From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: stable-review@kernel.org, torvalds@linux-foundation.org,
akpm@linux-foundation.org, alan@lxorguk.ukuu.org.uk,
Frederic Weisbecker <fweisbec@gmail.com>,
Jeff Mahoney <jeffm@suse.com>
Subject: [052/103] reiserfs: fix unwanted reiserfs lock recursion
Date: Fri, 22 Oct 2010 11:51:26 -0700 [thread overview]
Message-ID: <20101022185232.020882355@clark.site> (raw)
In-Reply-To: <20101022185455.GA9114@kroah.com>
2.6.35-stable review patch. If anyone has any objections, please let us know.
------------------
From: Frederic Weisbecker <fweisbec@gmail.com>
commit 9d8117e72bf453dd9d85e0cd322ce4a0f8bccbc0 upstream.
Prevent from recursively locking the reiserfs lock in reiserfs_unpack()
because we may call journal_begin() that requires the lock to be taken
only once, otherwise it won't be able to release the lock while taking
other mutexes, ending up in inverted dependencies between the journal
mutex and the reiserfs lock for example.
This fixes:
=======================================================
[ INFO: possible circular locking dependency detected ]
2.6.35.4.4a #3
-------------------------------------------------------
lilo/1620 is trying to acquire lock:
(&journal->j_mutex){+.+...}, at: [<d0325bff>] do_journal_begin_r+0x7f/0x340 [reiserfs]
but task is already holding lock:
(&REISERFS_SB(s)->lock){+.+.+.}, at: [<d032a278>] reiserfs_write_lock+0x28/0x40 [reiserfs]
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&REISERFS_SB(s)->lock){+.+.+.}:
[<c10562b7>] lock_acquire+0x67/0x80
[<c12facad>] __mutex_lock_common+0x4d/0x410
[<c12fb0c8>] mutex_lock_nested+0x18/0x20
[<d032a278>] reiserfs_write_lock+0x28/0x40 [reiserfs]
[<d0325c06>] do_journal_begin_r+0x86/0x340 [reiserfs]
[<d0325f77>] journal_begin+0x77/0x140 [reiserfs]
[<d0315be4>] reiserfs_remount+0x224/0x530 [reiserfs]
[<c10b6a20>] do_remount_sb+0x60/0x110
[<c10cee25>] do_mount+0x625/0x790
[<c10cf014>] sys_mount+0x84/0xb0
[<c12fca3d>] syscall_call+0x7/0xb
-> #0 (&journal->j_mutex){+.+...}:
[<c10560f6>] __lock_acquire+0x1026/0x1180
[<c10562b7>] lock_acquire+0x67/0x80
[<c12facad>] __mutex_lock_common+0x4d/0x410
[<c12fb0c8>] mutex_lock_nested+0x18/0x20
[<d0325bff>] do_journal_begin_r+0x7f/0x340 [reiserfs]
[<d0325f77>] journal_begin+0x77/0x140 [reiserfs]
[<d0326271>] reiserfs_persistent_transaction+0x41/0x90 [reiserfs]
[<d030d06c>] reiserfs_get_block+0x22c/0x1530 [reiserfs]
[<c10db9db>] __block_prepare_write+0x1bb/0x3a0
[<c10dbbe6>] block_prepare_write+0x26/0x40
[<d030b738>] reiserfs_prepare_write+0x88/0x170 [reiserfs]
[<d03294d6>] reiserfs_unpack+0xe6/0x120 [reiserfs]
[<d0329782>] reiserfs_ioctl+0x272/0x320 [reiserfs]
[<c10c3188>] vfs_ioctl+0x28/0xa0
[<c10c3bbd>] do_vfs_ioctl+0x32d/0x5c0
[<c10c3eb3>] sys_ioctl+0x63/0x70
[<c12fca3d>] syscall_call+0x7/0xb
other info that might help us debug this:
2 locks held by lilo/1620:
