leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1e047eaab3
linux/drivers
History
Tetsuo Handa 1e047eaab3 block/loop: fix deadlock after loop_set_status 
syzbot is reporting deadlocks at __blkdev_get() [1].

----------------------------------------
[   92.493919] systemd-udevd   D12696   525      1 0x00000000
[   92.495891] Call Trace:
[   92.501560]  schedule+0x23/0x80
[   92.502923]  schedule_preempt_disabled+0x5/0x10
[   92.504645]  __mutex_lock+0x416/0x9e0
[   92.510760]  __blkdev_get+0x73/0x4f0
[   92.512220]  blkdev_get+0x12e/0x390
[   92.518151]  do_dentry_open+0x1c3/0x2f0
[   92.519815]  path_openat+0x5d9/0xdc0
[   92.521437]  do_filp_open+0x7d/0xf0
[   92.527365]  do_sys_open+0x1b8/0x250
[   92.528831]  do_syscall_64+0x6e/0x270
[   92.530341]  entry_SYSCALL_64_after_hwframe+0x42/0xb7

[   92.931922] 1 lock held by systemd-udevd/525:
[   92.933642]  #0: 00000000a2849e25 (&bdev->bd_mutex){+.+.}, at: __blkdev_get+0x73/0x4f0
----------------------------------------

The reason of deadlock turned out that wait_event_interruptible() in
blk_queue_enter() got stuck with bdev->bd_mutex held at __blkdev_put()
due to q->mq_freeze_depth == 1.

----------------------------------------
[   92.787172] a.out           S12584   634    633 0x80000002
[   92.789120] Call Trace:
[   92.796693]  schedule+0x23/0x80
[   92.797994]  blk_queue_enter+0x3cb/0x540
[   92.803272]  generic_make_request+0xf0/0x3d0
[   92.807970]  submit_bio+0x67/0x130
[   92.810928]  submit_bh_wbc+0x15e/0x190
[   92.812461]  __block_write_full_page+0x218/0x460
[   92.815792]  __writepage+0x11/0x50
[   92.817209]  write_cache_pages+0x1ae/0x3d0
[   92.825585]  generic_writepages+0x5a/0x90
[   92.831865]  do_writepages+0x43/0xd0
[   92.836972]  __filemap_fdatawrite_range+0xc1/0x100
[   92.838788]  filemap_write_and_wait+0x24/0x70
[   92.840491]  __blkdev_put+0x69/0x1e0
[   92.841949]  blkdev_close+0x16/0x20
[   92.843418]  __fput+0xda/0x1f0
[   92.844740]  task_work_run+0x87/0xb0
[   92.846215]  do_exit+0x2f5/0xba0
[   92.850528]  do_group_exit+0x34/0xb0
[   92.852018]  SyS_exit_group+0xb/0x10
[   92.853449]  do_syscall_64+0x6e/0x270
[   92.854944]  entry_SYSCALL_64_after_hwframe+0x42/0xb7

[   92.943530] 1 lock held by a.out/634:
[   92.945105]  #0: 00000000a2849e25 (&bdev->bd_mutex){+.+.}, at: __blkdev_put+0x3c/0x1e0
----------------------------------------

The reason of q->mq_freeze_depth == 1 turned out that loop_set_status()
forgot to call blk_mq_unfreeze_queue() at error paths for
info->lo_encrypt_type != NULL case.

----------------------------------------
[   37.509497] CPU: 2 PID: 634 Comm: a.out Tainted: G        W        4.16.0+ #457
[   37.513608] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/19/2017
[   37.518832] RIP: 0010:blk_freeze_queue_start+0x17/0x40
[   37.521778] RSP: 0018:ffffb0c2013e7c60 EFLAGS: 00010246
[   37.524078] RAX: 0000000000000000 RBX: ffff8b07b1519798 RCX: 0000000000000000
[   37.527015] RDX: 0000000000000002 RSI: ffffb0c2013e7cc0 RDI: ffff8b07b1519798
[   37.529934] RBP: ffffb0c2013e7cc0 R08: 0000000000000008 R09: 47a189966239b898
[   37.532684] R10: dad78b99b278552f R11: 9332dca72259d5ef R12: ffff8b07acd73678
[   37.535452] R13: 0000000000004c04 R14: 0000000000000000 R15: ffff8b07b841e940
[   37.538186] FS:  00007fede33b9740(0000) GS:ffff8b07b8e80000(0000) knlGS:0000000000000000
[   37.541168] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   37.543590] CR2: 00000000206fdf18 CR3: 0000000130b30006 CR4: 00000000000606e0
[   37.546410] Call Trace:
[   37.547902]  blk_freeze_queue+0x9/0x30
[   37.549968]  loop_set_status+0x67/0x3c0 [loop]
[   37.549975]  loop_set_status64+0x3b/0x70 [loop]
[   37.549986]  lo_ioctl+0x223/0x810 [loop]
[   37.549995]  blkdev_ioctl+0x572/0x980
[   37.550003]  block_ioctl+0x34/0x40
[   37.550006]  do_vfs_ioctl+0xa7/0x6d0
[   37.550017]  ksys_ioctl+0x6b/0x80
[   37.573076]  SyS_ioctl+0x5/0x10
[   37.574831]  do_syscall_64+0x6e/0x270
[   37.576769]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
----------------------------------------

