From nobody Tue Jun 16 20:36:48 2026
Received: from mail-wr1-f47.google.com (mail-wr1-f47.google.com
 [209.85.221.47])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4BCA93ACA42
	for <linux-kernel@vger.kernel.org>; Wed, 29 Apr 2026 08:15:23 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.221.47
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1777450524; cv=none;
 b=BNu7uth6whkfV2eKUtdK0KAOldBRvdqpiCjEqz/R+H/b/23hthotp9suyybGh5Z2Yc5Jwvx3ZMP/EsFU+urb4D2Ed+vyYby291PPEyYDjfyF6dbnQJLnatqXIltTEPsQG+GridbHfnIGgNJ9PQsEXdZZJAFviQ9qQ5ThT05Akqo=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1777450524; c=relaxed/simple;
	bh=r/M2mKRE35qiR7iF124hoEvcuXchp73r1PHFfcOkRrI=;
	h=From:To:Cc:Subject:Date:Message-ID:MIME-Version;
 b=n3mELChBgWrfhrYlsQV2QyM+t0cSK5rtBlM30dHDywTpJFGZViT14iPmmeQfmBZ9VpuwdcU5ksTObRZa8L4H+4rQyZ4qiGJvq89OL7793bWihwYlpEPOGAT72ewLHc4REKi3aKYFa59OW14VD0nc9VxmWb5MRNesAlGMZcO5PMw=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=pcTH+lur; arc=none smtp.client-ip=209.85.221.47
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="pcTH+lur"
Received: by mail-wr1-f47.google.com with SMTP id
 ffacd0b85a97d-43d75312379so350691f8f.1
        for <linux-kernel@vger.kernel.org>;
 Wed, 29 Apr 2026 01:15:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20251104; t=1777450522; x=1778055322;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=w4gjTGx+70pRN4y0LykgasMlakdmxDvAyxekGVsskSU=;
        b=pcTH+lurRMpYJVz3nNjBOcGlMJoAvqFPPdZXmLe02z+Zwy2OOWwhP2GGPvfkD5F2b5
         8/gH1Y6+LPNFZ02WAFsama9tnAq5440UQM4xQe8Me9fXD25NmmXrPVyJ0sy2fT4rUPJM
         KPHmVehcj4LXK9NhtK9AlXhNSrvBKlO3VezzDsDZKdiQFhkx1q9AycQyEXuBpROhboO0
         rcVB+oqmA044DfDZyywo7vUFEhRbIfTNIrIBcJ6y9dmgCwXAkAQnSJjlJyGyxSIMxytc
         u4abKRVNxLEtk8hgIfRTadJurlk6P/mpMjqewWjE8RKLcSOXI7tCNZsHJhDT0hLU5LVr
         WebA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1777450522; x=1778055322;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=w4gjTGx+70pRN4y0LykgasMlakdmxDvAyxekGVsskSU=;
        b=naCQqaaT2QzdCh7DSgjfcVPsah8lceEPJMVoVtNLGCAiYyFDYJ7nShAayUlHX8NFqr
         Ql0CfQI0cLJXjcoF5U7WYOkX/wyOdUUhdhCVn8GsBj52KWvI43ifaB8ciy3wv5yaEGmX
         mCiKpxdti9klFdtOaJw7+7oOSrykF2pVPHROEmjhLeI2yOkpO9z99qiIIa12KYEaXN6a
         cNAw6w1PfctG1jeL2teyI9+KKF3kJrRYf0ekZlywsAM0VZlUeMMdsvBM9W6y/Xb4tJa5
         QSgOm5zcy15Q0llZ1pEPUIYnuI9n7gDf90I1BsEf7SYXUfAzZXgbgAZ6yGcp1UhFiATL
         LpKg==
X-Forwarded-Encrypted: i=1;
 AFNElJ9QVwJqSzUwZm7Avocm80dtUFkmBD+tKki5yot0Ph2zcu7f9RajQEFzfH+NOjdZTh6zaVCSVGMeLt2xS9c=@vger.kernel.org
X-Gm-Message-State: AOJu0YxK1sEt0lPtfdL5H0IKuKLKlQ8Tgjyxz9pCEMBtE2IctH9qYTPv
	1MYuaoZpIo0gqbrbcHHFB7+oHpEcg2ag0UIM8OWKsre0zbo97VhVf5He
X-Gm-Gg: AeBDiesQp4FXdsAzcJSQqaA/Yr++GBhPSf7WZbvQ+qZC8yNNbAirdWnH/6WgeKQs7GP
	1uwofExk2KDxcJADG6/SgzYhfOSuS/2BM0ePzayC8FaMWEB/C9i3G4YSUm4L0QUZ7jp9WP45zJq
	oKwy4f3vCmSuUKgz3tTU2Ez3mYM/tXhRszkfC5ZUIuvGidGmERnMqomgfDBcmtZpzPXzOkl5iKf
	RaXKyBT9stPbNTzFZpHqoVBbksFkvt9+RV1Mt3iwMJNLpZdyvJrTwTwts929s/iy3z6zlPUyL41
	3h/FnrJF0P9+U/KWxJUisXDYd7AYAY1fq/XBhlxCWftZl0QGP6ETuvq1SPAFIwQYTiE0LGNMaWL
	UBTTI+n8oYRoVwgtTaTkYsaisXByppjjqCpdZQ8kSBA1jCR0j+gE43pQxx1cL/sm6xbJLh8vPZD
	VeiKUpUgXhcNxya2/cEJX4wYL4EZqOuEoKLvrIZAV1d2w26xA0e6glsGT9WC1tmBgs650I+TX26
	pEgrWUNylCJX5a5m8zm
X-Received: by 2002:a05:600c:a10d:b0:489:1abb:5559 with SMTP id
 5b1f17b1804b1-48a7bf9956fmr24250695e9.5.1777450521325;
        Wed, 29 Apr 2026 01:15:21 -0700 (PDT)
Received: from alessandro-pc.station (net-2-37-205-63.cust.vodafonedsl.it.
 [2.37.205.63])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-48a7bc23f4asm44256265e9.7.2026.04.29.01.15.20
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 29 Apr 2026 01:15:20 -0700 (PDT)
From: Alessandro Zanni <alessandro.zanni87@gmail.com>
To: agruenba@redhat.com
Cc: Alessandro Zanni <alessandro.zanni87@gmail.com>,
	linux-kernel@vger.kernel.org,
	gfs2@lists.linux.dev,
	syzbot+642d0561f78362d67d3f@syzkaller.appspotmail.com
Subject: [PATCH] fs: gfs2: fix sleeping function called from invalid context
Date: Wed, 29 Apr 2026 10:15:14 +0200
Message-ID: <20260429081516.566812-1-alessandro.zanni87@gmail.com>
X-Mailer: git-send-email 2.47.3
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

