From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Greg KH <gregkh@linuxfoundation.org>,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk,
Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>,
Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>
Subject: [ 05/65] nilfs2: fix deadlock issue between chcp and thaw ioctls
Date: Mon, 13 Aug 2012 15:13:49 -0700 [thread overview]
Message-ID: <20120813221415.437649767@linuxfoundation.org> (raw)
In-Reply-To: <20120813221414.965154048@linuxfoundation.org>
From: Greg KH <gregkh@linuxfoundation.org>
3.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
commit 572d8b3945a31bee7c40d21556803e4807fd9141 upstream.
An fs-thaw ioctl causes deadlock with a chcp or mkcp -s command:
chcp D ffff88013870f3d0 0 1325 1324 0x00000004
...
Call Trace:
nilfs_transaction_begin+0x11c/0x1a0 [nilfs2]
wake_up_bit+0x20/0x20
copy_from_user+0x18/0x30 [nilfs2]
nilfs_ioctl_change_cpmode+0x7d/0xcf [nilfs2]
nilfs_ioctl+0x252/0x61a [nilfs2]
do_page_fault+0x311/0x34c
get_unmapped_area+0x132/0x14e
do_vfs_ioctl+0x44b/0x490
__set_task_blocked+0x5a/0x61
vm_mmap_pgoff+0x76/0x87
__set_current_blocked+0x30/0x4a
sys_ioctl+0x4b/0x6f
system_call_fastpath+0x16/0x1b
thaw D ffff88013870d890 0 1352 1351 0x00000004
...
Call Trace:
rwsem_down_failed_common+0xdb/0x10f
call_rwsem_down_write_failed+0x13/0x20
down_write+0x25/0x27
thaw_super+0x13/0x9e
do_vfs_ioctl+0x1f5/0x490
vm_mmap_pgoff+0x76/0x87
sys_ioctl+0x4b/0x6f
filp_close+0x64/0x6c
system_call_fastpath+0x16/0x1b
where the thaw ioctl deadlocked at thaw_super() when called while chcp was
waiting at nilfs_transaction_begin() called from
nilfs_ioctl_change_cpmode(). This deadlock is 100% reproducible.
This is because nilfs_ioctl_change_cpmode() first locks sb->s_umount in
read mode and then waits for unfreezing in nilfs_transaction_begin(),
whereas thaw_super() locks sb->s_umount in write mode. The locking of
sb->s_umount here was intended to make snapshot mounts and the downgrade
of snapshots to checkpoints exclusive.
This fixes the deadlock issue by replacing the sb->s_umount usage in
nilfs_ioctl_change_cpmode() with a dedicated mutex which protects snapshot
mounts.
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Cc: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>
Tested-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nilfs2/ioctl.c | 4 ++--
fs/nilfs2/super.c | 3 +++
fs/nilfs2/the_nilfs.c | 1 +
fs/nilfs2/the_nilfs.h | 2 ++
4 files changed, 8 insertions(+), 2 deletions(-)
--- a/fs/nilfs2/ioctl.c
+++ b/fs/nilfs2/ioctl.c
@@ -182,7 +182,7 @@ static int nilfs_ioctl_change_cpmode(str
if (copy_from_user(&cpmode, argp, sizeof(cpmode)))
goto out;
- down_read(&inode->i_sb->s_umount);
+ mutex_lock(&nilfs->ns_snapshot_mount_mutex);
nilfs_transaction_begin(inode->i_sb, &ti, 0);
ret = nilfs_cpfile_change_cpmode(
@@ -192,7 +192,7 @@ static int nilfs_ioctl_change_cpmode(str
else
nilfs_transaction_commit(inode->i_sb); /* never fails */
- up_read(&inode->i_sb->s_umount);
+ mutex_unlock(&nilfs->ns_snapshot_mount_mutex);
out:
mnt_drop_write_file(filp);
return ret;
--- a/fs/nilfs2/super.c
+++ b/fs/nilfs2/super.c
@@ -948,6 +948,8 @@ static int nilfs_attach_snapshot(struct
struct nilfs_root *root;
int ret;
+ mutex_lock(&nilfs->ns_snapshot_mount_mutex);
+
down_read(&nilfs->ns_segctor_sem);
ret = nilfs_cpfile_is_snapshot(nilfs->ns_cpfile, cno);
up_read(&nilfs->ns_segctor_sem);
@@ -972,6 +974,7 @@ static int nilfs_attach_snapshot(struct
ret = nilfs_get_root_dentry(s, root, root_dentry);
nilfs_put_root(root);
out:
+ mutex_unlock(&nilfs->ns_snapshot_mount_mutex);
return ret;
}
--- a/fs/nilfs2/the_nilfs.c
+++ b/fs/nilfs2/the_nilfs.c
@@ -76,6 +76,7 @@ struct the_nilfs *alloc_nilfs(struct blo
nilfs->ns_bdev = bdev;
atomic_set(&nilfs->ns_ndirtyblks, 0);
init_rwsem(&nilfs->ns_sem);
+ mutex_init(&nilfs->ns_snapshot_mount_mutex);
INIT_LIST_HEAD(&nilfs->ns_dirty_files);
INIT_LIST_HEAD(&nilfs->ns_gc_inodes);
spin_lock_init(&nilfs->ns_inode_lock);
--- a/fs/nilfs2/the_nilfs.h
+++ b/fs/nilfs2/the_nilfs.h
@@ -47,6 +47,7 @@ enum {
* @ns_flags: flags
* @ns_bdev: block device
* @ns_sem: semaphore for shared states
+ * @ns_snapshot_mount_mutex: mutex to protect snapshot mounts
* @ns_sbh: buffer heads of on-disk super blocks
* @ns_sbp: pointers to super block data
* @ns_sbwtime: previous write time of super block
@@ -99,6 +100,7 @@ struct the_nilfs {
struct block_device *ns_bdev;
struct rw_semaphore ns_sem;
+ struct mutex ns_snapshot_mount_mutex;
/*
* used for
next prev parent reply other threads:[~2012-08-13 22:15 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-13 22:13 [ 00/65] 3.4.9-stable review Greg Kroah-Hartman
2012-08-13 22:13 ` [ 01/65] [IA64] Redefine ATOMIC_INIT and ATOMIC64_INIT to drop the casts Greg Kroah-Hartman
2012-08-13 22:13 ` [ 02/65] asus-wmi: use ASUS_WMI_METHODID_DSTS2 as default DSTS ID Greg Kroah-Hartman
2012-08-13 22:13 ` [ 03/65] sunrpc: clnt: Add missing braces Greg Kroah-Hartman
2012-08-13 22:13 ` [ 04/65] SUNRPC: return negative value in case rpcbind client creation error Greg Kroah-Hartman
2012-08-13 22:13 ` Greg Kroah-Hartman [this message]
2012-08-13 22:13 ` [ 06/65] media: ene_ir: Fix driver initialisation Greg Kroah-Hartman
2012-08-13 22:13 ` [ 07/65] pcdp: use early_ioremap/early_iounmap to access pcdp table Greg Kroah-Hartman
2012-08-13 22:13 ` [ 08/65] mm: fix wrong argument of migrate_huge_pages() in soft_offline_huge_page() Greg Kroah-Hartman
2012-08-13 22:13 ` [ 09/65] ARM: 7466/1: disable interrupt before spinning endlessly Greg Kroah-Hartman
2012-08-13 22:13 ` [ 10/65] ARM: 7467/1: mutex: use generic xchg-based implementation for ARMv6+ Greg Kroah-Hartman
2012-08-15 4:29 ` Ben Hutchings
2012-08-15 9:10 ` Will Deacon