[1] https://syzkaller.appspot.com/bug?id=cd662bc3f6022c0979d01a262c318fab2ee9b56f

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reported-by: syzbot <bot+48594378e9851eab70bcd6f99327c7db58c5a28a@syzkaller.appspotmail.com>
Fixes: ecdd09597a ("block/loop: fix race between I/O and set_status")
Cc: Ming Lei <tom.leiming@gmail.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: stable <stable@vger.kernel.org>
Cc: Jens Axboe <axboe@fb.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2018-04-10 08:38:46 -06:00
..
accessibility
acpi * Add NVDIMM support to EDAC (Tony Luck) 2018-04-05 14:21:13 -07:00
amba
android
ata Merge branch 'for-4.17' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata 2018-04-03 17:42:25 -07:00
atm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-04-01 19:49:34 -04:00
auxdisplay auxdisplay: img-ascii-lcd: Silence 2 uninitialized warnings 2018-03-13 18:16:38 +01:00
base Driver core patches for 4.17-rc1 2018-04-04 19:41:45 -07:00
bcma bcma: Prevent build of PCI host features in module 2018-03-13 18:47:47 +02:00
block block/loop: fix deadlock after loop_set_status 2018-04-10 08:38:46 -06:00
bluetooth Bluetooth: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for BTUSB_QCA_ROME 2018-04-01 21:43:02 +03:00
bus Staging/IIO patches for 4.17-rc1 2018-04-04 18:56:27 -07:00
cdrom cdrom: do not call check_disk_change() inside cdrom_open() 2018-03-09 08:06:35 -07:00
char kernel.h: Retain constant expression output for max()/min() 2018-04-05 14:17:16 -07:00
clk clk: bcm2835: Protect sections updating shared registers 2018-03-19 09:27:37 -07:00
clocksource arch: remove obsolete architecture ports 2018-04-02 20:20:12 -07:00
connector
cpufreq Power management updates for 4.17-rc1 2018-04-03 10:45:39 -07:00
cpuidle cpuidle: poll_state: Avoid invoking local_clock() too often 2018-03-29 13:06:08 +02:00
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2018-04-04 17:11:08 -07:00
dax
dca
devfreq
dio
dma dmaengine: stm32-dmamux: fix a potential buffer overflow 2018-03-22 10:51:35 +05:30
dma-buf
edac * Add NVDIMM support to EDAC (Tony Luck) 2018-04-05 14:21:13 -07:00
eisa
extcon Char/Misc patches for 4.17-rc1 2018-04-04 20:07:20 -07:00
firewire
firmware * Add NVDIMM support to EDAC (Tony Luck) 2018-04-05 14:21:13 -07:00
fmc treewide: Fix typos in printk 2018-03-27 09:51:22 +02:00
fpga PCI: Add Altera vendor ID 2018-03-14 19:13:47 +01:00
fsi fsi: core: Add check for master property no-scan-on-init 2018-03-14 19:11:01 +01:00
gpio This is the bulk of GPIO changes for the v4.17 kernel cycle: 2018-04-05 09:51:41 -07:00
gpu kernel.h: Retain constant expression output for max()/min() 2018-04-05 14:17:16 -07:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2018-04-05 11:53:34 -07:00
hsi HSI: hsi_char: Delete an error message for a failed memory allocation in hsc_probe() 2018-03-19 16:31:07 +01:00
hv hv: add SPDX license id to Kconfig 2018-03-28 13:24:56 +02:00
hwmon
hwspinlock
hwtracing Char/Misc patches for 4.17-rc1 2018-04-04 20:07:20 -07:00
i2c arch: remove obsolete architecture ports 2018-04-02 20:20:12 -07:00
ide for-4.17/block-20180402 2018-04-05 14:27:02 -07:00
idle
iio This is the bulk of GPIO changes for the v4.17 kernel cycle: 2018-04-05 09:51:41 -07:00
infiniband Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-04-01 19:49:34 -04:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2018-04-05 13:21:57 -07:00
iommu Merge branch 'x86-dma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-04-02 17:18:45 -07:00
ipack
irqchip Staging/IIO patches for 4.17-rc1 2018-04-04 18:56:27 -07:00
isdn Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-04-03 14:04:18 -07:00
leds leds: Fix wrong dmi_match on PC Engines APU LEDs 2018-03-20 20:28:00 +01:00
lightnvm lightnvm: pblk: remove some unnecessary NULL checks 2018-03-29 17:29:09 -06:00
macintosh macintosh/via-pmu68k: Initialize PMU driver with setup_arch and arch_initcall 2018-03-19 10:22:59 +01:00
mailbox
mcb mcb: add Altera PCI ID to mcb-pci 2018-03-14 19:13:48 +01:00
md for-4.17/block-20180402 2018-04-05 14:27:02 -07:00
media Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2018-04-05 11:56:35 -07:00
memory
memstick
message treewide: Align function definition open/close braces 2018-03-26 11:13:09 +02:00
mfd
misc for-4.17/block-20180402 2018-04-05 14:27:02 -07:00
mmc for-4.17/block-20180402 2018-04-05 14:27:02 -07:00
mtd for-4.17/block-20180402 2018-04-05 14:27:02 -07:00
mux
net Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2018-04-05 11:56:35 -07:00
nfc
ntb
nubus
nvdimm for-4.17/block-20180402 2018-04-05 14:27:02 -07:00
nvme for-4.17/block-20180402 2018-04-05 14:27:02 -07:00
nvmem Char/Misc patches for 4.17-rc1 2018-04-04 20:07:20 -07:00
of Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-04-03 14:04:18 -07:00
opp
oprofile oprofilefs: don't oops on allocation failure 2018-03-29 15:07:48 -04:00
parisc parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode 2018-03-27 18:52:22 +02:00
parport Char/Misc patches for 4.17-rc1 2018-04-04 20:07:20 -07:00
pci arch: remove obsolete architecture ports 2018-04-02 20:20:12 -07:00
pcmcia Power management updates for 4.17-rc1 2018-04-03 10:45:39 -07:00
perf arm64 updates for 4.17 2018-04-04 16:01:43 -07:00
phy phy: for 4.17 2018-03-20 10:10:46 +01:00
pinctrl This is the bulk of GPIO changes for the v4.17 kernel cycle: 2018-04-05 09:51:41 -07:00
platform Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2018-04-05 11:56:35 -07:00
pnp
power power supply and reset changes for the v4.17 series 2018-04-03 12:10:01 -07:00
powercap powercap: RAPL: Add support for Cannon Lake 2018-03-19 00:02:24 +01:00
pps pps: generator: use new parport device model 2018-03-14 17:53:06 +01:00
ps3
ptp
pwm pwm: remove pwm-bfin driver 2018-03-26 15:57:08 +02:00
rapidio
ras
regulator Merge remote-tracking branches 'regulator/topic/88pg86x', 'regulator/topic/dt', 'regulator/topic/formatting' and 'regulator/topic/gpio' into regulator-next 2018-03-28 10:33:53 +08:00
remoteproc
reset
rpmsg
rtc Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2018-04-05 11:56:35 -07:00
s390 for-4.17/block-20180402 2018-04-05 14:27:02 -07:00
sbus sparc64: Properly range check DAX completion index 2018-04-01 20:07:00 -04:00
scsi SCSI for-linus on 20180404 2018-04-05 15:05:53 -07:00
sfi
sh
siox siox: fix possible buffer overflow in device_add_store 2018-03-15 18:07:46 +01:00
slimbus slimbus: core: use put_device() instead of kfree() 2018-03-15 17:55:52 +01:00
sn
soc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-03-23 11:31:58 -04:00
soundwire
spi spi: SPI updates for v4.17 2018-04-03 12:06:21 -07:00
spmi
ssb ssb: use put_device() if device_register fail 2018-03-13 18:48:29 +02:00
staging for-4.17/block-20180402 2018-04-05 14:27:02 -07:00
target for-4.17/block-20180402 2018-04-05 14:27:02 -07:00
tc
tee
thermal
thunderbolt thunderbolt: Prevent crash when ICM firmware is not running 2018-03-14 14:26:38 +03:00
tty TTY/Serial driver patches for 4.17-rc1 2018-04-04 18:43:49 -07:00
uio uio_hv_generic: support sub-channels 2018-03-06 09:57:17 -08:00
usb TTY/Serial driver patches for 4.17-rc1 2018-04-04 18:43:49 -07:00
uwb uwb: Re-use DEFINE_SHOW_ATTRIBUTE() macro 2018-03-09 09:31:26 -08:00
vfio Revert: "vfio-pci: Mask INTx if a device is not capabable of enabling it" 2018-03-21 22:50:19 -06:00
vhost Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-04-01 19:49:34 -04:00
video TTY/Serial driver patches for 4.17-rc1 2018-04-04 18:43:49 -07:00
virt
virtio virtio_ring: fix num_free handling in error case 2018-03-01 18:53:38 +02:00
visorbus
vlynq
vme
w1 w1: use put_device() if device_register() fail 2018-03-14 14:58:50 +01:00
watchdog This is the bulk of GPIO changes for the v4.17 kernel cycle: 2018-04-05 09:51:41 -07:00
xen x86/dma: Remove dma_alloc_coherent_mask() 2018-03-20 10:01:56 +01:00
zorro zorro: Set up z->dev.dma_mask for the DMA API 2018-03-19 10:26:46 +01:00
Kconfig hwtracing: Add HW tracing support menu 2018-03-29 13:38:10 +03:00
Makefile