From: Greg KH <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, Josh Cartwright <joshc@linux.com>,
Artem Bityutskiy <artem.bityutskiy@linux.intel.com>,
David Woodhouse <David.Woodhouse@intel.com>
Subject: [ 34/54] jffs2: Fix lock acquisition order bug in gc path
Date: Fri, 18 May 2012 14:16:33 -0700 [thread overview]
Message-ID: <20120518211602.541111605@linuxfoundation.org> (raw)
In-Reply-To: <20120518212656.GA4992@kroah.com>
3.0-stable review patch. If anyone has any objections, please let me know.
------------------
From: Josh Cartwright <joshc@linux.com>
commit 226bb7df3d22bcf4a1c0fe8206c80cc427498eae upstream.
The locking policy is such that the erase_complete_block spinlock is
nested within the alloc_sem mutex. This fixes a case in which the
acquisition order was erroneously reversed. This issue was caught by
the following lockdep splat:
=======================================================
[ INFO: possible circular locking dependency detected ]
3.0.5 #1
-------------------------------------------------------
jffs2_gcd_mtd6/299 is trying to acquire lock:
(&c->alloc_sem){+.+.+.}, at: [<c01f7714>] jffs2_garbage_collect_pass+0x314/0x890
but task is already holding lock:
(&(&c->erase_completion_lock)->rlock){+.+...}, at: [<c01f7708>] jffs2_garbage_collect_pass+0x308/0x890
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&(&c->erase_completion_lock)->rlock){+.+...}:
[<c008bec4>] validate_chain+0xe6c/0x10bc
[<c008c660>] __lock_acquire+0x54c/0xba4
[<c008d240>] lock_acquire+0xa4/0x114
[<c046780c>] _raw_spin_lock+0x3c/0x4c
[<c01f744c>] jffs2_garbage_collect_pass+0x4c/0x890
[<c01f937c>] jffs2_garbage_collect_thread+0x1b4/0x1cc
[<c0071a68>] kthread+0x98/0xa0
[<c000f264>] kernel_thread_exit+0x0/0x8
-> #0 (&c->alloc_sem){+.+.+.}:
[<c008ad2c>] print_circular_bug+0x70/0x2c4
[<c008c08c>] validate_chain+0x1034/0x10bc
[<c008c660>] __lock_acquire+0x54c/0xba4
[<c008d240>] lock_acquire+0xa4/0x114
[<c0466628>] mutex_lock_nested+0x74/0x33c
[<c01f7714>] jffs2_garbage_collect_pass+0x314/0x890
[<c01f937c>] jffs2_garbage_collect_thread+0x1b4/0x1cc
[<c0071a68>] kthread+0x98/0xa0
[<c000f264>] kernel_thread_exit+0x0/0x8
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&(&c->erase_completion_lock)->rlock);
lock(&c->alloc_sem);
lock(&(&c->erase_completion_lock)->rlock);
lock(&c->alloc_sem);
*** DEADLOCK ***
1 lock held by jffs2_gcd_mtd6/299:
#0: (&(&c->erase_completion_lock)->rlock){+.+...}, at: [<c01f7708>] jffs2_garbage_collect_pass+0x308/0x890
stack backtrace:
[<c00155dc>] (unwind_backtrace+0x0/0x100) from [<c0463dc0>] (dump_stack+0x20/0x24)
[<c0463dc0>] (dump_stack+0x20/0x24) from [<c008ae84>] (print_circular_bug+0x1c8/0x2c4)
[<c008ae84>] (print_circular_bug+0x1c8/0x2c4) from [<c008c08c>] (validate_chain+0x1034/0x10bc)
[<c008c08c>] (validate_chain+0x1034/0x10bc) from [<c008c660>] (__lock_acquire+0x54c/0xba4)
[<c008c660>] (__lock_acquire+0x54c/0xba4) from [<c008d240>] (lock_acquire+0xa4/0x114)
[<c008d240>] (lock_acquire+0xa4/0x114) from [<c0466628>] (mutex_lock_nested+0x74/0x33c)
[<c0466628>] (mutex_lock_nested+0x74/0x33c) from [<c01f7714>] (jffs2_garbage_collect_pass+0x314/0x890)
[<c01f7714>] (jffs2_garbage_collect_pass+0x314/0x890) from [<c01f937c>] (jffs2_garbage_collect_thread+0x1b4/0x1cc)
[<c01f937c>] (jffs2_garbage_collect_thread+0x1b4/0x1cc) from [<c0071a68>] (kthread+0x98/0xa0)
[<c0071a68>] (kthread+0x98/0xa0) from [<c000f264>] (kernel_thread_exit+0x0/0x8)
This was introduce in '81cfc9f jffs2: Fix serious write stall due to erase'.
