From: Sasha Levin <sashal@kernel.org>
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: "Jia-Ju Bai" <baijiaju1990@gmail.com>,
"Matias Bjørling" <mb@lightnvm.io>,
"Jens Axboe" <axboe@kernel.dk>, "Sasha Levin" <sashal@kernel.org>
Subject: [PATCH AUTOSEL 4.14 09/73] lightnvm: pblk: fix two sleep-in-atomic-context bugs
Date: Wed, 31 Oct 2018 19:08:44 -0400 [thread overview]
Message-ID: <20181031230948.29203-9-sashal@kernel.org> (raw)
In-Reply-To: <20181031230948.29203-1-sashal@kernel.org>
From: Jia-Ju Bai <baijiaju1990@gmail.com>
[ Upstream commit 7325b4bbe5952e3e939f15de812f2ee0c0d33ca9 ]
The driver may sleep with holding a spinlock.
The function call paths (from bottom to top) in Linux-4.16 are:
[FUNC] nvm_dev_dma_alloc(GFP_KERNEL)
drivers/lightnvm/pblk-core.c, 754:
nvm_dev_dma_alloc in pblk_line_submit_smeta_io
drivers/lightnvm/pblk-core.c, 1048:
pblk_line_submit_smeta_io in pblk_line_init_bb
drivers/lightnvm/pblk-core.c, 1434:
pblk_line_init_bb in pblk_line_replace_data
drivers/lightnvm/pblk-recovery.c, 980:
pblk_line_replace_data in pblk_recov_l2p
drivers/lightnvm/pblk-recovery.c, 976:
spin_lock in pblk_recov_l2p
[FUNC] bio_map_kern(GFP_KERNEL)
drivers/lightnvm/pblk-core.c, 762:
bio_map_kern in pblk_line_submit_smeta_io
drivers/lightnvm/pblk-core.c, 1048:
pblk_line_submit_smeta_io in pblk_line_init_bb
drivers/lightnvm/pblk-core.c, 1434:
pblk_line_init_bb in pblk_line_replace_data
drivers/lightnvm/pblk-recovery.c, 980:
pblk_line_replace_data in pblk_recov_l2p
drivers/lightnvm/pblk-recovery.c, 976:
spin_lock in pblk_recov_l2p
To fix these bugs, the call to pblk_line_replace_data()
is moved out of the spinlock protection.
These bugs are found by my static analysis tool DSAC.
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Reviewed-by: Javier González <javier@cnexlabs.com>
Signed-off-by: Matias Bjørling <mb@lightnvm.io>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/lightnvm/pblk-recovery.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/lightnvm/pblk-recovery.c b/drivers/lightnvm/pblk-recovery.c
index cb556e06673e..5d0912bf9eab 100644
--- a/drivers/lightnvm/pblk-recovery.c
+++ b/drivers/lightnvm/pblk-recovery.c
@@ -1001,12 +1001,14 @@ struct pblk_line *pblk_recov_l2p(struct pblk *pblk)
}
}
- spin_lock(&l_mg->free_lock);
if (!open_lines) {
+ spin_lock(&l_mg->free_lock);
WARN_ON_ONCE(!test_and_clear_bit(meta_line,
&l_mg->meta_bitmap));
+ spin_unlock(&l_mg->free_lock);
pblk_line_replace_data(pblk);
} else {
+ spin_lock(&l_mg->free_lock);
/* Allocate next line for preparation */
l_mg->data_next = pblk_line_get(pblk);
if (l_mg->data_next) {
@@ -1014,8 +1016,8 @@ struct pblk_line *pblk_recov_l2p(struct pblk *pblk)
l_mg->data_next->type = PBLK_LINETYPE_DATA;
is_next = 1;
}
+ spin_unlock(&l_mg->free_lock);
}
- spin_unlock(&l_mg->free_lock);
if (is_next) {
pblk_line_erase(pblk, l_mg->data_next);
--
2.17.1
next prev parent reply other threads:[~2018-10-31 23:28 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-31 23:08 [PATCH AUTOSEL 4.14 01/73] net: ethernet: ti: cpsw: unsync mcast entries while switch promisc mode Sasha Levin
2018-10-31 23:08 ` [PATCH AUTOSEL 4.14 02/73] locking/lockdep: Fix debug_locks off performance problem Sasha Levin
2018-10-31 23:08 ` [PATCH AUTOSEL 4.14 03/73] ataflop: fix error handling during setup Sasha Levin
2018-10-31 23:08 ` [PATCH AUTOSEL 4.14 04/73] swim: fix cleanup on setup error Sasha Levin
2018-10-31 23:08 ` [PATCH AUTOSEL 4.14 05/73] nfp: devlink port split support for 1x100G CXP NIC Sasha Levin
2018-10-31 23:08 ` [PATCH AUTOSEL 4.14 06/73] tun: Consistently configure generic netdev params via rtnetlink Sasha Levin
2018-10-31 23:08 ` [PATCH AUTOSEL 4.14 07/73] s390/sthyi: Fix machine name validity indication Sasha Levin
2018-10-31 23:08 ` [PATCH AUTOSEL 4.14 08/73] hwmon: (pwm-fan) Set fan speed to 0 on suspend Sasha Levin
2018-10-31 23:08 ` Sasha Levin [this message]
2018-10-31 23:08 ` [PATCH AUTOSEL 4.14 10/73] spi: spi-ep93xx: Use dma_data_direction for ep93xx_spi_dma_{finish,prepare} Sasha Levin
2018-10-31 23:08 ` [PATCH AUTOSEL 4.14 11/73] perf tools: Free temporary 'sys' string in read_event_files() Sasha Levin
2018-10-31 23:08 ` [PATCH AUTOSEL 4.14 12/73] perf tools: Cleanup trace-event-info 'tdata' leak Sasha Levin
2018-10-31 23:08 ` [PATCH AUTOSEL 4.14 13/73] perf strbuf: Match va_{add,copy} with va_end Sasha Levin
2018-10-31 23:08 ` [PATCH AUTOSEL 4.14 14/73] cpupower: Fix coredump on VMWare Sasha Levin
2018-10-31 23:08 ` [PATCH AUTOSEL 4.14 15/73] mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 Sasha Levin
2018-10-31 23:08 ` [PATCH AUTOSEL 4.14 16/73] iwlwifi: pcie: avoid empty free RB queue Sasha Levin
2018-10-31 23:08 ` [PATCH AUTOSEL 4.14 17/73] iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface Sasha Levin
2018-10-31 23:08 ` [PATCH AUTOSEL 4.14 18/73] x86/olpc: Indicate that legacy PC XO-1 platform should not register RTC Sasha Levin
2018-10-31 23:08 ` [PATCH AUTOSEL 4.14 19/73] ACPI / processor: Fix the return value of acpi_processor_ids_walk() Sasha Levin
2018-10-31 23:08 ` [PATCH AUTOSEL 4.14 20/73] cpufreq: dt: Try freeing static OPPs only if we have added them Sasha Levin
2018-10-31 23:08 ` [PATCH AUTOSEL 4.14 21/73] mtd: rawnand: atmel: Fix potential NULL pointer dereference Sasha Levin
2018-10-31 23:08 ` [PATCH AUTOSEL 4.14 22/73] regulator: fixed: Default enable high on DT regulators Sasha Levin
2018-11-01 12:06 ` Mark Brown
2018-11-01 15:48 ` Sasha Levin
2018-10-31 23:08 ` [PATCH AUTOSEL 4.14 23/73] signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack Sasha Levin
