From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Dave Jiang <dave.jiang@intel.com>,
Vishal Verma <vishal.l.verma@intel.com>,
Dan Williams <dan.j.williams@intel.com>
Subject: [PATCH 4.10 44/69] libnvdimm: fix reconfig_mutex, mmap_sem, and jbd2_handle lockdep splat
Date: Wed, 19 Apr 2017 16:37:13 +0200 [thread overview]
Message-ID: <20170419141556.968014049@linuxfoundation.org> (raw)
In-Reply-To: <20170419141555.114738231@linuxfoundation.org>
4.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Williams <dan.j.williams@intel.com>
commit 0beb2012a1722633515c8aaa263c73449636c893 upstream.
Holding the reconfig_mutex over a potential userspace fault sets up a
lockdep dependency chain between filesystem-DAX and the libnvdimm ioctl
path. Move the user access outside of the lock.
[ INFO: possible circular locking dependency detected ]
4.11.0-rc3+ #13 Tainted: G W O
-------------------------------------------------------
fallocate/16656 is trying to acquire lock:
(&nvdimm_bus->reconfig_mutex){+.+.+.}, at: [<ffffffffa00080b1>] nvdimm_bus_lock+0x21/0x30 [libnvdimm]
but task is already holding lock:
(jbd2_handle){++++..}, at: [<ffffffff813b4944>] start_this_handle+0x104/0x460
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (jbd2_handle){++++..}:
lock_acquire+0xbd/0x200
start_this_handle+0x16a/0x460
jbd2__journal_start+0xe9/0x2d0
__ext4_journal_start_sb+0x89/0x1c0
ext4_dirty_inode+0x32/0x70
__mark_inode_dirty+0x235/0x670
generic_update_time+0x87/0xd0
touch_atime+0xa9/0xd0
ext4_file_mmap+0x90/0xb0
mmap_region+0x370/0x5b0
do_mmap+0x415/0x4f0
vm_mmap_pgoff+0xd7/0x120
SyS_mmap_pgoff+0x1c5/0x290
SyS_mmap+0x22/0x30
entry_SYSCALL_64_fastpath+0x1f/0xc2
-> #1 (&mm->mmap_sem){++++++}:
lock_acquire+0xbd/0x200
__might_fault+0x70/0xa0
__nd_ioctl+0x683/0x720 [libnvdimm]
nvdimm_ioctl+0x8b/0xe0 [libnvdimm]
do_vfs_ioctl+0xa8/0x740
SyS_ioctl+0x79/0x90
do_syscall_64+0x6c/0x200
return_from_SYSCALL_64+0x0/0x7a
-> #0 (&nvdimm_bus->reconfig_mutex){+.+.+.}:
__lock_acquire+0x16b6/0x1730
lock_acquire+0xbd/0x200
__mutex_lock+0x88/0x9b0
mutex_lock_nested+0x1b/0x20
nvdimm_bus_lock+0x21/0x30 [libnvdimm]
nvdimm_forget_poison+0x25/0x50 [libnvdimm]
nvdimm_clear_poison+0x106/0x140 [libnvdimm]
pmem_do_bvec+0x1c2/0x2b0 [nd_pmem]
pmem_make_request+0xf9/0x270 [nd_pmem]
generic_make_request+0x118/0x3b0
submit_bio+0x75/0x150
Fixes: 62232e45f4a2 ("libnvdimm: control (ioctl) messages for nvdimm_bus and nvdimm devices")
Cc: Dave Jiang <dave.jiang@intel.com>
Reported-by: Vishal Verma <vishal.l.verma@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvdimm/bus.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/nvdimm/bus.c
+++ b/drivers/nvdimm/bus.c
@@ -934,8 +934,14 @@ static int __nd_ioctl(struct nvdimm_bus
rc = nd_desc->ndctl(nd_desc, nvdimm, cmd, buf, buf_len, NULL);
if (rc < 0)
goto out_unlock;
+ nvdimm_bus_unlock(&nvdimm_bus->dev);
+
if (copy_to_user(p, buf, buf_len))
rc = -EFAULT;
+
+ vfree(buf);
+ return rc;
+
out_unlock:
nvdimm_bus_unlock(&nvdimm_bus->dev);
out:
next prev parent reply other threads:[~2017-04-19 15:23 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-19 14:36 [PATCH 4.10 00/69] 4.10.12-stable review Greg Kroah-Hartman
2017-04-19 14:36 ` [PATCH 4.10 01/69] cgroup, kthread: close race window where new kthreads can be migrated to non-root cgroups Greg Kroah-Hartman
2017-04-19 14:36 ` [PATCH 4.10 02/69] audit: make sure we dont let the retry queue grow without bounds Greg Kroah-Hartman
2017-04-19 14:36 ` [PATCH 4.10 03/69] tcmu: Fix possible overwrite of t_data_sgs last iov[] Greg Kroah-Hartman
2017-04-19 14:36 ` [PATCH 4.10 04/69] tcmu: Fix wrongly calculating of the base_command_size Greg Kroah-Hartman
