Once we are inside the 'ext4_xattr_delete_inode' function and trying
to delete the inode, the 'xattr_sem' should be unlocked.

We need trylock here to avoid false-positive warning from lockdep
about reclaim circular dependency.

This makes the 'ext4_xattr_delete_inode' implementation mimic the
existing 'ext2_xattr_delete_inode' implementation and thus avoid
similar lockdep issues while deleting inodes.

Signed-off-by: Bhupesh <bhupesh@igalia.com>
---
 fs/ext4/xattr.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
index 6ff94cdf1515..b98267c09b00 100644
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -2935,7 +2935,20 @@ int ext4_xattr_delete_inode(handle_t *handle, struct inode *inode,
 	struct ext4_iloc iloc = { .bh = NULL };
 	struct ext4_xattr_entry *entry;
 	struct inode *ea_inode;
-	int error;
+	int error = 0;
+
+	/*
+	 * We are the only ones holding inode reference. The xattr_sem should
+	 * better be unlocked! We could as well just not acquire xattr_sem at
+	 * all but this makes the code more futureproof. OTOH we need trylock
+	 * here to avoid false-positive warning from lockdep about reclaim
+	 * circular dependency.
+	 */
+	if (WARN_ON_ONCE(!down_write_trylock(&EXT4_I(inode)->xattr_sem)))
+		return error;
+
+	if (!EXT4_I(inode)->i_file_acl)
+		goto cleanup;
 
 	error = ext4_journal_ensure_credits(handle, extra_credits,
 			ext4_free_metadata_revoke_credits(inode->i_sb, 1));
@@ -3024,6 +3037,7 @@ int ext4_xattr_delete_inode(handle_t *handle, struct inode *inode,
 cleanup:
 	brelse(iloc.bh);
 	brelse(bh);
+	up_write(&EXT4_I(inode)->xattr_sem);
 	return error;
 }
 
-- 
2.38.1

On Tue, Jan 28, 2025 at 01:57:51PM +0530, Bhupesh wrote:
> Once we are inside the 'ext4_xattr_delete_inode' function and trying
> to delete the inode, the 'xattr_sem' should be unlocked.
> 
> We need trylock here to avoid false-positive warning from lockdep
> about reclaim circular dependency.
> 
> This makes the 'ext4_xattr_delete_inode' implementation mimic the
> existing 'ext2_xattr_delete_inode' implementation and thus avoid
> similar lockdep issues while deleting inodes.
> 
> Signed-off-by: Bhupesh <bhupesh@igalia.com>

This patch is causing a failure of test ext4/026, and also exposed a
bug in e2fsprogs[1].  With the e2fsprogs bug fixed, the file system
corruption which is induced by ext4/026 is (when running e2fsck -fn on
SCRATCH_DEV):

Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Regular filesystem inode 14 has EA_INODE flag set. Clear? no

Unattached inode 14
Connect to /lost+found? no

Pass 5: Checking group summary information

/tmp/kvm-xfstests-tytso/vdc.img: ********** WARNING: Filesystem still has errors **********

[1] https://lore.kernel.org/20250317144526.990271-1-tytso@mit.edu

So what appears to be happening is this patch is resulting in ext4/026
failing to clean up a no-longer-used EA inode, which is unfortunate.

Without the e2fsorigs bug fix, ext4/026 will fail but the error
message will be much less edifying:

e2fsck 1.47.2 (1-Jan-2025)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
ext2fs_write_inode: Attempt to write to filesystem opened read-only while writing inode 14 in pass4
e2fsck: aborted

So I'm going to drop this patch (2/2) from the ext4 tree, but I'm
going to keep patch 1/2 from this series, since it is fixing a real
bug.  I presume that without this patch, the syzbot reproducer will
trigger a false lockdep warning, but we can fix that later.

Thanks,

					- Ted

Hi Ted,

On 3/17/25 8:47 PM, Theodore Ts'o wrote:
> On Tue, Jan 28, 2025 at 01:57:51PM +0530, Bhupesh wrote:
>> Once we are inside the 'ext4_xattr_delete_inode' function and trying
>> to delete the inode, the 'xattr_sem' should be unlocked.
>>
>> We need trylock here to avoid false-positive warning from lockdep
>> about reclaim circular dependency.
>>
>> This makes the 'ext4_xattr_delete_inode' implementation mimic the
>> existing 'ext2_xattr_delete_inode' implementation and thus avoid
>> similar lockdep issues while deleting inodes.
>>
>> Signed-off-by: Bhupesh <bhupesh@igalia.com>
> This patch is causing a failure of test ext4/026, and also exposed a
> bug in e2fsprogs[1].  With the e2fsprogs bug fixed, the file system
> corruption which is induced by ext4/026 is (when running e2fsck -fn on
> SCRATCH_DEV):
>
> Pass 1: Checking inodes, blocks, and sizes
> Pass 2: Checking directory structure
> Pass 3: Checking directory connectivity
> Pass 4: Checking reference counts
> Regular filesystem inode 14 has EA_INODE flag set. Clear? no
>
> Unattached inode 14
> Connect to /lost+found? no
>
> Pass 5: Checking group summary information
>
> /tmp/kvm-xfstests-tytso/vdc.img: ********** WARNING: Filesystem still has errors **********
>
> [1] https://lore.kernel.org/20250317144526.990271-1-tytso@mit.edu
>
> So what appears to be happening is this patch is resulting in ext4/026
> failing to clean up a no-longer-used EA inode, which is unfortunate.
>
> Without the e2fsorigs bug fix, ext4/026 will fail but the error
> message will be much less edifying:
>
> e2fsck 1.47.2 (1-Jan-2025)
> Pass 1: Checking inodes, blocks, and sizes
> Pass 2: Checking directory structure
> Pass 3: Checking directory connectivity
> Pass 4: Checking reference counts
> ext2fs_write_inode: Attempt to write to filesystem opened read-only while writing inode 14 in pass4
> e2fsck: aborted
>
> So I'm going to drop this patch (2/2) from the ext4 tree, but I'm
> going to keep patch 1/2 from this series, since it is fixing a real
> bug.  I presume that without this patch, the syzbot reproducer will
> trigger a false lockdep warning, but we can fix that later.

Sure, many thanks for your help.

Regards,
Bhupesh