Re: [PATCH] btrfs: qgroup: fix sleep from invalid context bug in update_qgroup_limit_item()
From: David Sterba
Date: Fri Nov 11 2022 - 06:45:24 EST
On Fri, Nov 11, 2022 at 07:31:22AM +0800, Qu Wenruo wrote:
>
>
> On 2022/11/11 04:54, David Sterba wrote:
> > On Thu, Nov 10, 2022 at 10:13:42PM +0800, ChenXiaoSong wrote:
> >> Syzkaller reported BUG as follows:
> >>
> >> BUG: sleeping function called from invalid context at
> >> include/linux/sched/mm.h:274
> >> Call Trace:
> >> <TASK>
> >> dump_stack_lvl+0xcd/0x134
> >> __might_resched.cold+0x222/0x26b
> >> kmem_cache_alloc+0x2e7/0x3c0
> >> update_qgroup_limit_item+0xe1/0x390
> >> btrfs_qgroup_inherit+0x147b/0x1ee0
> >> create_subvol+0x4eb/0x1710
> >> btrfs_mksubvol+0xfe5/0x13f0
> >> __btrfs_ioctl_snap_create+0x2b0/0x430
> >> btrfs_ioctl_snap_create_v2+0x25a/0x520
> >> btrfs_ioctl+0x2a1c/0x5ce0
> >> __x64_sys_ioctl+0x193/0x200
> >> do_syscall_64+0x35/0x80
> >>
> >> Fix this by introducing __update_qgroup_limit_item() helper, allocate
> >> memory outside of the spin lock.
> >>
> >> Signed-off-by: ChenXiaoSong <chenxiaosong2@xxxxxxxxxx>
> >
> > Added to misc-next, thanks.
>
> Please remove it for now, the patch only addressed what MM layer
> reports, it doesn't really solve the root cause, we're doing a tree
> modification (btrfs_search_slot()), under a spinlock.
Removed. As the potential sleeping under spinlock is hard to spot we
should add might_sleep to some places.