diff options
| author | Eric Biggers <ebiggers@google.com> | 2019-12-31 12:11:49 -0600 |
|---|---|---|
| committer | Theodore Ts'o <tytso@mit.edu> | 2020-01-17 16:24:54 -0500 |
| commit | 547c556f4db7c09447ecf5f833ab6aaae0c5ab58 (patch) | |
| tree | 085e8baa73457069e7141a2da4151aacd608f344 /fs/ext4/readpage.c | |
| parent | 8f27fd0ab569f5d09410010b15a3f45399e89fcf (diff) | |
| download | linux-next-547c556f4db7c09447ecf5f833ab6aaae0c5ab58.tar.gz | |
ext4: fix deadlock allocating crypto bounce page from mempool
ext4_writepages() on an encrypted file has to encrypt the data, but it
can't modify the pagecache pages in-place, so it encrypts the data into
bounce pages and writes those instead. All bounce pages are allocated
from a mempool using GFP_NOFS.
This is not correct use of a mempool, and it can deadlock. This is
because GFP_NOFS includes __GFP_DIRECT_RECLAIM, which enables the "never
fail" mode for mempool_alloc() where a failed allocation will fall back
to waiting for one of the preallocated elements in the pool.
But since this mode is used for all a bio's pages and not just the
first, it can deadlock waiting for pages already in the bio to be freed.
This deadlock can be reproduced by patching mempool_alloc() to pretend
that pool->alloc() always fails (so that it always falls back to the
preallocations), and then creating an encrypted file of size > 128 KiB.
Fix it by only using GFP_NOFS for the first page in the bio. For
subsequent pages just use GFP_NOWAIT, and if any of those fail, just
submit the bio and start a new one.
This will need to be fixed in f2fs too, but that's less straightforward.
Fixes: c9af28fdd449 ("ext4 crypto: don't let data integrity writebacks fail with ENOMEM")
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Link: https://lore.kernel.org/r/20191231181149.47619-1-ebiggers@kernel.org
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Diffstat (limited to 'fs/ext4/readpage.c')
0 files changed, 0 insertions, 0 deletions