Re: [PATCH v2] ocfs2: use inode_lock_nested() for orphan dir locking

[Joseph Qi]

On 6/21/26 7:12 AM, Deepanshu Kartikey wrote:
> PREEMPT_RT's rtmutex PI chain walker warns about a lock dependency
> cycle when inode_lock(orphan_dir_inode) is called while holding
> inode_lock(file_inode):
> 
>   ocfs2_file_write_iter()
>     inode_lock(file_inode)               [class 0]
>       ocfs2_dio_end_io_write()
>         ocfs2_del_inode_from_orphan()
>           inode_lock(orphan_dir_inode)   [class 0] <- warning!
> 
> However this is a false positive. write_iter() is never called on a
> directory, and orphan_dir is always a directory, so these two locks
> can never actually conflict in practice.
> 
> Fix by using inode_lock_nested(orphan_dir_inode, I_MUTEX_NONDIR2) in
> all three places where orphan_dir_inode is locked in namei.c, placing
> it in a separate lock class so the rtmutex PI chain walker understands
> these locks have distinct roles and does not warn about their ordering.
> 
> Suggested-by: Matthew Wilcox <willy@xxxxxxxxxxxxx>
> Reported-by: syzbot+ce129763ce7d7e914739@xxxxxxxxxxxxxxxxxxxxxxxxx
> Closes: https://syzkaller.appspot.com/bug?extid=ce129763ce7d7e914739
> Signed-off-by: Deepanshu Kartikey <kartikey406@xxxxxxxxx>

Looks fine.
Reviewed-by: Joseph Qi <joseph.qi@xxxxxxxxxxxxxxxxx>

> 
> ---
> Changes in v2:
> - Replaced inode_lock() with inode_lock_nested(orphan_dir_inode,
>   I_MUTEX_NONDIR2) in all three call sites in namei.c
> - Dropped incorrect v1 changes to aops.c and namei.c that
>   restructured lock ordering, as the deadlock was a false positive
> - Approach suggested by Matthew Wilcox
> ---
>  fs/ocfs2/namei.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c
> index 1277666c77cd..4cfd7b3d3e1a 100644
> --- a/fs/ocfs2/namei.c
> +++ b/fs/ocfs2/namei.c
> @@ -2126,7 +2126,7 @@ static int ocfs2_lookup_lock_orphan_dir(struct ocfs2_super *osb,
>  		return ret;
>  	}
>  
> -	inode_lock(orphan_dir_inode);
> +	inode_lock_nested(orphan_dir_inode, I_MUTEX_NONDIR2);
>  
>  	ret = ocfs2_inode_lock(orphan_dir_inode, &orphan_dir_bh, 1);
>  	if (ret < 0) {
> @@ -2725,7 +2725,7 @@ int ocfs2_del_inode_from_orphan(struct ocfs2_super *osb,
>  		goto bail;
>  	}
>  
> -	inode_lock(orphan_dir_inode);
> +	inode_lock_nested(orphan_dir_inode, I_MUTEX_NONDIR2);
>  	status = ocfs2_inode_lock(orphan_dir_inode, &orphan_dir_bh, 1);
>  	if (status < 0) {
>  		inode_unlock(orphan_dir_inode);
> @@ -2838,7 +2838,7 @@ int ocfs2_mv_orphaned_inode_to_new(struct inode *dir,
>  		goto leave;
>  	}
>  
> -	inode_lock(orphan_dir_inode);
> +	inode_lock_nested(orphan_dir_inode, I_MUTEX_NONDIR2);
>  
>  	status = ocfs2_inode_lock(orphan_dir_inode, &orphan_dir_bh, 1);
>  	if (status < 0) {