ocfs2: fix deadlock issue when taking inode lock at vfs entry points

Commit 743b5f1434f5 ("ocfs2: take inode lock in ocfs2_iop_set/get_acl()") results in a deadlock, as the author "Tariq Saeed" realized shortly after the patch was merged. The discussion happened here https://oss.oracle.com/pipermail/ocfs2-devel/2015-September/011085.html The reason why taking cluster inode lock at vfs entry points opens up a self deadlock window, is explained in the previous patch of this series. So far, we have seen two different code paths that have this issue. 1. do_sys_open may_open inode_permission ocfs2_permission ocfs2_inode_lock() <=== take PR generic_permission get_acl ocfs2_iop_get_acl ocfs2_inode_lock() <=== take PR 2. fchmod|fchmodat chmod_common notify_change ocfs2_setattr <=== take EX posix_acl_chmod get_acl ocfs2_iop_get_acl <=== take PR ocfs2_iop_set_acl <=== take EX Fixes them by adding the tracking logic (in the previous patch) for these funcs above, ocfs2_permission(), ocfs2_iop_[set|get]_acl(), ocfs2_setattr(). Link: http://lkml.kernel.org/r/20170117100948.11657-3-zren@suse.com Signed-off-by: Eric Ren <zren@suse.com> Reviewed-by: Junxiao Bi <junxiao.bi@oracle.com> Reviewed-by: Joseph Qi <jiangqi903@gmail.com> Cc: Mark Fasheh <mfasheh@versity.com> Cc: Joel Becker <jlbec@evilplan.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Eric Ren <zren@suse.com> 2017-02-22 18:40:44 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2017-02-22 19:41:27 -0500
commit: b891fa5024a95c77e0d6fd6655cb74af6fb77f46 (patch)
tree: e2d441eb65792f70e2f156f771c4e33949a8731e /fs/ocfs2/file.c
parent: 439a36b8ef38657f765b80b775e2885338d72451 (diff)
1 files changed, 45 insertions, 13 deletions
diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c
index c4889655d32b..7b6a146327d7 100644
--- a/fs/ocfs2/file.c
+++ b/fs/ocfs2/file.c
@@ -1138,6 +1138,8 @@ int ocfs2_setattr(struct dentry *dentry, struct iattr *attr)
        handle_t *handle = NULL;
        struct dquot *transfer_to[MAXQUOTAS] = { };
        int qtype;
+        int had_lock;
+        struct ocfs2_lock_holder oh;
        trace_ocfs2_setattr(inode, dentry,
                            (unsigned long long)OCFS2_I(inode)->ip_blkno,
@@ -1173,11 +1175,30 @@ int ocfs2_setattr(struct dentry *dentry, struct iattr *attr)
                }
        }
-        status = ocfs2_inode_lock(inode, &bh, 1);
+        had_lock = ocfs2_inode_lock_tracker(inode, &bh, 1, &oh);
-        if (status < 0) {
+        if (had_lock < 0) {
-                if (status != -ENOENT)
+                status = had_lock;
-                        mlog_errno(status);
                goto bail_unlock_rw;
+        } else if (had_lock) {
+                /*
+                 * As far as we know, ocfs2_setattr() could only be the first
+                 * VFS entry point in the call chain of recursive cluster
+                 * locking issue.
+                 *
+                 * For instance:
+                 * chmod_common()
+                 *  notify_change()
+                 *   ocfs2_setattr()
+                 *    posix_acl_chmod()
+                 *     ocfs2_iop_get_acl()
+                 *
+                 * But, we're not 100% sure if it's always true, because the
+                 * ordering of the VFS entry points in the call chain is out
+                 * of our control. So, we'd better dump the stack here to
+                 * catch the other cases of recursive locking.
+                 */
+                mlog(ML_ERROR, "Another case of recursive locking:\n");
+                dump_stack();
        }
        inode_locked = 1;
@@ -1260,8 +1281,8 @@ int ocfs2_setattr(struct dentry *dentry, struct iattr *attr)
 bail_commit:
        ocfs2_commit_trans(osb, handle);
 bail_unlock:
-        if (status) {
+        if (status && inode_locked) {
-                ocfs2_inode_unlock(inode, 1);
+                ocfs2_inode_unlock_tracker(inode, 1, &oh, had_lock);
                inode_locked = 0;
        }
 bail_unlock_rw:
@@ -1279,7 +1300,7 @@ bail:
                        mlog_errno(status);
        }
        if (inode_locked)
-                ocfs2_inode_unlock(inode, 1);
+                ocfs2_inode_unlock_tracker(inode, 1, &oh, had_lock);
        brelse(bh);
        return status;
@@ -1320,21 +1341,32 @@ bail:
 int ocfs2_permission(struct inode *inode, int mask)
 {
-        int ret;
+        int ret, had_lock;
+        struct ocfs2_lock_holder oh;
        if (mask & MAY_NOT_BLOCK)
                return -ECHILD;
-        ret = ocfs2_inode_lock(inode, NULL, 0);
+        had_lock = ocfs2_inode_lock_tracker(inode, NULL, 0, &oh);
-        if (ret) {
+        if (had_lock < 0) {
-                if (ret != -ENOENT)
+                ret = had_lock;
-                        mlog_errno(ret);
                goto out;
+        } else if (had_lock) {
+                /* See comments in ocfs2_setattr() for details.
+                 * The call chain of this case could be:
+                 * do_sys_open()
+                 *  may_open()
+                 *   inode_permission()
+                 *    ocfs2_permission()
+                 *     ocfs2_iop_get_acl()
+                 */
+                mlog(ML_ERROR, "Another case of recursive locking:\n");
+                dump_stack();
        }
        ret = generic_permission(inode, mask);
-        ocfs2_inode_unlock(inode, 0);
+        ocfs2_inode_unlock_tracker(inode, 0, &oh, had_lock);
 out:
        return ret;
 }
author	Eric Ren <zren@suse.com>	2017-02-22 18:40:44 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2017-02-22 19:41:27 -0500
commit	b891fa5024a95c77e0d6fd6655cb74af6fb77f46 (patch)
tree	e2d441eb65792f70e2f156f771c4e33949a8731e /fs/ocfs2/file.c
parent	439a36b8ef38657f765b80b775e2885338d72451 (diff)