Re: [PATCH] fs: gfs2: fix sleeping function called from invalid context
From: Alexander Aring
Date: Fri May 01 2026 - 09:09:17 EST
Hi,
On Wed, Apr 29, 2026 at 4:21 AM Alessandro Zanni
<alessandro.zanni87@xxxxxxxxx> wrote:
>
> The issue arises on a PREEMPT kernel because gfs2_quota_init
> calls gfs2_qd_search_bucket while holding a bit spinlock and
> triggering a "sleeping function called from invalid context"
> bug.
>
> This patch refactors the quota initialization by splitting the
> lock into separate locks, moving the search outside the atomic
> section and using RCU lock for a safe access without holding the
> bit spinlock.
>
> Modifications of this patch:
> 1. Use rcu_read_lock() around the invocation of the function
> gfs2_qd_search_bucket() for the search.
> 2. Add the spin_lock() around the insertion into the hash table
> and lists.
> 3. Remove the usage of unused spin_unlock().
>
> Fixes: de0d95c26c41c ("gfs2: Check quota consistency on mount")
> Reported-by: syzbot+642d0561f78362d67d3f@xxxxxxxxxxxxxxxxxxxxxxxxx
> Closes: https://syzkaller.appspot.com/bug?extid=642d0561f78362d67d3f
> Signed-off-by: Alessandro Zanni <alessandro.zanni87@xxxxxxxxx>
> ---
> fs/gfs2/quota.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/fs/gfs2/quota.c b/fs/gfs2/quota.c
> index 5290865f27f1..48516cbc8b49 100644
> --- a/fs/gfs2/quota.c
> +++ b/fs/gfs2/quota.c
> @@ -1456,17 +1456,15 @@ int gfs2_quota_init(struct gfs2_sbd *sdp)
> qd->qd_slot = slot;
> qd->qd_slot_ref = 1;
>
> - spin_lock(&qd_lock);
> - spin_lock_bucket(hash);
> + rcu_read_lock();
> old_qd = gfs2_qd_search_bucket(hash, sdp, qc_id);
> + rcu_read_unlock();
As far as I'm aware, the RCU lock critical section can't sleep either.
So this fix seems incorrect if "gfs2_qd_search_bucket" can sleep.
- Alex