[PATCH AUTOSEL 6.16-6.6] erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC

Wed Aug 20 03:35:18 AEST 2025

From: Junli Liu <liujunli at lixiang.com>

[ Upstream commit c99fab6e80b76422741d34aafc2f930a482afbdd ]

Since EROFS handles decompression in non-atomic contexts due to
uncontrollable decompression latencies and vmap() usage, it tries
to detect atomic contexts and only kicks off a kworker on demand
in order to reduce unnecessary scheduling overhead.

However, the current approach is insufficient and can lead to
sleeping function calls in invalid contexts, causing kernel
warnings and potential system instability. See the stacktrace [1]
and previous discussion [2].

The current implementation only checks rcu_read_lock_any_held(),
which behaves inconsistently across different kernel configurations:

- When CONFIG_DEBUG_LOCK_ALLOC is enabled: correctly detects
  RCU critical sections by checking rcu_lock_map
- When CONFIG_DEBUG_LOCK_ALLOC is disabled: compiles to
  "!preemptible()", which only checks preempt_count and misses
  RCU critical sections

This patch introduces z_erofs_in_atomic() to provide comprehensive
atomic context detection:

1. Check RCU preemption depth when CONFIG_PREEMPTION is enabled,
   as RCU critical sections may not affect preempt_count but still
   require atomic handling

2. Always use async processing when CONFIG_PREEMPT_COUNT is disabled,
   as preemption state cannot be reliably determined

3. Fall back to standard preemptible() check for remaining cases

The function replaces the previous complex condition check and ensures
that z_erofs always uses (kthread_)work in atomic contexts to minimize
scheduling overhead and prevent sleeping in invalid contexts.

[1] Problem stacktrace
[ 61.266692] BUG: sleeping function called from invalid context at kernel/locking/rtmutex_api.c:510
[ 61.266702] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 107, name: irq/54-ufshcd
[ 61.266704] preempt_count: 0, expected: 0
[ 61.266705] RCU nest depth: 2, expected: 0
[ 61.266710] CPU: 0 UID: 0 PID: 107 Comm: irq/54-ufshcd Tainted: G W O 6.12.17 #1
[ 61.266714] Tainted: [W]=WARN, [O]=OOT_MODULE
[ 61.266715] Hardware name: schumacher (DT)
[ 61.266717] Call trace:
[ 61.266718] dump_backtrace+0x9c/0x100
[ 61.266727] show_stack+0x20/0x38
[ 61.266728] dump_stack_lvl+0x78/0x90
[ 61.266734] dump_stack+0x18/0x28
[ 61.266736] __might_resched+0x11c/0x180
[ 61.266743] __might_sleep+0x64/0xc8
[ 61.266745] mutex_lock+0x2c/0xc0
[ 61.266748] z_erofs_decompress_queue+0xe8/0x978
[ 61.266753] z_erofs_decompress_kickoff+0xa8/0x190
[ 61.266756] z_erofs_endio+0x168/0x288
[ 61.266758] bio_endio+0x160/0x218
[ 61.266762] blk_update_request+0x244/0x458
[ 61.266766] scsi_end_request+0x38/0x278
[ 61.266770] scsi_io_completion+0x4c/0x600
[ 61.266772] scsi_finish_command+0xc8/0xe8
[ 61.266775] scsi_complete+0x88/0x148
[ 61.266777] blk_mq_complete_request+0x3c/0x58
[ 61.266780] scsi_done_internal+0xcc/0x158
[ 61.266782] scsi_done+0x1c/0x30
[ 61.266783] ufshcd_compl_one_cqe+0x12c/0x438
[ 61.266786] __ufshcd_transfer_req_compl+0x2c/0x78
[ 61.266788] ufshcd_poll+0xf4/0x210
[ 61.266789] ufshcd_transfer_req_compl+0x50/0x88
[ 61.266791] ufshcd_intr+0x21c/0x7c8
[ 61.266792] irq_forced_thread_fn+0x44/0xd8
[ 61.266796] irq_thread+0x1a4/0x358
[ 61.266799] kthread+0x12c/0x138
[ 61.266802] ret_from_fork+0x10/0x20

[2] https://lore.kernel.org/r/58b661d0-0ebb-4b45-a10d-c5927fb791cd@paulmck-laptop

Signed-off-by: Junli Liu <liujunli at lixiang.com>
Reviewed-by: Gao Xiang <hsiangkao at linux.alibaba.com>
Link: https://lore.kernel.org/r/20250805011957.911186-1-liujunli@lixiang.com
[ Gao Xiang: Use the original trace in v1. ]
Signed-off-by: Gao Xiang <hsiangkao at linux.alibaba.com>
Signed-off-by: Sasha Levin <sashal at kernel.org>
---

LLM Generated explanations, may be completely bogus:

**YES**

This commit should be backported to stable kernel trees. Here's my
extensive analysis:

## Critical Bug Fix Analysis

This commit fixes a **critical bug** that causes "sleeping function
called from invalid context" errors, leading to kernel warnings and
potential system instability. The stacktrace shows the issue occurring
in production systems (kernel 6.12.17), where mutex_lock() is
incorrectly called in an atomic RCU context.