2012-08-13 22:13 ` [ 11/65] ARM: 7476/1: vfp: only clear vfp state for current cpu in vfp_pm_suspend Greg Kroah-Hartman
2012-08-13 22:13 ` [ 12/65] ARM: 7477/1: vfp: Always save VFP state in vfp_pm_suspend on UP Greg Kroah-Hartman
2012-08-13 22:13 ` [ 13/65] ARM: 7478/1: errata: extend workaround for erratum #720789 Greg Kroah-Hartman
2012-08-13 22:13 ` [ 14/65] ARM: 7479/1: mm: avoid NULL dereference when flushing gate_vma with VIVT caches Greg Kroah-Hartman
2012-08-13 22:13 ` [ 15/65] ARM: 7480/1: only call smp_send_stop() on SMP Greg Kroah-Hartman
2012-08-13 22:14 ` [ 16/65] ARM: Fix undefined instruction exception handling Greg Kroah-Hartman
2012-08-13 22:14 ` [ 17/65] ALSA: hda - add dock support for Thinkpad T430s Greg Kroah-Hartman
2012-08-13 22:14 ` [ 18/65] ALSA: hda - add dock support for Thinkpad X230 Greg Kroah-Hartman
2012-08-13 22:14 ` [ 19/65] ALSA: hda - remove quirk for Dell Vostro 1015 Greg Kroah-Hartman
2012-08-13 22:14 ` [ 20/65] ALSA: hda - Fix double quirk for Quanta FL1 / Lenovo Ideapad Greg Kroah-Hartman
2012-08-13 22:14 ` [ 21/65] mm: mmu_notifier: fix freed page still mapped in secondary MMU Greg Kroah-Hartman
2012-08-13 22:14 ` [ 22/65] md/raid1: dont abort a resync on the first badblock Greg Kroah-Hartman
2012-08-13 22:14 ` [ 23/65] video/smscufx: fix line counting in fb_write Greg Kroah-Hartman
2012-08-13 22:14 ` [ 24/65] ore: Fix out-of-bounds access in _ios_obj() Greg Kroah-Hartman
2012-08-13 22:14 ` [ 25/65] ACPI processor: Fix tick_broadcast_mask online/offline regression Greg Kroah-Hartman
2012-08-13 22:14 ` [ 26/65] mac80211: cancel mesh path timer Greg Kroah-Hartman
2012-08-13 22:14 ` [ 27/65] ath9k: Add PID/VID support for AR1111 Greg Kroah-Hartman
2012-08-13 22:14 ` [ 28/65] wireless: reg: restore previous behaviour of chan->max_power calculations Greg Kroah-Hartman
2012-08-13 22:14 ` [ 29/65] x86, nops: Missing break resulting in incorrect selection on Intel Greg Kroah-Hartman
2012-08-13 22:14 ` [ 30/65] random: make add_interrupt_randomness() do something sane Greg Kroah-Hartman
2012-08-13 22:14 ` [ 31/65] random: use lockless techniques in the interrupt path Greg Kroah-Hartman
2012-08-13 22:14 ` [ 32/65] random: create add_device_randomness() interface Greg Kroah-Hartman
2012-08-13 22:14 ` [ 33/65] usb: feed USB device information to the /dev/random driver Greg Kroah-Hartman
2012-08-13 22:14 ` [ 34/65] net: feed /dev/random with the MAC address when registering a device Greg Kroah-Hartman
2012-08-13 22:14 ` [ 35/65] random: use the arch-specific rng in xfer_secondary_pool Greg Kroah-Hartman
2012-08-13 22:14 ` [ 36/65] random: add new get_random_bytes_arch() function Greg Kroah-Hartman
2012-08-13 22:14 ` [ 37/65] random: add tracepoints for easier debugging and verification Greg Kroah-Hartman
2012-08-13 22:14 ` [ 38/65] MAINTAINERS: Theodore Tso is taking over the random driver Greg Kroah-Hartman
2012-08-13 22:14 ` [ 39/65] rtc: wm831x: Feed the write counter into device_add_randomness() Greg Kroah-Hartman
2012-08-13 22:14 ` [ 40/65] mfd: wm831x: Feed the device UUID " Greg Kroah-Hartman
2012-08-13 22:14 ` [ 41/65] random: remove rand_initialize_irq() Greg Kroah-Hartman
2012-08-13 22:14 ` [ 42/65] random: Add comment to random_initialize() Greg Kroah-Hartman
2012-08-13 22:14 ` [ 43/65] dmi: Feed DMI table to /dev/random driver Greg Kroah-Hartman
2012-08-13 22:14 ` [ 44/65] random: mix in architectural randomness in extract_buf() Greg Kroah-Hartman
2012-08-13 22:14 ` [ 45/65] HID: multitouch: add support for Novatek touchscreen Greg Kroah-Hartman
2012-08-13 22:14 ` [ 46/65] HID: add support for Cypress barcode scanner 04B4:ED81 Greg Kroah-Hartman
2012-08-13 22:14 ` [ 47/65] HID: add ASUS AIO keyboard model AK1D Greg Kroah-Hartman
2012-08-13 22:14 ` [ 48/65] x86, microcode: microcode_core.c simple_strtoul cleanup Greg Kroah-Hartman
2012-08-13 22:14 ` [ 49/65] x86, microcode: Sanitize per-cpu microcode reloading interface Greg Kroah-Hartman
2012-08-13 22:14 ` [ 50/65] mm: hugetlbfs: close race during teardown of hugetlbfs shared page tables Greg Kroah-Hartman
2012-08-13 22:14 ` [ 51/65] target: Add range checking to UNMAP emulation Greg Kroah-Hartman
2012-08-13 22:14 ` [ 52/65] target: Fix reading of data length fields for UNMAP commands Greg Kroah-Hartman
2012-08-13 22:14 ` [ 53/65] target: Fix possible integer underflow in UNMAP emulation Greg Kroah-Hartman
2012-08-13 22:14 ` [ 54/65] target: Check number of unmap descriptors against our limit Greg Kroah-Hartman
2012-08-13 22:14 ` [ 55/65] ARM: mxs: Remove MMAP_MIN_ADDR setting from mxs_defconfig Greg Kroah-Hartman
2012-08-13 22:14 ` [ 56/65] ARM: dts: imx53-ard: add regulators for lan9220 Greg Kroah-Hartman
2012-08-13 22:14 ` [ 57/65] ARM: pxa: remove irq_to_gpio from ezx-pcap driver Greg Kroah-Hartman
2012-08-13 22:14 ` [ 58/65] cfg80211: process pending events when unregistering net device Greg Kroah-Hartman
2012-08-13 22:14 ` [ 59/65] cfg80211: fix interface combinations check for ADHOC(IBSS) Greg Kroah-Hartman
2012-08-13 22:14 ` [ 60/65] tun: dont zeroize sock->file on detach Greg Kroah-Hartman
2012-08-13 22:14 ` [ 61/65] iwlwifi: disable greenfield transmissions as a workaround Greg Kroah-Hartman
2012-08-13 22:14 ` [ 62/65] e1000e: NIC goes up and immediately goes down Greg Kroah-Hartman
2012-08-13 22:14 ` [ 63/65] Input: eeti_ts: pass gpio value instead of IRQ Greg Kroah-Hartman
2012-08-13 22:14 ` [ 64/65] Input: wacom - Bamboo One 1024 pressure fix Greg Kroah-Hartman
2012-08-13 22:14 ` [ 65/65] rt61pci: fix NULL pointer dereference in config_lna_gain Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120813221415.437649767@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=fernando@oss.ntt.co.jp \
--cc=konishi.ryusuke@lab.ntt.co.jp \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).