From: Greg Kroah-Hartman Date: Sun, 2 Aug 2020 07:03:59 +0000 (+0200) Subject: 4.19-stable patches X-Git-Tag: v5.7.13~24 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e3ab038609db3a4713bd86271817422846c8f0ab;p=thirdparty%2Fkernel%2Fstable-queue.git 4.19-stable patches added patches: xfs-fix-missed-wakeup-on-l_flush_wait.patch --- diff --git a/queue-4.19/series b/queue-4.19/series index 799c50bf98d..074c19294b9 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -21,3 +21,4 @@ drm-hold-gem-reference-until-object-is-no-longer-accessed.patch random-fix-circular-include-dependency-on-arm64-after-addition-of-percpu.h.patch random32-remove-net_rand_state-from-the-latent-entropy-gcc-plugin.patch rds-prevent-kernel-infoleak-in-rds_notify_queue_get.patch +xfs-fix-missed-wakeup-on-l_flush_wait.patch diff --git a/queue-4.19/xfs-fix-missed-wakeup-on-l_flush_wait.patch b/queue-4.19/xfs-fix-missed-wakeup-on-l_flush_wait.patch new file mode 100644 index 00000000000..5acb207f136 --- /dev/null +++ b/queue-4.19/xfs-fix-missed-wakeup-on-l_flush_wait.patch @@ -0,0 +1,90 @@ +From cdea5459ce263fbc963657a7736762ae897a8ae6 Mon Sep 17 00:00:00 2001 +From: Rik van Riel +Date: Thu, 5 Sep 2019 17:32:48 -0700 +Subject: xfs: fix missed wakeup on l_flush_wait + +From: Rik van Riel + +commit cdea5459ce263fbc963657a7736762ae897a8ae6 upstream. + +The code in xlog_wait uses the spinlock to make adding the task to +the wait queue, and setting the task state to UNINTERRUPTIBLE atomic +with respect to the waker. + +Doing the wakeup after releasing the spinlock opens up the following +race condition: + +Task 1 task 2 +add task to wait queue + wake up task +set task state to UNINTERRUPTIBLE + +This issue was found through code inspection as a result of kworkers +being observed stuck in UNINTERRUPTIBLE state with an empty +wait queue. It is rare and largely unreproducable. + +Simply moving the spin_unlock to after the wake_up_all results +in the waker not being able to see a task on the waitqueue before +it has set its state to UNINTERRUPTIBLE. + +This bug dates back to the conversion of this code to generic +waitqueue infrastructure from a counting semaphore back in 2008 +which didn't place the wakeups consistently w.r.t. to the relevant +spin locks. + +[dchinner: Also fix a similar issue in the shutdown path on +xc_commit_wait. Update commit log with more details of the issue.] + +Fixes: d748c62367eb ("[XFS] Convert l_flushsema to a sv_t") +Reported-by: Chris Mason +Signed-off-by: Rik van Riel +Signed-off-by: Dave Chinner +Reviewed-by: Darrick J. Wong +Signed-off-by: Darrick J. Wong +Cc: stable@vger.kernel.org # 4.9.x-4.19.x +[modified for contextual change near xlog_state_do_callback()] +Signed-off-by: Samuel Mendoza-Jonas +Reviewed-by: Frank van der Linden +Reviewed-by: Suraj Jitindar Singh +Reviewed-by: Benjamin Herrenschmidt +Reviewed-by: Anchal Agarwal +Signed-off-by: Greg Kroah-Hartman + +--- + fs/xfs/xfs_log.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +--- a/fs/xfs/xfs_log.c ++++ b/fs/xfs/xfs_log.c +@@ -2712,7 +2712,6 @@ xlog_state_do_callback( + int funcdidcallbacks; /* flag: function did callbacks */ + int repeats; /* for issuing console warnings if + * looping too many times */ +- int wake = 0; + + spin_lock(&log->l_icloglock); + first_iclog = iclog = log->l_iclog; +@@ -2914,11 +2913,9 @@ xlog_state_do_callback( + #endif + + if (log->l_iclog->ic_state & (XLOG_STATE_ACTIVE|XLOG_STATE_IOERROR)) +- wake = 1; +- spin_unlock(&log->l_icloglock); +- +- if (wake) + wake_up_all(&log->l_flush_wait); ++ ++ spin_unlock(&log->l_icloglock); + } + + +@@ -4026,7 +4023,9 @@ xfs_log_force_umount( + * item committed callback functions will do this again under lock to + * avoid races. + */ ++ spin_lock(&log->l_cilp->xc_push_lock); + wake_up_all(&log->l_cilp->xc_commit_wait); ++ spin_unlock(&log->l_cilp->xc_push_lock); + xlog_state_do_callback(log, XFS_LI_ABORTED, NULL); + + #ifdef XFSERRORDEBUG