2018-10-31 23:08 ` [PATCH AUTOSEL 4.14 24/73] Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 25/73] x86: boot: Fix EFI stub alignment Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 26/73] pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 27/73] brcmfmac: fix for proper support of 160MHz bandwidth Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 28/73] net: phy: phylink: ensure the carrier is off when starting phylink Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 29/73] block, bfq: correctly charge and reset entity service in all cases Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 30/73] kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 31/73] ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 32/73] pinctrl: qcom: spmi-mpp: Fix drive strength setting Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 33/73] pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 34/73] pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() " Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 35/73] net: dsa: mv88e6xxx: Fix writing to a PHY page Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 36/73] iwlwifi: mvm: fix BAR seq ctrl reporting Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 37/73] ixgbevf: VF2VF TCP RSS Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 38/73] ath10k: schedule hardware restart if WMI command times out Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 39/73] thermal: da9062/61: Prevent hardware access during system suspend Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 40/73] cgroup, netclassid: add a preemption point to write_classid Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 41/73] scsi: esp_scsi: Track residual for PIO transfers Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 42/73] UAPI: ndctl: Fix g++-unsupported initialisation in headers Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 43/73] KVM: nVMX: Clear reserved bits of #DB exit qualification Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 44/73] scsi: megaraid_sas: fix a missing-check bug Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 45/73] RDMA/core: Do not expose unsupported counters Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 46/73] IB/ipoib: Clear IPCB before icmp_send Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 47/73] RDMA/bnxt_re: Fix recursive lock warning in debug kernel Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 48/73] usb: host: ohci-at91: fix request of irq for optional gpio Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 49/73] PCI: mediatek: Fix mtk_pcie_find_port() endpoint/port matching logic Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 50/73] tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 51/73] Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 52/73] Drivers: hv: kvp: Fix two "this statement may fall through" warnings Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 53/73] VMCI: Resource wildcard match fixed Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 54/73] PCI / ACPI: Enable wake automatically for power managed bridges Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 55/73] usb: gadget: udc: atmel: handle at91sam9rl PMC Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 56/73] ext4: fix argument checking in EXT4_IOC_MOVE_EXT Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 57/73] MD: fix invalid stored role for a disk Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 58/73] f2fs: fix to recover inode's i_flags during POR Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 59/73] PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 60/73] coresight: etb10: Fix handling of perf mode Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 61/73] PCI: dwc: pci-dra7xx: Enable errata i870 for both EP and RC mode Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 62/73] crypto: caam - fix implicit casts in endianness helpers Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 63/73] usb: chipidea: Prevent unbalanced IRQ disable Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 64/73] driver/dma/ioat: Call del_timer_sync() without holding prep_lock Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 65/73] uio: ensure class is registered before devices Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 66/73] scsi: lpfc: Correct soft lockup when running mds diagnostics Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 67/73] scsi: lpfc: Correct race with abort on completion path Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 68/73] f2fs: report error if quota off error during umount Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 69/73] signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 70/73] mfd: menelaus: Fix possible race condition and leak Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 71/73] dmaengine: dma-jz4780: Return error if not probed from DT Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 72/73] IB/rxe: fix for duplicate request processing and ack psns Sasha Levin
2018-10-31 23:09 ` [PATCH AUTOSEL 4.14 73/73] ALSA: hda: Check the non-cached stream buffers more explicitly Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181031230948.29203-9-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=axboe@kernel.dk \
--cc=baijiaju1990@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mb@lightnvm.io \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox