linux/fs/xfs
Dave Chinner df30707791 xfs: fix transaction leak in xfs_reflink_allocate_cow()
When xfs_reflink_allocate_cow() allocates a transaction, it drops
the ILOCK to perform the operation. This Introduces a race condition
where another thread modifying the file can perform the COW
allocation operation underneath us. This result in the retry loop
finding an allocated block and jumping straight to the conversion
code. It does not, however, cancel the transaction it holds and so
this gets leaked. This results in a lockdep warning:

================================================
WARNING: lock held when returning to user space!
4.18.5 #1 Not tainted
------------------------------------------------
worker/6123 is leaving the kernel with locks still held!
1 lock held by worker/6123:
 #0: 000000009eab4f1b (sb_internal#2){.+.+}, at: xfs_trans_alloc+0x17c/0x220

And eventually the filesystem deadlocks because it runs out of log
space that is reserved by the leaked transaction and never gets
released.

The logic flow in xfs_reflink_allocate_cow() is a convoluted mess of
gotos - it's no surprise that it has bug where the flow through
several goto jumps then fails to clean up context from a non-obvious
logic path. CLean up the logic flow and make sure every path does
the right thing.

Reported-by: Alexander Y. Fomichev <git.user@gmail.com>
Tested-by: Alexander Y. Fomichev <git.user@gmail.com>
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=200981
Signed-off-by: Dave Chinner <dchinner@redhat.com>
[hch: slight refactor]
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2018-09-29 13:47:15 +10:00
..
libxfs xfs: remove last of unnecessary xfs_defer_cancel() callers 2018-09-29 13:41:58 +10:00
scrub xfs: sanity check ag header values in xrep_calc_ag_resblks 2018-08-14 08:17:02 -07:00
Kconfig xfs: implement the metadata repair ioctl flag 2018-05-15 18:12:50 -07:00
kmem.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
kmem.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
Makefile xfs: move the repair extent list into its own file 2018-07-29 22:37:09 -07:00
mrlock.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_acl.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_acl.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_aops.c xfs: use WRITE_ONCE to update if_seq 2018-08-07 10:57:12 -07:00
xfs_aops.h xfs: remove xfs_map_cow 2018-07-11 22:25:59 -07:00
xfs_attr_inactive.c xfs: remove all boilerplate defer init/finish code 2018-07-26 10:15:15 -07:00
xfs_attr_list.c xfs: substitute spaces with tabs 2018-08-02 23:05:14 -07:00
xfs_attr.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_bmap_item.c xfs: pass transaction to xfs_defer_add() 2018-08-02 23:05:14 -07:00
xfs_bmap_item.h xfs: use transaction for intent recovery instead of raw dfops 2018-08-02 23:05:13 -07:00
xfs_bmap_util.c xfs: remove last of unnecessary xfs_defer_cancel() callers 2018-09-29 13:41:58 +10:00
xfs_bmap_util.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_buf_item.c xfs: refactor xfs_buf_log_item reference count handling 2018-09-29 13:45:26 +10:00
xfs_buf_item.h xfs: refactor xfs_buf_log_item reference count handling 2018-09-29 13:45:26 +10:00
xfs_buf.c xfs: remove b_last_holder & associated macros 2018-08-12 08:37:31 -07:00
xfs_buf.h xfs: remove b_last_holder & associated macros 2018-08-12 08:37:31 -07:00
xfs_dir2_readdir.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_discard.c xfs: trivial xfs_btree_del_cursor cleanups 2018-07-23 09:08:00 -07:00
xfs_discard.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfs_dquot_item.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_dquot_item.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_dquot.c xfs: remove dead error handling code in xfs_dquot_disk_alloc() 2018-08-07 10:57:13 -07:00
xfs_dquot.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_error.c xfs: force summary counter recalc at next mount 2018-07-23 09:08:01 -07:00
xfs_error.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_export.c xfs: clean up IRELE/iput callsites 2018-07-26 10:15:16 -07:00
xfs_export.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_extent_busy.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_extent_busy.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_extfree_item.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_extfree_item.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_file.c overlayfs update for 4.19 2018-08-21 18:19:09 -07:00
xfs_filestream.c xfs: replace dop_low with transaction flag 2018-08-02 23:05:13 -07:00
xfs_filestream.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_fsmap.c xfs: trivial xfs_btree_del_cursor cleanups 2018-07-23 09:08:00 -07:00
xfs_fsmap.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_fsops.c xfs: pass transaction lock while setting up agresv on cyclic metadata 2018-07-29 22:37:08 -07:00
xfs_fsops.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_globals.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_icache.c xfs: introduce a new xfs_inode_has_cow_data helper 2018-07-30 07:57:48 -07:00
xfs_icache.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_icreate_item.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_icreate_item.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_inode_item.c xfs: remove if_real_bytes 2018-07-30 07:57:48 -07:00