2017-04-19 14:36 ` [PATCH 4.10 05/69] tcmu: Skip Data-Out blocks before gathering Data-In buffer for BIDI case Greg Kroah-Hartman
2017-04-19 14:36 ` [PATCH 4.10 06/69] thp: fix MADV_DONTNEED vs. MADV_FREE race Greg Kroah-Hartman
2017-04-19 14:36 ` [PATCH 4.10 07/69] thp: fix MADV_DONTNEED vs clear soft dirty race Greg Kroah-Hartman
2017-04-19 14:36 ` [PATCH 4.10 08/69] zsmalloc: expand class bit Greg Kroah-Hartman
2017-04-19 14:36 ` [PATCH 4.10 09/69] orangefs: free superblock when mount fails Greg Kroah-Hartman
2017-04-19 14:36 ` [PATCH 4.10 10/69] drm/nouveau/mpeg: mthd returns true on success now Greg Kroah-Hartman
2017-04-19 14:36 ` [PATCH 4.10 11/69] drm/nouveau/mmu/nv4a: use nv04 mmu rather than the nv44 one Greg Kroah-Hartman
2017-04-19 14:36 ` [PATCH 4.10 12/69] drm/nouveau/kms/nv50: fix setting of HeadSetRasterVertBlankDmi method Greg Kroah-Hartman
2017-04-19 14:36 ` [PATCH 4.10 13/69] drm/nouveau/kms/nv50: fix double dma_fence_put() when destroying plane state Greg Kroah-Hartman
2017-04-19 14:36 ` [PATCH 4.10 14/69] drm/nouveau: initial support (display-only) for GP107 Greg Kroah-Hartman
2017-04-19 14:36 ` [PATCH 4.10 15/69] drm/etnaviv: fix missing unlock on error in etnaviv_gpu_submit() Greg Kroah-Hartman
2017-04-19 14:36 ` [PATCH 4.10 17/69] CIFS: reconnect thread reschedule itself Greg Kroah-Hartman
2017-04-19 14:36 ` [PATCH 4.10 18/69] CIFS: store results of cifs_reopen_file to avoid infinite wait Greg Kroah-Hartman
2017-04-19 14:36 ` [PATCH 4.10 19/69] Input: xpad - add support for Razer Wildcat gamepad Greg Kroah-Hartman
2017-04-19 14:36 ` [PATCH 4.10 20/69] perf annotate s390: Fix perf annotate error -95 (4.10 regression) Greg Kroah-Hartman
2017-04-19 14:36 ` [PATCH 4.10 21/69] perf/x86: Avoid exposing wrong/stale data in intel_pmu_lbr_read_32() Greg Kroah-Hartman
2017-04-19 14:36 ` [PATCH 4.10 22/69] x86/efi: Dont try to reserve runtime regions Greg Kroah-Hartman
2017-04-19 14:36 ` [PATCH 4.10 23/69] x86/signals: Fix lower/upper bound reporting in compat siginfo Greg Kroah-Hartman
2017-04-19 14:36 ` [PATCH 4.10 24/69] x86/intel_rdt: Fix locking in rdtgroup_schemata_write() Greg Kroah-Hartman
2017-04-19 14:36 ` [PATCH 4.10 25/69] x86, pmem: fix broken __copy_user_nocache cache-bypass assumptions Greg Kroah-Hartman
2017-04-19 14:36 ` [PATCH 4.10 26/69] x86/vdso: Ensure vdso32_enabled gets set to valid values only Greg Kroah-Hartman
2017-04-19 14:36 ` [PATCH 4.10 27/69] x86/vdso: Plug race between mapping and ELF header setup Greg Kroah-Hartman
2017-04-19 14:36 ` [PATCH 4.10 28/69] acpi, nfit, libnvdimm: fix interleave set cookie calculation (64-bit comparison) Greg Kroah-Hartman
2017-04-19 14:36 ` [PATCH 4.10 29/69] ACPI / scan: Set the visited flag for all enumerated devices Greg Kroah-Hartman
2017-04-19 14:36 ` [PATCH 4.10 30/69] parisc: fix bugs in pa_memcpy Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 31/69] efi/libstub: Skip GOP with PIXEL_BLT_ONLY format Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 32/69] efi/fb: Avoid reconfiguration of BAR that covers the framebuffer Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 33/69] iscsi-target: Fix TMR reference leak during session shutdown Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 34/69] iscsi-target: Drop work-around for legacy GlobalSAN initiator Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 35/69] scsi: sr: Sanity check returned mode data Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 36/69] scsi: sd: Consider max_xfer_blocks if opt_xfer_blocks is unusable Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 37/69] scsi: qla2xxx: Add fix to read correct register value for ISP82xx Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 38/69] scsi: sd: Fix capacity calculation