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<d032945a>] reiserfs_unpack+0x6a/0x120 [reiserfs]
#1: (&REISERFS_SB(s)->lock){+.+.+.}, at: [<d032a278>] reiserfs_write_lock+0x28/0x40 [reiserfs]
stack backtrace:
Pid: 1620, comm: lilo Not tainted 2.6.35.4.4a #3
Call Trace:
[<c10560f6>] __lock_acquire+0x1026/0x1180
[<c10562b7>] lock_acquire+0x67/0x80
[<c12facad>] __mutex_lock_common+0x4d/0x410
[<c12fb0c8>] mutex_lock_nested+0x18/0x20
[<d0325bff>] do_journal_begin_r+0x7f/0x340 [reiserfs]
[<d0325f77>] journal_begin+0x77/0x140 [reiserfs]
[<d0326271>] reiserfs_persistent_transaction+0x41/0x90 [reiserfs]
[<d030d06c>] reiserfs_get_block+0x22c/0x1530 [reiserfs]
[<c10db9db>] __block_prepare_write+0x1bb/0x3a0
[<c10dbbe6>] block_prepare_write+0x26/0x40
[<d030b738>] reiserfs_prepare_write+0x88/0x170 [reiserfs]
[<d03294d6>] reiserfs_unpack+0xe6/0x120 [reiserfs]
[<d0329782>] reiserfs_ioctl+0x272/0x320 [reiserfs]
[<c10c3188>] vfs_ioctl+0x28/0xa0
[<c10c3bbd>] do_vfs_ioctl+0x32d/0x5c0
[<c10c3eb3>] sys_ioctl+0x63/0x70
[<c12fca3d>] syscall_call+0x7/0xb
Reported-by: Jarek Poplawski <jarkao2@gmail.com>
Tested-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
fs/reiserfs/ioctl.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/fs/reiserfs/ioctl.c
+++ b/fs/reiserfs/ioctl.c
@@ -170,6 +170,7 @@ int reiserfs_prepare_write(struct file *
int reiserfs_unpack(struct inode *inode, struct file *filp)
{
int retval = 0;
+ int depth;
int index;
struct page *page;
struct address_space *mapping;
@@ -189,7 +190,7 @@ int reiserfs_unpack(struct inode *inode,
** us
*/
reiserfs_mutex_lock_safe(&inode->i_mutex, inode->i_sb);
- reiserfs_write_lock(inode->i_sb);
+ depth = reiserfs_write_lock_once(inode->i_sb);
write_from = inode->i_size & (blocksize - 1);
/* if we are on a block boundary, we are already unpacked. */
@@ -224,6 +225,6 @@ int reiserfs_unpack(struct inode *inode,
out:
mutex_unlock(&inode->i_mutex);
- reiserfs_write_unlock(inode->i_sb);
+ reiserfs_write_unlock_once(inode->i_sb, depth);
return retval;
}
next prev parent reply other threads:[~2010-10-22 19:10 UTC|newest]
Thread overview: 107+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-22 18:54 [000/103] 2.6.35.8-stable review Greg KH
2010-10-22 18:50 ` [001/103] x86, cpu: After uncapping CPUID, re-run CPU feature detection Greg KH
2010-10-22 18:50 ` [002/103] ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory Greg KH
2010-10-22 18:50 ` [003/103] ALSA: oxygen: fix analog capture on Claro halo cards Greg KH
2010-10-22 18:50 ` [004/103] ALSA: hda - Add Dell Latitude E6400 model quirk Greg KH
2010-10-22 18:50 ` [005/103] ALSA: prevent heap corruption in snd_ctl_new() Greg KH
2010-10-22 18:50 ` [006/103] ALSA: rawmidi: fix oops (use after free) when unloading a driver module Greg KH
2010-10-22 18:50 ` [007/103] hwmon: (lis3) Fix Oops with NULL platform data Greg KH
2010-10-22 18:50 ` [008/103] USB: fix bug in initialization of interface minor numbers Greg KH
