Wojciech Gładysz e789b7fdd7 ext4: nested locking for xattr inode ... [ Upstream commit d1bc560e9a9c78d0b2314692847fc8661e0aeb99 ] Add nested locking with I_MUTEX_XATTR subclass to avoid lockdep warning while handling xattr inode on file open syscall at ext4_xattr_inode_iget. Backtrace EXT4-fs (loop0): Ignoring removed oldalloc option ====================================================== WARNING: possible circular locking dependency detected 5.10.0-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor543/2794 is trying to acquire lock: ffff8880215e1a48 (&ea_inode->i_rwsem#7/1){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:782 [inline] ffff8880215e1a48 (&ea_inode->i_rwsem#7/1){+.+.}-{3:3}, at: ext4_xattr_inode_iget+0x42a/0x5c0 fs/ext4/xattr.c:425 but task is already holding lock: ffff8880215e3278 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_setattr+0x136d/0x19c0 fs/ext4/inode.c:5559 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&ei->i_data_sem/3){++++}-{3:3}: lock_acquire+0x197/0x480 kernel/locking/lockdep.c:5566 down_write+0x93/0x180 kernel/locking/rwsem.c:1564 ext4_update_i_disksize fs/ext4/ext4.h:3267 [inline] ext4_xattr_inode_write fs/ext4/xattr.c:1390 [inline] ext4_xattr_inode_lookup_create fs/ext4/xattr.c:1538 [inline] ext4_xattr_set_entry+0x331a/0x3d80 fs/ext4/xattr.c:1662 ext4_xattr_ibody_set+0x124/0x390 fs/ext4/xattr.c:2228 ext4_xattr_set_handle+0xc27/0x14e0 fs/ext4/xattr.c:2385 ext4_xattr_set+0x219/0x390 fs/ext4/xattr.c:2498 ext4_xattr_user_set+0xc9/0xf0 fs/ext4/xattr_user.c:40 __vfs_setxattr+0x404/0x450 fs/xattr.c:177 __vfs_setxattr_noperm+0x11d/0x4f0 fs/xattr.c:208 __vfs_setxattr_locked+0x1f9/0x210 fs/xattr.c:266 vfs_setxattr+0x112/0x2c0 fs/xattr.c:283 setxattr+0x1db/0x3e0 fs/xattr.c:548 path_setxattr+0x15a/0x240 fs/xattr.c:567 __do_sys_setxattr fs/xattr.c:582 [inline] __se_sys_setxattr fs/xattr.c:578 [inline] __x64_sys_setxattr+0xc5/0xe0 fs/xattr.c:578 do_syscall_64+0x6d/0xa0 arch/x86/entry/common.c:62 entry_SYSCALL_64_after_hwframe+0x61/0xcb -> #0 (&ea_inode->i_rwsem#7/1){+.+.}-{3:3}: check_prev_add kernel/locking/lockdep.c:2988 [inline] check_prevs_add kernel/locking/lockdep.c:3113 [inline] validate_chain+0x1695/0x58f0 kernel/locking/lockdep.c:3729 __lock_acquire+0x12fd/0x20d0 kernel/locking/lockdep.c:4955 lock_acquire+0x197/0x480 kernel/locking/lockdep.c:5566 down_write+0x93/0x180 kernel/locking/rwsem.c:1564 inode_lock include/linux/fs.h:782 [inline] ext4_xattr_inode_iget+0x42a/0x5c0 fs/ext4/xattr.c:425 ext4_xattr_inode_get+0x138/0x410 fs/ext4/xattr.c:485 ext4_xattr_move_to_block fs/ext4/xattr.c:2580 [inline] ext4_xattr_make_inode_space fs/ext4/xattr.c:2682 [inline] ext4_expand_extra_isize_ea+0xe70/0x1bb0 fs/ext4/xattr.c:2774 __ext4_expand_extra_isize+0x304/0x3f0 fs/ext4/inode.c:5898 ext4_try_to_expand_extra_isize fs/ext4/inode.c:5941 [inline] __ext4_mark_inode_dirty+0x591/0x810 fs/ext4/inode.c:6018 ext4_setattr+0x1400/0x19c0 fs/ext4/inode.c:5562 notify_change+0xbb6/0xe60 fs/attr.c:435 do_truncate+0x1de/0x2c0 fs/open.c:64 handle_truncate fs/namei.c:2970 [inline] do_open fs/namei.c:3311 [inline] path_openat+0x29f3/0x3290 fs/namei.c:3425 do_filp_open+0x20b/0x450 fs/namei.c:3452 do_sys_openat2+0x124/0x460 fs/open.c:1207 do_sys_open fs/open.c:1223 [inline] __do_sys_open fs/open.c:1231 [inline] __se_sys_open fs/open.c:1227 [inline] __x64_sys_open+0x221/0x270 fs/open.c:1227 do_syscall_64+0x6d/0xa0 arch/x86/entry/common.c:62 entry_SYSCALL_64_after_hwframe+0x61/0xcb