Signed-off-by: Josh Cartwright <joshc@linux.com>
Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/jffs2/gc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/jffs2/gc.c
+++ b/fs/jffs2/gc.c
@@ -225,8 +225,8 @@ int jffs2_garbage_collect_pass(struct jf
return 0;
D1(printk(KERN_DEBUG "No progress from erasing blocks; doing GC anyway\n"));
- spin_lock(&c->erase_completion_lock);
mutex_lock(&c->alloc_sem);
+ spin_lock(&c->erase_completion_lock);
}
/* First, work out which block we're garbage-collecting */
next prev parent reply other threads:[~2012-05-18 21:16 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-18 21:26 [ 00/54] 3.0.32-stable review Greg KH
2012-05-18 21:16 ` [ 01/54] smsc95xx: mark link down on startup and let PHY interrupt deal with carrier changes Greg KH
2012-05-18 21:16 ` [ 02/54] xen/pte: Fix crashes when trying to see non-existent PGD/PMD/PUD/PTEs Greg KH
2012-05-18 21:16 ` [ 03/54] xen/pci: dont use PCI BIOS service for configuration space accesses Greg KH
2012-05-18 21:16 ` [ 04/54] percpu, x86: dont use PMD_SIZE as embedded atom_size on 32bit Greg KH
2012-05-18 21:16 ` [ 05/54] asm-generic: Use __BITS_PER_LONG in statfs.h Greg KH
2012-05-18 21:16 ` [ 06/54] Fix __read_seqcount_begin() to use ACCESS_ONCE for sequence value read Greg KH
2012-05-18 21:16 ` [ 07/54] ARM: 7410/1: Add extra clobber registers for assembly in kernel_execve Greg KH
2012-05-18 21:16 ` [ 08/54] ARM: 7414/1: SMP: prevent use of the console when using idmap_pgd Greg KH
2012-05-18 21:16 ` [ 09/54] regulator: Fix the logic to ensure new voltage setting in valid range Greg KH
2012-05-18 21:16 ` [ 10/54] ARM: orion5x: Fix GPIO enable bits for MPP9 Greg KH
2012-05-18 21:16 ` [ 11/54] asix: Fix tx transfer padding for full-speed USB Greg KH
2012-05-18 21:16 ` [ 12/54] netem: fix possible skb leak Greg KH
2012-05-18 21:16 ` [ 13/54] net: In unregister_netdevice_notifier unregister the netdevices Greg KH
2012-05-21 17:35 ` Herton Ronaldo Krzesinski
2012-05-27 0:13 ` Greg KH
2012-05-27 0:18 ` David Miller
2012-05-27 0:22 ` Greg KH
2012-05-18 21:16 ` [ 14/54] net: l2tp: unlock socket lock before returning from l2tp_ip_sendmsg Greg KH
2012-05-18 21:16 ` [ 15/54] sky2: propogate rx hash when packet is copied Greg KH
2012-05-18 21:16 ` [ 16/54] sky2: fix receive length error in mixed non-VLAN/VLAN traffic Greg KH
2012-05-18 21:16 ` [ 17/54] tg3: Avoid panic from reserved statblk field access Greg KH
2012-05-18 21:16 ` [ 18/54] sungem: Fix WakeOnLan Greg KH
2012-05-18 21:16 ` [ 19/54] tcp: change tcp_adv_win_scale and tcp_rmem[2] Greg KH
2012-05-18 21:16 ` [ 20/54] sony-laptop: Enable keyboard backlight by default Greg KH
2012-05-18 21:16 ` [ 21/54] ALSA: echoaudio: Remove incorrect part of assertion Greg KH
