| Message ID | 20240531101444.1874926-1-sj1557.seo@samsung.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | exfat: fix potential deadlock on __exfat_get_dentry_set | expand |
2024년 5월 31일 (금) 오후 7:16, Sungjong Seo <sj1557.seo@samsung.com>님이 작성: > > When accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array > is allocated in __exfat_get_entry_set. The problem is that the bh-array is > allocated with GFP_KERNEL. It does not make sense. In the following cases, > a deadlock for sbi->s_lock between the two processes may occur. > > CPU0 CPU1 > ---- ---- > kswapd > balance_pgdat > lock(fs_reclaim) > exfat_iterate > lock(&sbi->s_lock) > exfat_readdir > exfat_get_uniname_from_ext_entry > exfat_get_dentry_set > __exfat_get_dentry_set > kmalloc_array > ... > lock(fs_reclaim) > ... > evict > exfat_evict_inode > lock(&sbi->s_lock) > > To fix this, let's allocate bh-array with GFP_NOFS. > > Fixes: a3ff29a95fde ("exfat: support dynamic allocate bh for exfat_entry_set_cache") > Cc: stable@vger.kernel.org # v6.2+ > Reported-by: syzbot+412a392a2cd4a65e71db@syzkaller.appspotmail.com > Closes: https://lore.kernel.org/lkml/000000000000fef47e0618c0327f@google.com > Signed-off-by: Sungjong Seo <sj1557.seo@samsung.com> Applied it to #dev. Thanks for your patch!
diff --git a/fs/exfat/dir.c b/fs/exfat/dir.c index 84572e11cc05..7446bf09a04a 100644 --- a/fs/exfat/dir.c +++ b/fs/exfat/dir.c @@ -813,7 +813,7 @@ static int __exfat_get_dentry_set(struct exfat_entry_set_cache *es, num_bh = EXFAT_B_TO_BLK_ROUND_UP(off + num_entries * DENTRY_SIZE, sb); if (num_bh > ARRAY_SIZE(es->__bh)) { - es->bh = kmalloc_array(num_bh, sizeof(*es->bh), GFP_KERNEL); + es->bh = kmalloc_array(num_bh, sizeof(*es->bh), GFP_NOFS); if (!es->bh) { brelse(bh); return -ENOMEM;
When accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array is allocated in __exfat_get_entry_set. The problem is that the bh-array is allocated with GFP_KERNEL. It does not make sense. In the following cases, a deadlock for sbi->s_lock between the two processes may occur. CPU0 CPU1 ---- ---- kswapd balance_pgdat lock(fs_reclaim) exfat_iterate lock(&sbi->s_lock) exfat_readdir exfat_get_uniname_from_ext_entry exfat_get_dentry_set __exfat_get_dentry_set kmalloc_array ... lock(fs_reclaim) ... evict exfat_evict_inode lock(&sbi->s_lock) To fix this, let's allocate bh-array with GFP_NOFS. Fixes: a3ff29a95fde ("exfat: support dynamic allocate bh for exfat_entry_set_cache") Cc: stable@vger.kernel.org # v6.2+ Reported-by: syzbot+412a392a2cd4a65e71db@syzkaller.appspotmail.com Closes: https://lore.kernel.org/lkml/000000000000fef47e0618c0327f@google.com Signed-off-by: Sungjong Seo <sj1557.seo@samsung.com> --- fs/exfat/dir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)