2010-10-22 18:50 ` [009/103] usb: musb: gadget: fix kernel panic if using out ep with FIFO_TXRX style Greg KH
2010-10-22 18:50 ` [010/103] usb: musb: gadget: restart request on clearing endpoint halt Greg KH
2010-10-22 18:50 ` [011/103] HID: hidraw, fix a NULL pointer dereference in hidraw_ioctl Greg KH
2010-10-22 18:50 ` [012/103] HID: hidraw, fix a NULL pointer dereference in hidraw_write Greg KH
2010-10-22 18:50 ` [013/103] ahci: fix module refcount breakage introduced by libahci split Greg KH
2010-10-22 18:50 ` [014/103] lib/list_sort: do not pass bad pointers to cmp callback Greg KH
2010-10-22 18:50 ` [015/103] ACPI: invoke DSDT corruption workaround on all Toshiba Satellite Greg KH
2010-10-22 18:50 ` [016/103] oprofile: Add Support for Intel CPU Family 6 / Model 29 Greg KH
2010-10-22 18:50 ` [017/103] oprofile, ARM: Release resources on failure Greg KH
2010-10-22 18:50 ` [018/103] RDMA/cxgb3: Turn off RX coalescing for iWARP connections Greg KH
2010-10-22 18:50 ` [019/103] drm/radeon/kms: fix bad cast/shift in evergreen.c Greg KH
2010-10-22 18:50 ` [020/103] drm/radeon/kms: avivo cursor workaround applies to evergreen as well Greg KH
2010-10-22 18:50 ` [021/103] ARM: 6400/1: at91: fix arch_gettimeoffset fallout Greg KH
2010-10-22 18:50 ` [022/103] ARM: 6395/1: VExpress: Set bit 22 in the PL310 (cache controller) AuxCtlr register Greg KH
2010-10-22 18:50 ` [023/103] V4L/DVB: gspca - main: Fix a crash of some webcams on ARM arch Greg KH
2010-10-22 18:50 ` [024/103] V4L/DVB: gspca - sn9c20x: Bad transfer size of Bayer images Greg KH
2010-10-22 18:50 ` [025/103] mmc: sdhci-s3c: fix NULL ptr access in sdhci_s3c_remove Greg KH
2010-10-22 18:51 ` [026/103] x86/amd-iommu: Set iommu configuration flags in enable-loop Greg KH
2010-10-22 18:51 ` [027/103] x86/amd-iommu: Fix rounding-bug in __unmap_single Greg KH
2010-10-22 18:51 ` [028/103] x86/amd-iommu: Work around S3 BIOS bug Greg KH
2010-10-22 18:51 ` [029/103] tracing/x86: Dont use mcount in pvclock.c Greg KH
2010-10-22 18:51 ` [030/103] tracing/x86: Dont use mcount in kvmclock.c Greg KH
2010-10-22 18:51 ` [031/103] ksm: fix bad user data when swapping Greg KH
2010-10-22 18:51 ` [032/103] i7core_edac: fix panic in udimm sysfs attributes registration Greg KH
2010-10-22 18:51 ` [033/103] v4l1: fix 32-bit compat microcode loading translation Greg KH
2010-10-22 18:51 ` [034/103] V4L/DVB: cx231xx: Avoid an OOPS when card is unknown (card=0) Greg KH
2010-10-22 18:51 ` [035/103] V4L/DVB: IR: fix keys beeing stuck down forever Greg KH
2010-10-22 18:51 ` [036/103] V4L/DVB: Dont identify PV SBTVD Hybrid as a DibCom device Greg KH
2010-10-22 18:51 ` [037/103] Input: joydev - fix JSIOCSAXMAP ioctl Greg KH
2010-10-22 18:51 ` [038/103] Input: wacom - fix pressure in Cintiq 21UX2 Greg KH
2010-10-22 18:51 ` [039/103] ioat2: fix performance regression Greg KH
2010-10-22 18:51 ` [040/103] mac80211: fix use-after-free Greg KH