xfs_inode_item.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_inode.c xfs: remove last of unnecessary xfs_defer_cancel() callers 2018-09-29 13:41:58 +10:00
xfs_inode.h xfs: fold dfops into the transaction 2018-08-02 23:05:14 -07:00
xfs_ioctl32.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_ioctl32.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_ioctl.c Changes since last update: 2018-06-12 15:49:00 -07:00
xfs_ioctl.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_iomap.c Merge branch 'iomap-4.19-merge' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux 2018-08-13 22:29:03 -07:00
xfs_iomap.h xfs: avoid COW fork extent lookups in writeback if the fork didn't change 2018-07-31 13:18:09 -07:00
xfs_iops.c xfs: don't crash the vfs on a garbage inline symlink 2018-09-29 13:40:40 +10:00
xfs_iops.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_itable.c xfs: clean up IRELE/iput callsites 2018-07-26 10:15:16 -07:00
xfs_itable.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_linux.h xfs: replace do_mod with native operations 2018-06-08 10:07:52 -07:00
xfs_log_cil.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_log_priv.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_log_recover.c xfs: pass transaction to dfops reset/move helpers 2018-08-02 23:05:13 -07:00
xfs_log.c xfs: fix a comment in xfs_log_reserve 2018-08-03 08:17:54 -07:00
xfs_log.h xfs: refactor log recovery check 2018-08-01 07:40:48 -07:00
xfs_message.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_message.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfs_mount.c xfs: recalculate summary counters at mount time if icount is bad 2018-08-13 07:58:27 -07:00
xfs_mount.h xfs: remove deprecated barrier/nobarrier mount 2018-07-26 10:15:17 -07:00
xfs_mru_cache.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_mru_cache.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_ondisk.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_pnfs.c xfs: prepare xfs_break_layouts() for another layout type 2018-05-22 07:19:08 -07:00
xfs_pnfs.h xfs: prepare xfs_break_layouts() for another layout type 2018-05-22 07:19:08 -07:00
xfs_qm_bhv.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_qm_syscalls.c xfs: clean up IRELE/iput callsites 2018-07-26 10:15:16 -07:00
xfs_qm.c xfs: clean up IRELE/iput callsites 2018-07-26 10:15:16 -07:00
xfs_qm.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_quota.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_quotaops.c xfs: clean up IRELE/iput callsites 2018-07-26 10:15:16 -07:00
xfs_refcount_item.c xfs: pass transaction to xfs_defer_add() 2018-08-02 23:05:14 -07:00
xfs_refcount_item.h xfs: use transaction for intent recovery instead of raw dfops 2018-08-02 23:05:13 -07:00
xfs_reflink.c xfs: fix transaction leak in xfs_reflink_allocate_cow() 2018-09-29 13:47:15 +10:00
xfs_reflink.h xfs: remove xfs_reflink_find_cow_mapping 2018-07-11 22:26:01 -07:00
xfs_rmap_item.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_rmap_item.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_rtalloc.c xfs: clean up IRELE/iput callsites 2018-07-26 10:15:16 -07:00
xfs_rtalloc.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_stats.c Changes since last update: 2018-06-12 15:49:00 -07:00
xfs_stats.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_super.c xfs: remove the xfs_ifork_t typedef 2018-07-30 07:57:48 -07:00
xfs_super.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_symlink.c xfs: automatic dfops inode relogging 2018-08-02 23:05:14 -07:00
xfs_symlink.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_sysctl.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_sysctl.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_sysfs.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_sysfs.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_trace.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_trace.h xfs: don't unlock invalidated buf on aborted tx commit 2018-09-29 13:44:40 +10:00
xfs_trans_ail.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_trans_bmap.c xfs: drop dop param from xfs_defer_op_type ->finish_item() callback 2018-08-02 23:05:14 -07:00
xfs_trans_buf.c xfs: refactor xfs_buf_log_item reference count handling 2018-09-29 13:45:26 +10:00
xfs_trans_dquot.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_trans_extfree.c xfs: drop dop param from xfs_defer_op_type ->finish_item() callback 2018-08-02 23:05:14 -07:00
xfs_trans_inode.c vfs/y2038: inode timestamps conversion to timespec64 2018-06-15 07:31:07 +09:00
xfs_trans_priv.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_trans_refcount.c xfs: drop dop param from xfs_defer_op_type ->finish_item() callback 2018-08-02 23:05:14 -07:00
xfs_trans_rmap.c xfs: drop dop param from xfs_defer_op_type ->finish_item() callback 2018-08-02 23:05:14 -07:00
xfs_trans.c xfs: avoid lockdep false positives in xfs_trans_alloc 2018-09-29 13:46:21 +10:00
xfs_trans.h xfs: fold dfops into the transaction 2018-08-02 23:05:14 -07:00
xfs_xattr.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs.h xfs: remove b_last_holder & associated macros 2018-08-12 08:37:31 -07:00