| Message ID | 20201002141334.14948-1-eshatokhin@virtuozzo.com |
|---|---|
| State | New |
| Series | "mm/tcache: restore missing rcu_read_lock() in tcache_detach_page()" |
| Headers | show |
diff --git a/mm/tcache.c b/mm/tcache.c index c7c5008fdac8..c40cf5de2dd8 100644 --- a/mm/tcache.c +++ b/mm/tcache.c @@ -853,8 +853,10 @@ static struct page *tcache_detach_page(struct tcache_node *node, pgoff_t index, * in __tcache_page_tree_delete() fails, and * we have to repeat the cycle. */ - if (!page) + if (!page) { + rcu_read_lock(); goto repeat; + } } return page;
On 10/2/20 5:13 PM, Evgenii Shatokhin wrote: > Looks like rcu_read_lock() was lost in "out:" path of tcache_detach_page() > when tcache was ported to VZ8. As a result, Syzkaller was able to hit > the following warning: > > WARNING: bad unlock balance detected! > 4.18.0-193.6.3.vz8.4.7.syz+debug #1 Tainted: G W ---------r- - > ------------------------------------- > vcmmd/926 is trying to release lock (rcu_read_lock) at: > [<ffffffff848ed2e0>] tcache_detach_page+0x530/0x750 > but there are no more locks to release! > > other info that might help us debug this: > 2 locks held by vcmmd/926: > #0: ffff888036331f30 (&mm->mmap_sem){++++}, at: __do_page_fault+0x157/0x550 > #1: ffff8880567295f8 (&ei->i_mmap_sem){++++}, at: ext4_filemap_fault+0x82/0xc0 [ext4] > > stack backtrace: > CPU: 0 PID: 926 Comm: vcmmd ve: / > Tainted: G W ---------r- - 4.18.0-193.6.3.vz8.4.7.syz+debug #1 4.7 > Hardware name: Virtuozzo KVM, BIOS 1.11.0-2.vz7.2 04/01/2014 > Call Trace: > dump_stack+0xd2/0x148 > print_unlock_imbalance_bug.cold.40+0xc8/0xd4 > lock_release+0x5e3/0x1360 > tcache_detach_page+0x559/0x750 > tcache_cleancache_get_page+0xe9/0x780 > __cleancache_get_page+0x212/0x320 > ext4_mpage_readpages+0x165d/0x1b90 [ext4] > ext4_readpages+0xd6/0x110 [ext4] > read_pages+0xff/0x5b0 > __do_page_cache_readahead+0x3fc/0x5b0 > filemap_fault+0x912/0x1b80 > ext4_filemap_fault+0x8a/0xc0 [ext4] > __do_fault+0x110/0x410 > do_fault+0x622/0x1010 > __handle_mm_fault+0x980/0x1120 > handle_mm_fault+0x17f/0x610 > __do_page_fault+0x25d/0x550 > do_page_fault+0x38/0x290 > do_async_page_fault+0x5b/0xe0 > async_page_fault+0x1e/0x30 > > Let us restore rcu_read_lock(). > > https://jira.sw.ru/browse/PSBM-120802 > Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com> Reviewed-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Looks like rcu_read_lock() was lost in "out:" path of tcache_detach_page() when tcache was ported to VZ8. As a result, Syzkaller was able to hit the following warning: WARNING: bad unlock balance detected! 4.18.0-193.6.3.vz8.4.7.syz+debug #1 Tainted: G W ---------r- - ------------------------------------- vcmmd/926 is trying to release lock (rcu_read_lock) at: [<ffffffff848ed2e0>] tcache_detach_page+0x530/0x750 but there are no more locks to release! other info that might help us debug this: 2 locks held by vcmmd/926: #0: ffff888036331f30 (&mm->mmap_sem){++++}, at: __do_page_fault+0x157/0x550 #1: ffff8880567295f8 (&ei->i_mmap_sem){++++}, at: ext4_filemap_fault+0x82/0xc0 [ext4] stack backtrace: CPU: 0 PID: 926 Comm: vcmmd ve: / Tainted: G W ---------r- - 4.18.0-193.6.3.vz8.4.7.syz+debug #1 4.7 Hardware name: Virtuozzo KVM, BIOS 1.11.0-2.vz7.2 04/01/2014 Call Trace: dump_stack+0xd2/0x148 print_unlock_imbalance_bug.cold.40+0xc8/0xd4 lock_release+0x5e3/0x1360 tcache_detach_page+0x559/0x750 tcache_cleancache_get_page+0xe9/0x780 __cleancache_get_page+0x212/0x320 ext4_mpage_readpages+0x165d/0x1b90 [ext4] ext4_readpages+0xd6/0x110 [ext4] read_pages+0xff/0x5b0 __do_page_cache_readahead+0x3fc/0x5b0 filemap_fault+0x912/0x1b80 ext4_filemap_fault+0x8a/0xc0 [ext4] __do_fault+0x110/0x410 do_fault+0x622/0x1010 __handle_mm_fault+0x980/0x1120 handle_mm_fault+0x17f/0x610 __do_page_fault+0x25d/0x550 do_page_fault+0x38/0x290 do_async_page_fault+0x5b/0xe0 async_page_fault+0x1e/0x30 Let us restore rcu_read_lock(). https://jira.sw.ru/browse/PSBM-120802 Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com> --- mm/tcache.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)