2010-10-22 18:51 ` [041/103] x86, hpet: Fix bogus error check in hpet_assign_irq() Greg KH
2010-10-22 18:51 ` [042/103] x86, irq: Plug memory leak in sparse irq Greg KH
2010-10-22 18:51 ` [043/103] ubd: fix incorrect sector handling during request restart Greg KH
2010-10-22 18:51 ` [044/103] OSS: soundcard: locking bug in sound_ioctl() Greg KH
2010-10-22 18:51 ` [045/103] virtio-blk: fix request leak Greg KH
2010-10-22 18:51 ` [046/103] ring-buffer: Fix typo of time extends per page Greg KH
2010-10-22 18:51 ` [047/103] dmaengine: fix interrupt clearing for mv_xor Greg KH
2010-10-22 18:51 ` [048/103] drivers/gpu/drm/i915/i915_gem.c: Add missing error handling code Greg KH
2010-10-22 18:51 ` [049/103] hrtimer: Preserve timer state in remove_hrtimer() Greg KH
2010-10-22 18:51 ` [050/103] i2c-pca: Fix waitforcompletion() return value Greg KH
2010-10-22 18:51 ` [051/103] reiserfs: fix dependency inversion between inode and reiserfs mutexes Greg KH
2010-10-22 18:51 ` Greg KH [this message]
2010-10-22 18:51 ` [053/103] ocfs2: Dont walk off the end of fast symlinks Greg KH
2010-10-22 18:51 ` [054/103] mfd: Ignore non-GPIO IRQs when setting wm831x IRQ types Greg KH
2010-10-22 18:51 ` [055/103] wext: fix potential private ioctl memory content leak Greg KH
2010-10-22 18:51 ` [056/103] atl1: fix resume Greg KH
2010-10-22 18:51 ` [057/103] x86, numa: For each node, register the memory blocks actually used Greg KH
2010-10-22 18:51 ` [058/103] x86, AMD, MCE thresholding: Fix the MCi_MISCj iteration order Greg KH
2010-10-22 18:51 ` [059/103] De-pessimize rds_page_copy_user Greg KH
2010-10-22 18:51 ` [060/103] firewire: ohci: fix TI TSB82AA2 regression since 2.6.35 Greg KH
2010-10-22 18:51 ` [061/103] drm/i915: Prevent module unload to avoid random memory corruption Greg KH
2010-10-22 18:51 ` [062/103] drm/i915: Sanity check pread/pwrite Greg KH
2010-10-22 18:51 ` [063/103] drm/i915: fix GMCH power reporting Greg KH
2010-10-22 18:51 ` [064/103] drm: Prune GEM vma entries Greg KH
2010-10-22 18:51 ` [065/103] drm: Hold the mutex when dropping the last GEM reference (v2) Greg KH
2010-10-22 18:51 ` [066/103] drm/radeon: fix PCI ID 5657 to be an RV410 Greg KH
2010-10-22 18:51 ` [067/103] drm/radeon/kms: fix possible sigbus in evergreen accel code Greg KH
2010-10-22 18:51 ` [068/103] drm/radeon/kms: fix up encoder info messages for DFP6 Greg KH
2010-10-22 18:51 ` [069/103] drm/radeon/kms: fix potential segfault in r600_ioctl_wait_idle Greg KH
2010-10-22 18:51 ` [070/103] drm/radeon/kms: add quirk for MSI K9A2GM motherboard Greg KH
2010-10-22 18:51 ` [071/103] mmc: sdio: fix SDIO suspend/resume regression Greg KH
2010-10-22 18:51 ` [072/103] V4L/DVB: dib7770: enable the current mirror Greg KH
2010-10-22 18:51 ` [073/103] xfs: properly account for reclaimed inodes Greg KH
2010-10-22 18:51 ` [074/103] skge: add quirk to limit DMA Greg KH
