From nobody Wed Feb 11 04:00:15 2026
Received: from mail-dl1-f73.google.com (mail-dl1-f73.google.com
 [74.125.82.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0D8CA21B185
	for <linux-kernel@vger.kernel.org>; Thu, 15 Jan 2026 21:31:11 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=74.125.82.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1768512673; cv=none;
 b=Z0B/kJyq1FA0RKyWM+hR/a1JU0yuo/yBO55PDjkh2hXoxOzfC3MIM+Ufuc85p39mHl/9eWXB0vDJfkpKZdaJrZYO/SYQrtTbGrnlt/pAcExpX3SXp+CS2iTS+Dqw3GidMdrieuhV5B9JHm7DeBv8RC0UHYk/o+/lVj8dmaDP/3U=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1768512673; c=relaxed/simple;
	bh=wb0KLkiX51fT3RkJoZ+luo5L9Z8U0EQAI/SU4HLeRKU=;
	h=Date:Mime-Version:Message-ID:Subject:From:To:Cc:Content-Type;
 b=r4p4vgiqDmaPEpx6ykKFaIxb7r9VjxuY4slnXiwcgILRtmMFK275frUlTgoqhYgQ8ZUe5j7m7lxjQ3wNiDcELSEMnLjed/9Fl2Zg8eDyj6eMYqPM4iZAY470SSZ97nIKuinYi1G5bFT5Z1jwCj439eZ1k3GYMA0EIfF8jAXEuFo=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--abhishekbapat.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=r5HDSBUz; arc=none smtp.client-ip=74.125.82.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--abhishekbapat.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="r5HDSBUz"
Received: by mail-dl1-f73.google.com with SMTP id
 a92af1059eb24-1233893db9fso4856726c88.0
        for <linux-kernel@vger.kernel.org>;
 Thu, 15 Jan 2026 13:31:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1768512671; x=1769117471;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject
         :date:message-id:reply-to;
        bh=D1cQJ/eIc2L8lR/QmsEXEc0ERd0m/V6aieL7jqlpFZc=;
        b=r5HDSBUzgEoLc0ciB+dryerTd5+BR1Py3d+izZBMZPjvppwZWe1jeAy2iIRQLJIHlQ
         fNcD3QJEpXEvifMvAJEojJLy5PjtFexLX3VuzSRVUcwgTOpYnvZQ2EaXqesyCT6dXVBc
         XYyqmmhobQHiL6OjdjG9vh7dQUdydh3Y3+eXYwi9VNVAaoDgW/pU37UPBaR/fzvzRHup
         mhWkdmy7sXakEW0twcgJn55Q/4suAITisj8Sq2j1CfRuzai+nNk7W3YnTsh38hvW9Ojs
         MppSUmoLG88F5bK+gmm+ok6wRKxXnfUsgGIL0CxcwaQzgbsjM1DlO2NSNdizx0/t0pxj
         ZSxA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768512671; x=1769117471;
        h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=D1cQJ/eIc2L8lR/QmsEXEc0ERd0m/V6aieL7jqlpFZc=;
        b=hQWIDvB1d4GkRKCRZKEAMHjtIV565jF8xjcJ3aHl4f/miniNg9PyZfupCewA2cd4J9
         k3Bo+g9quSoxIY7Jf9cblsn3lX2HIRqu2QPWOZ4vXv+/dmopc3q0GWYVwfAp5851fh8e
         Rw0wdGuwyg/8vxRKv09wML3W8CM9eo4ODXQxADlmbWhpcuarRO1Wgh1+amAOeAkzCleb
         EMAhfuIV2E6RlUinRm2sYFFSxGn+7e4kABwwF03KYohrp0ba0qVP+tNIZbEhyEDjbNey
         6X9rLfkgzxQQxyZ17b8c5XoMfU61b3h5EBxnb8VeeDDTLx4GZCkAJJ2/sD2azD+5y1Lg
         GmUw==
X-Forwarded-Encrypted: i=1;
 AJvYcCVpBRKnYiAPDZ4loHZr09oNfkaPxnD7ef4jBAMvS5IZsvBQ9mbjx8FBnkHvzhxG+u565mIpF6JZu/3yX5Y=@vger.kernel.org
X-Gm-Message-State: AOJu0Yw9zvIrHqRx1W7MWTzNlG30IA3+IMAerg09kvGCvh0OcvCuF8vS
	P5ByuzzFpdepfChyL9qZAmJ6bgv3qEMRVtSsnmUXppgI95eBt1cwJpRqGqvbRY2XBbPco8DSlCQ
	qRE+rxFuheXwoDvnBkDJo1tWWbfMpyPsO+A==
X-Received: from dlbrh14.prod.google.com
 ([2002:a05:7022:f30e:b0:11d:ccc4:4c98])
 (user=abhishekbapat job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:7022:a82:b0:119:e569:fbb3 with SMTP id
 a92af1059eb24-1244a768af9mr1239692c88.34.1768512670614;
 Thu, 15 Jan 2026 13:31:10 -0800 (PST)
Date: Thu, 15 Jan 2026 21:31:03 +0000
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog
Message-ID: <20260115213103.1089129-1-abhishekbapat@google.com>
Subject: [PATCH] quota: fix livelock between quotactl and freeze_super
From: Abhishek Bapat <abhishekbapat@google.com>
To: Jan Kara <jack@suse.com>, Christian Brauner <brauner@kernel.org>
Cc: Jeremy Bongio <jbongio@google.com>, Khazhy Kumykov <khazhy@google.com>,
 linux-kernel@vger.kernel.org,
	Abhishek Bapat <abhishekbapat@google.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

