From 4dd859697f836cf62c8de08bd9a9f4b4f4beaa91 Mon Sep 17 00:00:00 2001 From: Frederic Weisbecker Date: Wed, 30 Dec 2009 07:26:28 +0100 Subject: [PATCH] reiserfs: Fix journal mutex <-> inode mutex lock inversion We need to relax the reiserfs lock before locking the inode mutex from xattr_unlink(), otherwise we'll face the usual bad dependencies: ======================================================= [ INFO: possible circular locking dependency detected ] 2.6.32-atom #178 ------------------------------------------------------- rm/3202 is trying to acquire lock: (&journal->j_mutex){+.+...}, at: [] do_journal_begin_r+0x94/0x360 but task is already holding lock: (&sb->s_type->i_mutex_key#4/2){+.+...}, at: [] xattr_unlink+0x57/0xb0 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&sb->s_type->i_mutex_key#4/2){+.+...}: [] __lock_acquire+0x11ff/0x19e0 [] lock_acquire+0x68/0x90 [] mutex_lock_nested+0x5b/0x340 [] xattr_unlink+0x57/0xb0 [] delete_one_xattr+0x29/0x100 [] reiserfs_for_each_xattr+0x10b/0x290 [] reiserfs_delete_xattrs+0x1a/0x60 [] reiserfs_delete_inode+0x9f/0x150 [] generic_delete_inode+0xa2/0x170 [] generic_drop_inode+0x4f/0x70 [] iput+0x47/0x50 [] do_unlinkat+0xd5/0x160 [] sys_unlinkat+0x23/0x40 [] sysenter_do_call+0x12/0x32 -> #1 (&REISERFS_SB(s)->lock){+.+.+.}: [] __lock_acquire+0x11ff/0x19e0 [] lock_acquire+0x68/0x90 [] mutex_lock_nested+0x5b/0x340 [] reiserfs_write_lock+0x29/0x40 [] do_journal_begin_r+0x9c/0x360 [] journal_begin+0x80/0x130 [] reiserfs_remount+0x223/0x4e0 [] do_remount_sb+0xa6/0x140 [] do_mount+0x560/0x750 [] sys_mount+0x84/0xb0 [] sysenter_do_call+0x12/0x32 -> #0 (&journal->j_mutex){+.+...}: [] __lock_acquire+0x18f6/0x19e0 [] lock_acquire+0x68/0x90 [] mutex_lock_nested+0x5b/0x340 [] do_journal_begin_r+0x94/0x360 [] journal_begin+0x80/0x130 [] reiserfs_unlink+0x83/0x2e0 [] xattr_unlink+0x64/0xb0 [] delete_one_xattr+0x29/0x100 [] reiserfs_for_each_xattr+0x10b/0x290 [] reiserfs_delete_xattrs+0x1a/0x60 [] reiserfs_delete_inode+0x9f/0x150 [] generic_delete_inode+0xa2/0x170 [] generic_drop_inode+0x4f/0x70 [] iput+0x47/0x50 [] do_unlinkat+0xd5/0x160 [] sys_unlinkat+0x23/0x40 [] sysenter_do_call+0x12/0x32 other info that might help us debug this: 2 locks held by rm/3202: #0: (&sb->s_type->i_mutex_key#4/3){+.+.+.}, at: [] reiserfs_for_each_xattr+0x9b/0x290 #1: (&sb->s_type->i_mutex_key#4/2){+.+...}, at: [] xattr_unlink+0x57/0xb0 stack backtrace: Pid: 3202, comm: rm Not tainted 2.6.32-atom #178 Call Trace: [] ? printk+0x18/0x1a [] print_circular_bug+0xca/0xd0 [] __lock_acquire+0x18f6/0x19e0 [] ? xattr_unlink+0x57/0xb0 [] lock_acquire+0x68/0x90 [] ? do_journal_begin_r+0x94/0x360 [] ? do_journal_begin_r+0x94/0x360 [] mutex_lock_nested+0x5b/0x340 [] ? do_journal_begin_r+0x94/0x360 [] do_journal_begin_r+0x94/0x360 [] ? run_timer_softirq+0x1a6/0x220 [] ? __do_softirq+0x50/0x140 [] journal_begin+0x80/0x130 [] ? __do_softirq+0xf2/0x140 [] ? hrtimer_interrupt+0xdf/0x220 [] reiserfs_unlink+0x83/0x2e0 [] ? mark_held_locks+0x62/0x80 [] ? trace_hardirqs_on_thunk+0xc/0x10 [] ? restore_all_notrace+0x0/0x18 [] ? xattr_unlink+0x57/0xb0 [] xattr_unlink+0x64/0xb0 [] delete_one_xattr+0x29/0x100 [] reiserfs_for_each_xattr+0x10b/0x290 [] ? delete_one_xattr+0x0/0x100 [] ? mutex_lock_nested+0x299/0x340 [] reiserfs_delete_xattrs+0x1a/0x60 [] ? reiserfs_write_lock_once+0x29/0x50 [] reiserfs_delete_inode+0x9f/0x150 [] ? _atomic_dec_and_lock+0x4f/0x70 [] ? reiserfs_delete_inode+0x0/0x150 [] generic_delete_inode+0xa2/0x170 [] generic_drop_inode+0x4f/0x70 [] iput+0x47/0x50 [] do_unlinkat+0xd5/0x160 [] ? mutex_unlock+0x8/0x10 [] ? vfs_readdir+0x7d/0xb0 [] ? filldir64+0x0/0xf0 [] ? sysenter_exit+0xf/0x16 [] ? trace_hardirqs_on_caller+0x124/0x170 [] sys_unlinkat+0x23/0x40 [] sysenter_do_call+0x12/0x32 Signed-off-by: Frederic Weisbecker Tested-by: Christian Kujau Cc: Alexander Beregalov Cc: Chris Mason Cc: Ingo Molnar --- fs/reiserfs/xattr.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/reiserfs/xattr.c b/fs/reiserfs/xattr.c index 78a3f24..8b9631d 100644 --- a/fs/reiserfs/xattr.c +++ b/fs/reiserfs/xattr.c @@ -82,7 +82,8 @@ static int xattr_unlink(struct inode *dir, struct dentry *dentry) BUG_ON(!mutex_is_locked(&dir->i_mutex)); vfs_dq_init(dir); - mutex_lock_nested(&dentry->d_inode->i_mutex, I_MUTEX_CHILD); + reiserfs_mutex_lock_nested_safe(&dentry->d_inode->i_mutex, + I_MUTEX_CHILD, dir->i_sb); error = dir->i_op->unlink(dir, dentry); mutex_unlock(&dentry->d_inode->i_mutex); -- 1.8.2.3