other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&ei->i_data_sem/3); lock(&ea_inode->i_rwsem#7/1); lock(&ei->i_data_sem/3); lock(&ea_inode->i_rwsem#7/1); *** DEADLOCK *** 5 locks held by syz-executor543/2794: #0: ffff888026fbc448 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x4a/0x2a0 fs/namespace.c:365 #1: ffff8880215e3488 (&sb->s_type->i_mutex_key#7){++++}-{3:3}, at: inode_lock include/linux/fs.h:782 [inline] #1: ffff8880215e3488 (&sb->s_type->i_mutex_key#7){++++}-{3:3}, at: do_truncate+0x1cf/0x2c0 fs/open.c:62 #2: ffff8880215e3310 (&ei->i_mmap_sem){++++}-{3:3}, at: ext4_setattr+0xec4/0x19c0 fs/ext4/inode.c:5519 #3: ffff8880215e3278 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_setattr+0x136d/0x19c0 fs/ext4/inode.c:5559 #4: ffff8880215e30c8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_write_trylock_xattr fs/ext4/xattr.h:162 [inline] #4: ffff8880215e30c8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_try_to_expand_extra_isize fs/ext4/inode.c:5938 [inline] #4: ffff8880215e30c8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x4fb/0x810 fs/ext4/inode.c:6018 stack backtrace: CPU: 1 PID: 2794 Comm: syz-executor543 Not tainted 5.10.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x177/0x211 lib/dump_stack.c:118 print_circular_bug+0x146/0x1b0 kernel/locking/lockdep.c:2002 check_noncircular+0x2cc/0x390 kernel/locking/lockdep.c:2123 check_prev_add kernel/locking/lockdep.c:2988 [inline] check_prevs_add kernel/locking/lockdep.c:3113 [inline] validate_chain+0x1695/0x58f0 kernel/locking/lockdep.c:3729 __lock_acquire+0x12fd/0x20d0 kernel/locking/lockdep.c:4955 lock_acquire+0x197/0x480 kernel/locking/lockdep.c:5566 down_write+0x93/0x180 kernel/locking/rwsem.c:1564 inode_lock include/linux/fs.h:782 [inline] ext4_xattr_inode_iget+0x42a/0x5c0 fs/ext4/xattr.c:425 ext4_xattr_inode_get+0x138/0x410 fs/ext4/xattr.c:485 ext4_xattr_move_to_block fs/ext4/xattr.c:2580 [inline] ext4_xattr_make_inode_space fs/ext4/xattr.c:2682 [inline] ext4_expand_extra_isize_ea+0xe70/0x1bb0 fs/ext4/xattr.c:2774 __ext4_expand_extra_isize+0x304/0x3f0 fs/ext4/inode.c:5898 ext4_try_to_expand_extra_isize fs/ext4/inode.c:5941 [inline] __ext4_mark_inode_dirty+0x591/0x810 fs/ext4/inode.c:6018 ext4_setattr+0x1400/0x19c0 fs/ext4/inode.c:5562 notify_change+0xbb6/0xe60 fs/attr.c:435 do_truncate+0x1de/0x2c0 fs/open.c:64 handle_truncate fs/namei.c:2970 [inline] do_open fs/namei.c:3311 [inline] path_openat+0x29f3/0x3290 fs/namei.c:3425 do_filp_open+0x20b/0x450 fs/namei.c:3452 do_sys_openat2+0x124/0x460 fs/open.c:1207 do_sys_open fs/open.c:1223 [inline] __do_sys_open fs/open.c:1231 [inline] __se_sys_open fs/open.c:1227 [inline] __x64_sys_open+0x221/0x270 fs/open.c:1227 do_syscall_64+0x6d/0xa0 arch/x86/entry/common.c:62 entry_SYSCALL_64_after_hwframe+0x61/0xcb RIP: 0033:0x7f0cde4ea229 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffd81d1c978 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 0030656c69662f30 RCX: 00007f0cde4ea229 RDX: 0000000000000089 RSI: 00000000000a0a00 RDI: 00000000200001c0 RBP: 2f30656c69662f2e R08: 0000000000208000 R09: 0000000000208000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd81d1c9c0 R13: 00007ffd81d1ca00 R14: 0000000000080000 R15: 0000000000000003 EXT4-fs error (device loop0): ext4_expand_extra_isize_ea:2730: inode #13: comm syz-executor543: corrupted in-inode xattr Signed-off-by: Wojciech Gładysz <wojciech.gladysz@infogain.com> Link: https://patch.msgid.link/20240801143827.19135-1-wojciech.gladysz@infogain.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Sasha Levin <sashal@kernel.org>		2024-10-17 15:24:16 +02:00
..
