 synchronize_rcu_expedited+0x3af/0x650 kernel/rcu/tree_exp.h:847
 bdi_remove_from_list mm/backing-dev.c:938 [inline]
 bdi_unregister+0x17f/0x5c0 mm/backing-dev.c:946
 release_bdi+0xa1/0xc0 mm/backing-dev.c:968
 kref_put include/linux/kref.h:65 [inline]
 bdi_put+0x72/0xa0 mm/backing-dev.c:976
 bdev_free_inode+0x11e/0x220 block/bdev.c:408
 i_callback+0x3f/0x70 fs/inode.c:226
 rcu_do_batch kernel/rcu/tree.c:2508 [inline]
 rcu_core+0x76d/0x16c0 kernel/rcu/tree.c:2743
 __do_softirq+0x1d7/0x93b kernel/softirq.c:558
 invoke_softirq kernel/softirq.c:432 [inline]
 __irq_exit_rcu kernel/softirq.c:636 [inline]
 irq_exit_rcu+0xf2/0x130 kernel/softirq.c:648
 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097

The bdi_put() be called in RCU softirq, however the
synchronize_rcu_expedited() and flush_delayed_work() that be called
when wb shutdown, will trigger sleep action, use queue_rcu_work()
instead of call_rcu(), the release operation be executed in task context.

Reported-by: Hao Sun <sunhao.th@...il.com>
Signed-off-by: Zqiang <qiang.zhang1211@...il.com>
---
 fs/inode.c         | 9 +++++----
 include/linux/fs.h | 2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/fs/inode.c b/fs/inode.c
index a49695f57e1e..300beb19aed6 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -219,9 +219,9 @@ void free_inode_nonrcu(struct inode *inode)
 }
 EXPORT_SYMBOL(free_inode_nonrcu);
 
-static void i_callback(struct rcu_head *head)
+static void i_callback(struct work_struct *work)
 {
-	struct inode *inode = container_of(head, struct inode, i_rcu);
+	struct inode *inode = container_of(to_rcu_work(work), struct inode, rwork);
 	if (inode->free_inode)
 		inode->free_inode(inode);
 	else
@@ -248,7 +248,7 @@ static struct inode *alloc_inode(struct super_block *sb)
 				return NULL;
 		}
 		inode->free_inode = ops->free_inode;
-		i_callback(&inode->i_rcu);
+		i_callback(&inode->rwork.work);
 		return NULL;
 	}
 
@@ -289,7 +289,8 @@ static void destroy_inode(struct inode *inode)
 			return;
 	}
 	inode->free_inode = ops->free_inode;
-	call_rcu(&inode->i_rcu, i_callback);
+	INIT_RCU_WORK(&inode->rwork, i_callback);
+	queue_rcu_work(system_wq, &inode->rwork);
 }
 
 /**
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 8903a95611a2..006d769791a8 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -686,7 +686,7 @@ struct inode {
 	struct list_head	i_wb_list;	/* backing dev writeback list */
 	union {
 		struct hlist_head	i_dentry;
-		struct rcu_head		i_rcu;
+		struct rcu_work         rwork;
 	};
 	atomic64_t		i_version;
 	atomic64_t		i_sequence; /* see futex */
-- 
2.17.1

Powered by blists - more mailing lists