## Root Cause of the Bug

The bug stems from **configuration-dependent behavior** of
`rcu_read_lock_any_held()`:

1. **When CONFIG_DEBUG_LOCK_ALLOC is enabled** (lines 345-348): The
   function properly checks RCU lock maps and correctly detects RCU
   critical sections.

2. **When CONFIG_DEBUG_LOCK_ALLOC is disabled** (lines 371-374): The
   function simply returns `!preemptible()`, which only checks
   preempt_count but **fails to detect RCU critical sections** when
   CONFIG_PREEMPTION is enabled.

This inconsistency causes the decompression code to incorrectly attempt
synchronous operations (including mutex_lock) within RCU critical
sections, violating kernel locking rules.

## The Fix

The new `z_erofs_in_atomic()` function (lines 1436-1443) provides
comprehensive atomic context detection:

```c
+static inline bool z_erofs_in_atomic(void)
+{
+       if (IS_ENABLED(CONFIG_PREEMPTION) && rcu_preempt_depth())
+               return true;
+       if (!IS_ENABLED(CONFIG_PREEMPT_COUNT))
+               return true;
+       return !preemptible();
+}
```

This correctly handles all kernel configurations:
- Checks `rcu_preempt_depth()` when CONFIG_PREEMPTION is enabled
- Conservatively assumes atomic context when preemption tracking is
  unavailable
- Falls back to standard preemptible() check otherwise

## Backport Criteria Met

1. **Fixes a real bug affecting users**: The stacktrace shows this
   occurring in production with the UFS storage driver (ufshcd), a
   common component in Android and embedded systems.

2. **Small and contained fix**: Only 13 lines changed, 11 additions and
   2 deletions, confined to the EROFS subsystem.

3. **No major architectural changes**: Simply improves atomic context
   detection logic without changing the decompression architecture.

4. **Clear regression risk assessment**: The fix is conservative - it
   may cause slightly more async processing in edge cases but prevents
   incorrect synchronous processing that causes crashes.

5. **Follows previous pattern**: This is actually the second fix for
   atomic context detection in EROFS (commit 12d0a24afd9e fixed a
   similar issue in 2023), showing this is a known problematic area that
   needs proper handling.

6. **Critical for system stability**: Sleeping in atomic context can
   lead to system hangs, data corruption, and crashes - particularly
   problematic in storage subsystems.

The commit message explicitly includes a production stacktrace
demonstrating the bug in kernel 6.12.17, making this a confirmed real-
world issue rather than theoretical. The fix is minimal, targeted, and
addresses a configuration-dependent bug that could affect many systems
depending on their kernel configuration.

 fs/erofs/zdata.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/fs/erofs/zdata.c b/fs/erofs/zdata.c
index e3f28a1bb945..9bb53f00c2c6 100644
--- a/fs/erofs/zdata.c
+++ b/fs/erofs/zdata.c
@@ -1430,6 +1430,16 @@ static void z_erofs_decompressqueue_kthread_work(struct kthread_work *work)
 }
 #endif
 
+/* Use (kthread_)work in atomic contexts to minimize scheduling overhead */
+static inline bool z_erofs_in_atomic(void)
+{
+	if (IS_ENABLED(CONFIG_PREEMPTION) && rcu_preempt_depth())
+		return true;
+	if (!IS_ENABLED(CONFIG_PREEMPT_COUNT))
+		return true;
+	return !preemptible();
+}
+
 static void z_erofs_decompress_kickoff(struct z_erofs_decompressqueue *io,
 				       int bios)
 {
@@ -1444,8 +1454,7 @@ static void z_erofs_decompress_kickoff(struct z_erofs_decompressqueue *io,
 
 	if (atomic_add_return(bios, &io->pending_bios))
 		return;
-	/* Use (kthread_)work and sync decompression for atomic contexts only */
-	if (!in_task() || irqs_disabled() || rcu_read_lock_any_held()) {
+	if (z_erofs_in_atomic()) {
 #ifdef CONFIG_EROFS_FS_PCPU_KTHREAD
 		struct kthread_worker *worker;
 
-- 
2.50.1

