[PATCH] gfs2: Fix invalid glock target state during withdraw
7 views
Skip to first unread message
cestbonchen
Nov 2, 2025, 11:24:08 AM (8 days ago) Nov 2
to agru...@redhat.com, gf...@lists.linux.dev, linux-...@vger.kernel.org, syzk...@googlegroups.com, cestbonchen, syzbot+353de0...@syzkaller.appspotmail.com
During filesystem withdraw, do_xmote() may set the glock target state
to LM_OUT_ERROR when the intended target is not LM_ST_UNLOCKED.
However, LM_OUT_ERROR is an operation result code, not a valid DLM lock
state. Passing it to finish_xmote() triggers a kernel BUG at
fs/gfs2/glock.c:674 due to an invalid state transition.
The correct behavior during withdraw is to force the target state to
LM_ST_UNLOCKED, which safely invalidates cached data via ->go_inval()
and avoids further DLM operations.
Fix both the general withdraw path and the -ENODEV error handling path.
Fixes: 669d4eb0b918 ("gfs2: Clean up properly during a withdraw")
Reported-by: syzbot+353de0...@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?id=f9cc39ae87e4716a6309e8f5d558432cd90035ac
Signed-off-by: cestbonchen <cestb...@163.com>
---
fs/gfs2/glock.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/gfs2/glock.c b/fs/gfs2/glock.c
index e19aa2e820c8..fb08660567ed 100644
--- a/fs/gfs2/glock.c
+++ b/fs/gfs2/glock.c
@@ -696,7 +696,7 @@ __acquires(&gl->gl_lockref.lock)
skip_inval:
if (gfs2_withdrawn(sdp)) {
if (target != LM_ST_UNLOCKED)
- target = LM_OUT_ERROR;
+ target = LM_ST_UNLOCKED;
goto out;
}
@@ -719,7 +719,7 @@ __acquires(&gl->gl_lockref.lock)
* been unlocked implicitly.
*/
if (target != LM_ST_UNLOCKED) {
- target = LM_OUT_ERROR;
+ target = LM_ST_UNLOCKED;
goto out;
}
} else {
--
2.43.0
to LM_OUT_ERROR when the intended target is not LM_ST_UNLOCKED.
However, LM_OUT_ERROR is an operation result code, not a valid DLM lock
state. Passing it to finish_xmote() triggers a kernel BUG at
fs/gfs2/glock.c:674 due to an invalid state transition.
The correct behavior during withdraw is to force the target state to
LM_ST_UNLOCKED, which safely invalidates cached data via ->go_inval()
and avoids further DLM operations.
Fix both the general withdraw path and the -ENODEV error handling path.
Fixes: 669d4eb0b918 ("gfs2: Clean up properly during a withdraw")
Reported-by: syzbot+353de0...@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?id=f9cc39ae87e4716a6309e8f5d558432cd90035ac
Signed-off-by: cestbonchen <cestb...@163.com>
---
fs/gfs2/glock.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/gfs2/glock.c b/fs/gfs2/glock.c
index e19aa2e820c8..fb08660567ed 100644
--- a/fs/gfs2/glock.c
+++ b/fs/gfs2/glock.c
@@ -696,7 +696,7 @@ __acquires(&gl->gl_lockref.lock)
skip_inval:
if (gfs2_withdrawn(sdp)) {
if (target != LM_ST_UNLOCKED)
- target = LM_OUT_ERROR;
+ target = LM_ST_UNLOCKED;
goto out;
}
@@ -719,7 +719,7 @@ __acquires(&gl->gl_lockref.lock)
* been unlocked implicitly.
*/
if (target != LM_ST_UNLOCKED) {
- target = LM_OUT_ERROR;
+ target = LM_ST_UNLOCKED;
goto out;
}
} else {
--
2.43.0
Reply all
Reply to author
Forward
0 new messages