2010-10-22 18:51 ` [075/103] r8169: allocate with GFP_KERNEL flag when able to sleep Greg KH
2010-10-22 18:51 ` [076/103] KVM: i8259: fix migration Greg KH
2010-10-22 18:51 ` [077/103] KVM: x86: Fix SVM VMCB reset Greg KH
2010-10-23 9:51 ` Michael Tokarev
2010-10-23 13:47 ` Zachary Amsden
2010-10-23 15:59 ` [stable] " Greg KH
2010-10-22 18:51 ` [078/103] KVM: x86: Move TSC reset out of vmcb_init Greg KH
2010-10-22 18:51 ` [079/103] KVM: fix irqfd assign/deassign race Greg KH
2010-10-22 18:51 ` [080/103] KVM: Fix reboot on Intel hosts Greg KH
2010-10-22 18:51 ` [081/103] [SCSI] bsg: fix incorrect device_status value Greg KH
2010-10-22 18:51 ` [082/103] [SCSI] Fix VPD inquiry page wrapper Greg KH
2010-10-22 18:51 ` [083/103] virtio: console: Dont block entire guest if host doesnt read data Greg KH
2010-10-22 18:51 ` [084/103] ACPI: Handle ACPI0007 Device in acpi_early_set_pdc Greg KH
2010-10-22 18:51 ` [085/103] powerpc: Initialise paca->kstack before early_setup_secondary Greg KH
2010-10-22 18:52 ` [086/103] powerpc: Dont use kernel stack with translation off Greg KH
2010-10-22 18:52 ` [087/103] b44: fix carrier detection on bind Greg KH
2010-10-22 18:52 ` [088/103] ALSA: hda - add ideapad model for Conexant 5051 codec Greg KH
2010-10-22 18:52 ` [089/103] ACPI: enable repeated PCIEXP wakeup by clearing PCIEXP_WAKE_STS on resume Greg KH
2010-10-22 18:52 ` [090/103] intel_idle: PCI quirk to prevent Lenovo Ideapad s10-3 boot hang Greg KH
2010-10-22 18:52 ` [091/103] ACPI: EC: add Vista incompatibility DMI entry for Toshiba Satellite L355 Greg KH
2010-10-22 18:52 ` [092/103] ACPI: delete ZEPTO idle=nomwait DMI quirk Greg KH
2010-10-22 18:52 ` [093/103] ACPI: Disable Windows Vista compatibility for Toshiba P305D Greg KH
2010-10-22 18:52 ` [094/103] PM / ACPI: Blacklist systems known to require acpi_sleep=nonvs Greg KH
2010-10-22 18:52 ` [095/103] x86: detect scattered cpuid features earlier Greg KH
2010-10-22 18:52 ` [096/103] agp/intel: Fix cache control for Sandybridge Greg KH
2010-10-22 18:52 ` [097/103] x86-32: Separate 1:1 pagetables from swapper_pg_dir Greg KH
2010-10-22 18:52 ` [098/103] x86-32: Fix dummy trampoline-related inline stubs Greg KH
2010-10-22 18:52 ` [099/103] x86, mm: Fix CONFIG_VMSPLIT_1G and 2G_OPT trampoline Greg KH
2010-10-22 18:52 ` [100/103] setup_arg_pages: diagnose excessive argument size Greg KH
2010-10-22 18:52 ` [101/103] execve: improve interactivity with large arguments Greg KH
2010-10-22 18:52 ` [102/103] execve: make responsive to SIGKILL " Greg KH
2010-10-22 18:52 ` [103/103] mm: Move vma_stack_continue into mm.h Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101022185232.020882355@clark.site \
--to=gregkh@suse.de \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=fweisbec@gmail.com \
--cc=jeffm@suse.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable-review@kernel.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox