Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
kernel/acct.c: fix locking order when switching acct files
This looks like an old bug, pre-dating the "Fixes" commit, but the "Fixes" commit did not handle it properly. The bug recently surfaced as a lockdep possible deadlock warning with commit d1d04ef ("ovl: stack file ops"). When acct_on() replaces one acct file with another, it takes sb_writers lock on new file sb and calls acct_pin_kill(old) before releasing the sb_writers lock. If new file is on the same fs as old file, acct_pin_kill(old) fail to file_start_write_trylock() and skip writing the old file, because sb_writers (of new) is already taken by acct_on(). If new file is not on same fs as old file, this ordering violation creates an unneeded dependency between new sb_writers and old sb_writers, which may later be reported as possible deadlock. This could result in an actual deadlock if acct file is replaced from an old file in overlayfs over "real fs" to a new file in "real fs". acct_on() takes freeze protection on "real fs" and tries to write to overlayfs file. overlayfs is not freeze protected so do_acct_process() can carry on with __kernel_write() to overlayfs file, which would try to take freeze protection on "real fs" and deadlock. Reproducer of lockdep possible deadlock warning: ./run --ov -s # unionmount-testsuite touch /mnt/x /upper/y accton /mnt/x accton /upper/y ====================================================== WARNING: possible circular locking dependency detected 4.19.0-rc1-xfstests #3424 Not tainted ------------------------------------------------------ accton/1390 is trying to acquire lock: 00000000e0585aa5 (&acct->lock#2){+.+.}, at: acct_pin_kill+0x1b/0x76 but task is already holding lock: 000000003692505a (sb_writers#6){.+.+}, at: mnt_want_write+0x1d/0x42 Reported-by: syzbot+695726bc473f9c36a4b6@syzkaller.appspotmail.com Fixes: 59eda0e ("new fs_pin killing logics") Signed-off-by: Amir Goldstein <amir73il@gmail.com>
- Loading branch information