| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <tencent_D1BC2D0D6C889484EB5AEC9ECC9C78766C0A@qq.com>
Date: Mon, 10 Nov 2025 22:50:44 +0800
From: Edward Adam Davis <eadavis@...com>
To: syzbot+08df3e4c9b304b37cb04@...kaller.appspotmail.com
Cc: linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [block?] general protection fault in rtlock_slowlock_locked
#syz test
diff --git a/fs/jfs/jfs_lock.h b/fs/jfs/jfs_lock.h
index feb37dd9debf..6aa5ff62ca7c 100644
--- a/fs/jfs/jfs_lock.h
+++ b/fs/jfs/jfs_lock.h
@@ -19,7 +19,7 @@
*
* lock_cmd and unlock_cmd take and release the spinlock
*/
-#define __SLEEP_COND(wq, cond, lock_cmd, unlock_cmd) \
+#define __SLEEP_COND(wq, cond, lock_cmd, unlock_cmd, idle) \
do { \
DECLARE_WAITQUEUE(__wait, current); \
\
@@ -29,7 +29,10 @@ do { \
if (cond) \
break; \
unlock_cmd; \
- io_schedule(); \
+ if (idle) \
+ schedule_timeout_idle(HZ); \
+ else \
+ io_schedule(); \
lock_cmd; \
} \
__set_current_state(TASK_RUNNING); \
diff --git a/fs/jfs/jfs_logmgr.c b/fs/jfs/jfs_logmgr.c
index b343c5ea1159..e70bde3b7f40 100644
--- a/fs/jfs/jfs_logmgr.c
+++ b/fs/jfs/jfs_logmgr.c
@@ -113,11 +113,11 @@ static DEFINE_SPINLOCK(jfsLCacheLock);
/*
* See __SLEEP_COND in jfs_locks.h
*/
-#define LCACHE_SLEEP_COND(wq, cond, flags) \
+#define LCACHE_SLEEP_COND(wq, cond, flags, idle) \
do { \
if (cond) \
break; \
- __SLEEP_COND(wq, cond, LCACHE_LOCK(flags), LCACHE_UNLOCK(flags)); \
+ __SLEEP_COND(wq, cond, LCACHE_LOCK(flags), LCACHE_UNLOCK(flags), idle); \
} while (0)
#define LCACHE_WAKEUP(event) wake_up(event)
@@ -711,7 +711,7 @@ int lmGroupCommit(struct jfs_log * log, struct tblock * tblk)
tblk->flag |= tblkGC_READY;
__SLEEP_COND(tblk->gcwait, (tblk->flag & tblkGC_COMMITTED),
- LOGGC_LOCK(log), LOGGC_UNLOCK(log));
+ LOGGC_LOCK(log), LOGGC_UNLOCK(log), 0);
/* removed from commit queue */
if (tblk->flag & tblkGC_ERROR)
@@ -1860,6 +1860,7 @@ static void lbmLogShutdown(struct jfs_log * log)
lbuf = log->lbuf_free;
while (lbuf) {
struct lbuf *next = lbuf->l_freelist;
+ lbmIOWait(lbuf, 0);
__free_page(lbuf->l_page);
kfree(lbuf);
lbuf = next;
@@ -1881,7 +1882,7 @@ static struct lbuf *lbmAllocate(struct jfs_log * log, int pn)
* recycle from log buffer freelist if any
*/
LCACHE_LOCK(flags);
- LCACHE_SLEEP_COND(log->free_wait, (bp = log->lbuf_free), flags);
+ LCACHE_SLEEP_COND(log->free_wait, (bp = log->lbuf_free), flags, 0);
log->lbuf_free = bp->l_freelist;
LCACHE_UNLOCK(flags);
@@ -2148,7 +2149,8 @@ static int lbmIOWait(struct lbuf * bp, int flag)
LCACHE_LOCK(flags); /* disable+lock */
- LCACHE_SLEEP_COND(bp->l_ioevent, (bp->l_flag & lbmDONE), flags);
+ LCACHE_SLEEP_COND(bp->l_ioevent, (bp->l_flag & lbmDONE), flags,
+ bp->l_flag & (lbmWRITE | lbmSYNC | lbmDIRECT));
rc = (bp->l_flag & lbmERROR) ? -EIO : 0;
Powered by blists - more mailing lists