[PATCH] ceph: fix deadlock in ceph_readdir_prepopulate
From: Zhao Sun
Date: Wed Jul 30 2025 - 06:00:32 EST
When ceph_readdir_prepopulate calls ceph_get_inode while holding
mdsc->snap_rwsem, a deadlock may occur, blocking all subsequent
requests of the current session.
Fix by release the mds->snap_rwsem read lock before calling the
ceph_get_inode function.
Link: https://tracker.ceph.com/issues/72307
Signed-off-by: Zhao Sun <sunzhao03@xxxxxxxxxxxx>
---
fs/ceph/inode.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c
index 06cd2963e41e..3d7fb045ba76 100644
--- a/fs/ceph/inode.c
+++ b/fs/ceph/inode.c
@@ -1900,6 +1900,7 @@ static int fill_readdir_cache(struct inode *dir, struct dentry *dn,
int ceph_readdir_prepopulate(struct ceph_mds_request *req,
struct ceph_mds_session *session)
{
+ struct ceph_mds_client *mdsc = session->s_mdsc;
struct dentry *parent = req->r_dentry;
struct inode *inode = d_inode(parent);
struct ceph_inode_info *ci = ceph_inode(inode);
@@ -2029,7 +2030,10 @@ int ceph_readdir_prepopulate(struct ceph_mds_request *req,
if (d_really_is_positive(dn)) {
in = d_inode(dn);
} else {
+ /* Release mdsc->snap_rwsem in advance to avoid deadlock */
+ up_read(&mdsc->snap_rwsem);
in = ceph_get_inode(parent->d_sb, tvino, NULL);
+ down_read(&mdsc->snap_rwsem);
if (IS_ERR(in)) {
doutc(cl, "new_inode badness\n");
d_drop(dn);
--
2.39.2 (Apple Git-143)