with 32-bit sector_t Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 39/69] target: Avoid mappedlun symlink creation during lun shutdown Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 40/69] xen, fbfront: fix connecting to backend Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 41/69] [iov_iter] new privimitive: iov_iter_revert() Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 42/69] make skb_copy_datagram_msg() et.al. preserve ->msg_iter on error Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 43/69] libnvdimm: fix blk free space accounting Greg Kroah-Hartman
2017-04-19 14:37 ` Greg Kroah-Hartman [this message]
2017-04-19 14:37 ` [PATCH 4.10 45/69] libnvdimm: band aid btt vs clear poison locking Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 46/69] can: ifi: use correct register to read rx status Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 47/69] pwm: rockchip: State of PWM clock should synchronize with PWM enabled state Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 48/69] cpufreq: Bring CPUs up even if cpufreq_online() failed Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 49/69] irqchip/irq-imx-gpcv2: Fix spinlock initialization Greg Kroah-Hartman
2017-04-19 14:37 ` Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 50/69] ftrace: Fix removing of second function probe Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 51/69] drm/i915/gvt: set the correct default value of CTX STATUS PTR Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 52/69] char: lack of bool string made CONFIG_DEVPORT always on Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 53/69] Revert "MIPS: Lantiq: Fix cascaded IRQ setup" Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 54/69] zram: do not use copy_page with non-page aligned address Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 55/69] ftrace: Fix function pid filter on instances Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 56/69] crypto: algif_aead - Fix bogus request dereference in completion function Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 57/69] crypto: xts - Fix use-after-free on EINPROGRESS Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 58/69] crypto: ahash - Fix EINPROGRESS notification callback Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 59/69] crypto: lrw - Fix use-after-free on EINPROGRESS Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 60/69] parisc: Fix get_user() for 64-bit value on 32-bit kernel Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 61/69] [media] dvb-usb-v2: avoid use-after-free Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 62/69] ASoC: Intel: select DW_DMAC_CORE since its mandatory Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 64/69] x86/xen: Fix APIC id mismatch warning on Intel Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 65/69] ACPI / EC: Use busy polling mode when GPE is not enabled Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 66/69] rtc: tegra: Implement clock handling Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 67/69] mm: Tighten x86 /dev/mem with zeroing reads Greg Kroah-Hartman
2017-04-19 14:37 ` [PATCH 4.10 69/69] virtio-console: avoid DMA from stack Greg Kroah-Hartman
2017-04-19 20:38 ` [PATCH 4.10 00/69] 4.10.12-stable review Shuah Khan
2017-04-20 6:33 ` Greg Kroah-Hartman
2017-04-19 23:22 ` Guenter Roeck
2017-04-20 6:29 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170419141556.968014049@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=dan.j.williams@intel.com \
--cc=dave.jiang@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=vishal.l.verma@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.