tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

f2fs: fix potential hangtask in f2fs_trace_pid

As Jia-Ju Bai reported:

"According to fs/f2fs/trace.c, the kernel module may sleep under a spinlock.
The function call path is:
f2fs_trace_pid (acquire the spinlock)
f2fs_radix_tree_insert
cond_resched --> may sleep

I do not find a good way to fix it, so I only report.
This possible bug is found by my static analysis tool (DSAC) and my code
review."

Obviously, it's problemetic to schedule in critical region of spinlock,
which will cause uninterruptable sleep if there is no waker.

This patch changes to use mutex lock intead of spinlock to avoid this
condition.

Reported-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>

authored by

Chao Yu and committed by
Jaegeuk Kim 4635b46a c376fc0f

+6 -6
+6 -6
fs/f2fs/trace.c
··· 17 17 #include "trace.h" 18 18 19 19 static RADIX_TREE(pids, GFP_ATOMIC); 20 - static spinlock_t pids_lock; 20 + static struct mutex pids_lock; 21 21 static struct last_io_info last_io; 22 22 23 23 static inline void __print_last_io(void) ··· 64 64 if (radix_tree_preload(GFP_NOFS)) 65 65 return; 66 66 67 - spin_lock(&pids_lock); 67 + mutex_lock(&pids_lock); 68 68 p = radix_tree_lookup(&pids, pid); 69 69 if (p == current) 70 70 goto out; ··· 77 77 MAJOR(inode->i_sb->s_dev), MINOR(inode->i_sb->s_dev), 78 78 pid, current->comm); 79 79 out: 80 - spin_unlock(&pids_lock); 80 + mutex_unlock(&pids_lock); 81 81 radix_tree_preload_end(); 82 82 } 83 83 ··· 122 122 123 123 void f2fs_build_trace_ios(void) 124 124 { 125 - spin_lock_init(&pids_lock); 125 + mutex_init(&pids_lock); 126 126 } 127 127 128 128 #define PIDVEC_SIZE 128 ··· 150 150 pid_t next_pid = 0; 151 151 unsigned int found; 152 152 153 - spin_lock(&pids_lock); 153 + mutex_lock(&pids_lock); 154 154 while ((found = gang_lookup_pids(pid, next_pid, PIDVEC_SIZE))) { 155 155 unsigned idx; 156 156 ··· 158 158 for (idx = 0; idx < found; idx++) 159 159 radix_tree_delete(&pids, pid[idx]); 160 160 } 161 - spin_unlock(&pids_lock); 161 + mutex_unlock(&pids_lock); 162 162 }