When a filesystem is frozen, quotactl_block() enters a retry loop
waiting for the filesystem to thaw. It acquires s_umount, checks the
freeze state, drops s_umount and uses sb_start_write() - sb_end_write()
pair to wait for the unfreeze.

However, this retry loop can trigger a livelock issue, specifically on
kernels with preemption disabled.

The mechanism is as follows:
1. freeze_super() sets SB_FREEZE_WRITE and calls sb_wait_write().
2. sb_wait_write() calls percpu_down_write(), which initiates
   synchronize_rcu().
3. Simultaneously, quotactl_block() spins in its retry loop, immediately
   executing the sb_start_write() - sb_end_write() pair.
4. Because the kernel is non-preemptible and the loop contains no
   scheduling points, quotactl_block() never yields the CPU. This
   prevents that CPU from reaching an RCU quiescent state.
5. synchronize_rcu() in the freezer thread waits indefinitely for the
   quotactl_block() CPU to report a quiescent state.
6. quotactl_block() spins indefinitely waiting for the freezer to
   advance, which it cannot do as it is blocked on the RCU sync.

This results in a hang of the freezer process and 100% CPU usage by the
quota process.

While this can occur intermittently on multi-core systems, it is
reliably reproducing on a node with the following script, running both
the freezer and the quota toggle on the same CPU:

  # mkfs.ext4 -O quota /dev/sda 2g && mkdir a_mount
  # mount /dev/sda -o quota,usrquota,grpquota a_mount
  # taskset -c 3 bash -c "while true; do xfs_freeze -f a_mount; \
    xfs_freeze -u a_mount; done" &
  # taskset -c 3 bash -c "while true; do quotaon a_mount; \
    quotaoff a_mount; done" &

Adding cond_resched() to the retry loop fixes the issue. It acts as an
RCU quiescent state, allowing synchronize_rcu() in percpu_down_write()
to complete.

Fixes: 576215cffdef ("fs: Drop wait_unfrozen wait queue")
Signed-off-by: Abhishek Bapat <abhishekbapat@google.com>
---
 fs/quota/quota.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/quota/quota.c b/fs/quota/quota.c
index 7c2b75a44485..de4379a9c792 100644
--- a/fs/quota/quota.c
+++ b/fs/quota/quota.c
@@ -899,6 +899,7 @@ static struct super_block *quotactl_block(const char __=
user *special, int cmd)
 		sb_start_write(sb);
 		sb_end_write(sb);
 		put_super(sb);
+		cond_resched();
 		goto retry;
 	}
 	return sb;
--=20
2.52.0.457.g6b5491de43-goog