[PATCH v2] ocfs2: use inode_lock_nested() for orphan dir locking

[Deepanshu Kartikey]

PREEMPT_RT's rtmutex PI chain walker warns about a lock dependency
cycle when inode_lock(orphan_dir_inode) is called while holding
inode_lock(file_inode):

  ocfs2_file_write_iter()
    inode_lock(file_inode)               [class 0]
      ocfs2_dio_end_io_write()
        ocfs2_del_inode_from_orphan()
          inode_lock(orphan_dir_inode)   [class 0] <- warning!

However this is a false positive. write_iter() is never called on a
directory, and orphan_dir is always a directory, so these two locks
can never actually conflict in practice.

Fix by using inode_lock_nested(orphan_dir_inode, I_MUTEX_NONDIR2) in
all three places where orphan_dir_inode is locked in namei.c, placing
it in a separate lock class so the rtmutex PI chain walker understands
these locks have distinct roles and does not warn about their ordering.

Suggested-by: Matthew Wilcox <willy@xxxxxxxxxxxxx>
Reported-by: syzbot+ce129763ce7d7e914739@xxxxxxxxxxxxxxxxxxxxxxxxx
Closes: https://syzkaller.appspot.com/bug?extid=ce129763ce7d7e914739
Signed-off-by: Deepanshu Kartikey <kartikey406@xxxxxxxxx>

---
Changes in v2:
- Replaced inode_lock() with inode_lock_nested(orphan_dir_inode,
  I_MUTEX_NONDIR2) in all three call sites in namei.c
- Dropped incorrect v1 changes to aops.c and namei.c that
  restructured lock ordering, as the deadlock was a false positive
- Approach suggested by Matthew Wilcox
---
 fs/ocfs2/namei.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c
index 1277666c77cd..4cfd7b3d3e1a 100644
--- a/fs/ocfs2/namei.c
+++ b/fs/ocfs2/namei.c
@@ -2126,7 +2126,7 @@ static int ocfs2_lookup_lock_orphan_dir(struct ocfs2_super *osb,
 		return ret;
 	}
 
-	inode_lock(orphan_dir_inode);
+	inode_lock_nested(orphan_dir_inode, I_MUTEX_NONDIR2);
 
 	ret = ocfs2_inode_lock(orphan_dir_inode, &orphan_dir_bh, 1);
 	if (ret < 0) {
@@ -2725,7 +2725,7 @@ int ocfs2_del_inode_from_orphan(struct ocfs2_super *osb,
 		goto bail;
 	}
 
-	inode_lock(orphan_dir_inode);
+	inode_lock_nested(orphan_dir_inode, I_MUTEX_NONDIR2);
 	status = ocfs2_inode_lock(orphan_dir_inode, &orphan_dir_bh, 1);
 	if (status < 0) {
 		inode_unlock(orphan_dir_inode);
@@ -2838,7 +2838,7 @@ int ocfs2_mv_orphaned_inode_to_new(struct inode *dir,
 		goto leave;
 	}
 
-	inode_lock(orphan_dir_inode);
+	inode_lock_nested(orphan_dir_inode, I_MUTEX_NONDIR2);
 
 	status = ocfs2_inode_lock(orphan_dir_inode, &orphan_dir_bh, 1);
 	if (status < 0) {
-- 
2.43.0