чт, 24 окт. 2019 г. в 04:04, Dave Wysochanski <dwysocha@xxxxxxxxxx>:
>
> There's a deadlock that is possible and can easily be seen with
> a test where multiple readers open/read/close of the same file
> and a disruption occurs causing reconnect. The deadlock is due
> a reader thread inside cifs_strict_readv calling down_read and
> obtaining lock_sem, and then after reconnect inside
> cifs_reopen_file calling down_read a second time. If in
> between the two down_read calls, a down_write comes from
> another process, deadlock occurs.
>
> CPU0 CPU1
> ---- ----
> cifs_strict_readv()
> down_read(&cifsi->lock_sem);
> _cifsFileInfo_put
> OR
> cifs_new_fileinfo
> down_write(&cifsi->lock_sem);
> cifs_reopen_file()
> down_read(&cifsi->lock_sem);
>
> Fix the above by changing all down_write(lock_sem) calls to
> down_write_trylock(lock_sem)/msleep() loop, which in turn
> makes the second down_read call benign since it will never
> block behind the writer while holding lock_sem.
>
> Signed-off-by: Dave Wysochanski <dwysocha@xxxxxxxxxx>
> Suggested-by: Ronnie Sahlberg <lsahlber@xxxxxxxxxx>
> ---
> fs/cifs/cifsglob.h | 5 +++++
> fs/cifs/file.c | 24 ++++++++++++++++--------
> fs/cifs/smb2file.c | 3 ++-
> 3 files changed, 23 insertions(+), 9 deletions(-)
>
> diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
> index 50dfd9049370..2c4a7adbcb4e 100644
> --- a/fs/cifs/cifsglob.h
> +++ b/fs/cifs/cifsglob.h
> @@ -1391,6 +1391,11 @@ struct cifs_writedata {
> struct cifsInodeInfo {
> bool can_cache_brlcks;
> struct list_head llist; /* locks helb by this inode */
> + /*
> + * NOTE: Some code paths call down_read(lock_sem) twice, so
> + * we must always use use down_write_trylock()/msleep() loop
> + * to avoid deadlock.
> + */
> struct rw_semaphore lock_sem; /* protect the fields above */
> /* BB add in lists for dirty pages i.e. write caching info for oplock */
> struct list_head openFileList;
> diff --git a/fs/cifs/file.c b/fs/cifs/file.c
> index 5ad15de2bb4f..52454df5ae39 100644
> --- a/fs/cifs/file.c
> +++ b/fs/cifs/file.c
> @@ -306,7 +306,8 @@ struct cifsFileInfo *
> INIT_LIST_HEAD(&fdlocks->locks);
> fdlocks->cfile = cfile;
> cfile->llist = fdlocks;
> - down_write(&cinode->lock_sem);
> + while (!down_write_trylock(&cinode->lock_sem))
> + msleep(125);
> list_add(&fdlocks->llist, &cinode->llist);
> up_write(&cinode->lock_sem);
>
> @@ -464,7 +465,8 @@ void _cifsFileInfo_put(struct cifsFileInfo *cifs_file, bool wait_oplock_handler)
> * Delete any outstanding lock records. We'll lose them when the file
> * is closed anyway.
> */
> - down_write(&cifsi->lock_sem);
> + while (!down_write_trylock(&cifsi->lock_sem))
> + msleep(125);
Please wrap the above code into a helper function e.g.
cifs_acquire_lock_sem(struct cifsInodeInfo *cinode) or any other name
you like.
Other than that it looks good.
--
Best regards,
Pavel Shilovsky