The issue arises on a PREEMPT kernel because gfs2_quota_init
calls gfs2_qd_search_bucket while holding a bit spinlock and
triggering a "sleeping function called from invalid context"
bug.

This patch refactors the quota initialization by splitting the
lock into separate locks, moving the search outside the atomic
section and using RCU lock for a safe access without holding the
bit spinlock.

Modifications of this patch:
1. Use rcu_read_lock() around the invocation of the function
   gfs2_qd_search_bucket() for the search.
2. Add the spin_lock() around the insertion into the hash table
   and lists.
3. Remove the usage of unused spin_unlock().

Fixes: de0d95c26c41c ("gfs2: Check quota consistency on mount")
Reported-by: syzbot+642d0561f78362d67d3f@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=3D642d0561f78362d67d3f
Signed-off-by: Alessandro Zanni <alessandro.zanni87@gmail.com>
---
 fs/gfs2/quota.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/fs/gfs2/quota.c b/fs/gfs2/quota.c
index 5290865f27f1..48516cbc8b49 100644
--- a/fs/gfs2/quota.c
+++ b/fs/gfs2/quota.c
@@ -1456,17 +1456,15 @@ int gfs2_quota_init(struct gfs2_sbd *sdp)
 			qd->qd_slot =3D slot;
 			qd->qd_slot_ref =3D 1;
=20
-			spin_lock(&qd_lock);
-			spin_lock_bucket(hash);
+			rcu_read_lock();
 			old_qd =3D gfs2_qd_search_bucket(hash, sdp, qc_id);
+			rcu_read_unlock();
 			if (old_qd) {
 				fs_err(sdp, "Corruption found in quota_change%u"
 					    "file: duplicate identifier in "
 					    "slot %u\n",
 					    sdp->sd_jdesc->jd_jid, slot);
=20
-				spin_unlock_bucket(hash);
-				spin_unlock(&qd_lock);
 				qd_put(old_qd);
=20
 				gfs2_glock_put(qd->qd_gl);
@@ -1480,6 +1478,8 @@ int gfs2_quota_init(struct gfs2_sbd *sdp)
=20
 				continue;
 			}
+			spin_lock(&qd_lock);
+			spin_lock_bucket(hash);
 			BUG_ON(test_and_set_bit(slot, sdp->sd_quota_bitmap));
 			list_add(&qd->qd_list, &sdp->sd_quota_list);
 			atomic_inc(&sdp->sd_quota_count);
--=20
2.47.3