.kunitconfig	ext4: add .kunitconfig fragment to enable ext4-specific tests	2021-02-11 23:16:30 -05:00
Kconfig	fs: add CONFIG_BUFFER_HEAD	2023-08-02 09:13:09 -06:00
Makefile	ext4: move ext4 crypto code to its own file crypto.c	2022-05-21 22:24:24 -04:00
acl.c	ext4: convert to ctime accessor functions	2023-07-24 10:29:54 +02:00
acl.h	ext4: apply umask if ACL support is disabled	2023-11-28 17:20:15 +00:00
balloc.c	ext4: add correct group descriptors and reserved GDT blocks to system zone	2023-08-27 11:27:12 -04:00
bitmap.c	ext4: remove useless conditional branch code	2023-04-19 23:39:08 -04:00
block_validity.c	ext4: add correct group descriptors and reserved GDT blocks to system zone	2023-08-27 11:27:12 -04:00
crypto.c	ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup}	2023-08-05 08:17:56 -04:00
dir.c	ext4: correct encrypted dentry name hash when not casefolded	2024-10-10 11:57:46 +02:00
ext4.h	quota: Properly annotate i_dquot arrays with __rcu	2024-03-26 18:19:46 -04:00
ext4_extents.h	ext4: fix sparse warnings	2021-08-30 23:36:50 -04:00
ext4_jbd2.c	Many ext4 and jbd2 cleanups and bug fixes for v6.6-rc1.	2023-08-31 15:18:15 -07:00
ext4_jbd2.h	ext4: split ext4_journal_start trace for debug	2022-12-01 10:46:54 -05:00
extents.c	ext4: update orig_path in ext4_find_extent()	2024-10-10 11:57:48 +02:00
extents_status.c	ext4: fix infinite loop when replaying fast_commit	2024-08-03 08:53:53 +02:00
extents_status.h	ext4: make ext4_es_insert_extent() return void	2023-06-26 19:35:12 -04:00
fast_commit.c	ext4: use handle to mark fc as ineligible in __track_dentry_update()	2024-10-10 11:57:49 +02:00
fast_commit.h	ext4: add missing validation of fast-commit record lengths	2022-12-08 21:49:24 -05:00
file.c	ext4: dax: fix overflowing extents beyond inode size when partially writing	2024-10-10 11:57:47 +02:00
fsmap.c	ext4: fix another off-by-one fsmap error on 1k block filesystems	2023-03-07 20:20:48 -05:00
fsmap.h	ext4: fsmap: fix the block/inode bitmap comment	2021-06-24 09:48:29 -04:00
fsync.c	ext4: drop EXT4_MF_FS_ABORTED flag	2023-07-29 18:37:53 -04:00
hash.c	ext4: remove redundant checks of s_encoding	2023-08-27 11:27:13 -04:00
ialloc.c	ext4: avoid negative min_clusters in find_group_orlov()	2024-10-04 16:29:20 +02:00
indirect.c	ext4: only update i_reserved_data_blocks on successful block allocation	2023-06-26 19:34:56 -04:00
inline.c	ext4: avoid OOB when system.data xattr changes underneath the filesystem	2024-10-04 16:29:21 +02:00
inode-test.c	ext4: convert to ctime accessor functions	2023-07-24 10:29:54 +02:00
inode.c	ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit()	2024-10-10 11:57:48 +02:00
ioctl.c	Many ext4 and jbd2 cleanups and bug fixes for v6.6-rc1.	2023-08-31 15:18:15 -07:00
mballoc.c	ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard	2024-10-04 16:29:20 +02:00
mballoc.h	ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow	2024-06-16 13:47:44 +02:00
migrate.c	ext4: fix i_data_sem unlock order in ext4_ind_migrate()	2024-10-10 11:57:39 +02:00
mmp.c	ext4: replace read-only check for shutdown check in mmp code	2023-07-29 18:37:53 -04:00
move_extent.c	ext4: update orig_path in ext4_find_extent()	2024-10-10 11:57:48 +02:00
namei.c	ext4: no need to continue when the number of entries is 1	2024-10-10 11:57:46 +02:00
orphan.c	ext4: remove trailing newline from ext4_msg() message	2022-12-08 21:49:23 -05:00
page-io.c	ext4: make ext4_forced_shutdown() take struct super_block	2023-07-29 18:37:24 -04:00
readpage.c	ext4: Call fsverity_verify_folio()	2023-06-15 00:02:10 -04:00
resize.c	ext4: fix corruption during on-line resize	2024-04-03 15:28:28 +02:00
super.c	ext4: don't set SB_RDONLY after filesystem errors	2024-10-17 15:24:15 +02:00
symlink.c	fs: port ->getattr() to pass mnt_idmap	2023-01-19 09:24:25 +01:00
sysfs.c	ext4: avoid ptr null pointer dereference	2024-07-18 13:21:25 +02:00
truncate.h	ext4: Convert to use mapping->invalidate_lock	2021-07-13 14:29:00 +02:00
verity.c	- Nick Piggin's "shoot lazy tlbs" series, to improve the peformance of	2023-04-27 19:42:02 -07:00
xattr.c	ext4: nested locking for xattr inode	2024-10-17 15:24:16 +02:00
xattr.h	ext4: remove EA inode entry from mbcache on inode eviction	2022-08-02 23:56:25 -04:00
xattr_hurd.c	fs: port xattr to mnt_idmap	2023-01-19 09:24:28 +01:00
xattr_security.c	fs: port xattr to mnt_idmap	2023-01-19 09:24:28 +01:00
xattr_trusted.c	fs: port xattr to mnt_idmap	2023-01-19 09:24:28 +01:00
xattr_user.c	fs: port xattr to mnt_idmap	2023-01-19 09:24:28 +01:00