]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/commitdiff
4.19-stable patches
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 2 Aug 2020 07:03:59 +0000 (09:03 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 2 Aug 2020 07:03:59 +0000 (09:03 +0200)
added patches:
xfs-fix-missed-wakeup-on-l_flush_wait.patch

queue-4.19/series
queue-4.19/xfs-fix-missed-wakeup-on-l_flush_wait.patch [new file with mode: 0644]

index 799c50bf98de720602702deae34fc7abeaa53f31..074c19294b94721fa18b4411056ffe3c886065ea 100644 (file)
@@ -21,3 +21,4 @@ drm-hold-gem-reference-until-object-is-no-longer-accessed.patch
 random-fix-circular-include-dependency-on-arm64-after-addition-of-percpu.h.patch
 random32-remove-net_rand_state-from-the-latent-entropy-gcc-plugin.patch
 rds-prevent-kernel-infoleak-in-rds_notify_queue_get.patch
+xfs-fix-missed-wakeup-on-l_flush_wait.patch
diff --git a/queue-4.19/xfs-fix-missed-wakeup-on-l_flush_wait.patch b/queue-4.19/xfs-fix-missed-wakeup-on-l_flush_wait.patch
new file mode 100644 (file)
index 0000000..5acb207
--- /dev/null
@@ -0,0 +1,90 @@
+From cdea5459ce263fbc963657a7736762ae897a8ae6 Mon Sep 17 00:00:00 2001
+From: Rik van Riel <riel@surriel.com>
+Date: Thu, 5 Sep 2019 17:32:48 -0700
+Subject: xfs: fix missed wakeup on l_flush_wait
+
+From: Rik van Riel <riel@surriel.com>
+
+commit cdea5459ce263fbc963657a7736762ae897a8ae6 upstream.
+
+The code in xlog_wait uses the spinlock to make adding the task to
+the wait queue, and setting the task state to UNINTERRUPTIBLE atomic
+with respect to the waker.
+
+Doing the wakeup after releasing the spinlock opens up the following
+race condition:
+
+Task 1                                 task 2
+add task to wait queue
+                                       wake up task
+set task state to UNINTERRUPTIBLE
+
+This issue was found through code inspection as a result of kworkers
+being observed stuck in UNINTERRUPTIBLE state with an empty
+wait queue. It is rare and largely unreproducable.
+
+Simply moving the spin_unlock to after the wake_up_all results
+in the waker not being able to see a task on the waitqueue before
+it has set its state to UNINTERRUPTIBLE.
+
+This bug dates back to the conversion of this code to generic
+waitqueue infrastructure from a counting semaphore back in 2008
+which didn't place the wakeups consistently w.r.t. to the relevant
+spin locks.
+
+[dchinner: Also fix a similar issue in the shutdown path on
+xc_commit_wait. Update commit log with more details of the issue.]
+
+Fixes: d748c62367eb ("[XFS] Convert l_flushsema to a sv_t")
+Reported-by: Chris Mason <clm@fb.com>
+Signed-off-by: Rik van Riel <riel@surriel.com>
+Signed-off-by: Dave Chinner <dchinner@redhat.com>
+Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
+Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
+Cc: stable@vger.kernel.org # 4.9.x-4.19.x
+[modified for contextual change near xlog_state_do_callback()]
+Signed-off-by: Samuel Mendoza-Jonas <samjonas@amazon.com>
+Reviewed-by: Frank van der Linden <fllinden@amazon.com>
+Reviewed-by: Suraj Jitindar Singh <surajjs@amazon.com>
+Reviewed-by: Benjamin Herrenschmidt <benh@amazon.com>
+Reviewed-by: Anchal Agarwal <anchalag@amazon.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/xfs/xfs_log.c |    9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+--- a/fs/xfs/xfs_log.c
++++ b/fs/xfs/xfs_log.c
+@@ -2712,7 +2712,6 @@ xlog_state_do_callback(
+       int                funcdidcallbacks; /* flag: function did callbacks */
+       int                repeats;     /* for issuing console warnings if
+                                        * looping too many times */
+-      int                wake = 0;
+       spin_lock(&log->l_icloglock);
+       first_iclog = iclog = log->l_iclog;
+@@ -2914,11 +2913,9 @@ xlog_state_do_callback(
+ #endif
+       if (log->l_iclog->ic_state & (XLOG_STATE_ACTIVE|XLOG_STATE_IOERROR))
+-              wake = 1;
+-      spin_unlock(&log->l_icloglock);
+-
+-      if (wake)
+               wake_up_all(&log->l_flush_wait);
++
++      spin_unlock(&log->l_icloglock);
+ }
+@@ -4026,7 +4023,9 @@ xfs_log_force_umount(
+        * item committed callback functions will do this again under lock to
+        * avoid races.
+        */
++      spin_lock(&log->l_cilp->xc_push_lock);
+       wake_up_all(&log->l_cilp->xc_commit_wait);
++      spin_unlock(&log->l_cilp->xc_push_lock);
+       xlog_state_do_callback(log, XFS_LI_ABORTED, NULL);
+ #ifdef XFSERRORDEBUG