2012-05-18 21:16 ` [ 22/54] ALSA: HDA: Lessen CPU usage when waiting for chip to respond Greg KH
2012-05-18 21:16 ` [ 23/54] usbnet: fix skb traversing races during unlink(v2) Greg KH
2012-05-18 21:16 ` [ 24/54] namespaces, pid_ns: fix leakage on fork() failure Greg KH
2012-05-18 21:16 ` [ 25/54] sparc64: Do not clobber %g2 in xcall_fetch_glob_regs() Greg KH
2012-05-18 21:16 ` [ 26/54] ARM: prevent VM_GROWSDOWN mmaps extending below FIRST_USER_ADDRESS Greg KH
2012-05-18 21:16 ` [ 27/54] media: rc: Postpone ISR registration Greg KH
2012-05-18 21:16 ` [ 28/54] cdc_ether: Ignore bogus union descriptor for RNDIS devices Greg KH
2012-05-18 21:16 ` [ 29/54] cdc_ether: add Novatel USB551L device IDs for FLAG_WWAN Greg KH
2012-05-18 21:16 ` [ 30/54] percpu: pcpu_embed_first_chunk() should free unused parts after all allocs are complete Greg KH
2012-05-18 21:16 ` [ 31/54] kmemleak: Fix the kmemleak tracking of the percpu areas with !SMP Greg KH
2012-05-19 13:27 ` Christoph Biedl
2012-05-19 14:46 ` Greg KH
2012-05-19 15:45 ` Christoph Biedl
2012-05-19 21:45 ` Catalin Marinas
2012-05-18 21:16 ` [ 32/54] hugetlb: prevent BUG_ON in hugetlb_fault() -> hugetlb_cow() Greg KH
2012-05-18 21:16 ` [ 33/54] mm: nobootmem: fix sign extend problem in __free_pages_memory() Greg KH
2012-05-18 21:16 ` Greg KH [this message]
2012-05-18 21:16 ` [ 35/54] arch/tile: apply commit 74fca9da0 to the compat signal handling as well Greg KH
2012-05-18 21:16 ` [ 36/54] crypto: mv_cesa requires on CRYPTO_HASH to build Greg KH
2012-05-18 21:16 ` [ 37/54] MD: Add del_timer_sync to mddev_suspend (fix nasty panic) Greg KH
2012-05-18 21:16 ` [ 38/54] tcp: do_tcp_sendpages() must try to push data out on oom conditions Greg KH
2012-05-18 21:16 ` [ 39/54] init: dont try mounting device as nfs root unless type fully matches Greg KH
2012-05-18 21:16 ` [ 40/54] ext4: avoid deadlock on sync-mounted FS w/o journal Greg KH
2012-05-18 21:16 ` [ 41/54] NFSv4: Revalidate uid/gid after open Greg KH
2012-05-18 21:16 ` [ 42/54] memcg: free spare array to avoid memory leak Greg KH
2012-05-18 21:16 ` [ 43/54] compat: Fix RT signal mask corruption via sigprocmask Greg KH
2012-05-18 21:16 ` [ 44/54] ext3: Fix error handling on inode bitmap corruption Greg KH
2012-05-18 21:16 ` [ 45/54] ext4: fix " Greg KH
2012-05-18 21:16 ` [ 46/54] ACPI / PM: Add Sony Vaio VPCCW29FX to nonvs blacklist Greg KH
2012-05-18 21:16 ` [ 47/54] SCSI: hpsa: Add IRQF_SHARED back in for the non-MSI(X) interrupt handler Greg KH
2012-05-18 21:16 ` [ 48/54] wake up s_wait_unfrozen when ->freeze_fs fails Greg KH
2012-05-18 21:16 ` [ 49/54] pch_gpio: Support new device LAPIS Semiconductor ML7831 IOH Greg KH
2012-05-18 21:16 ` [ 50/54] pch_gbe: fixed the issue which receives an unnecessary packet Greg KH
2012-05-18 21:16 ` [ 51/54] pch_gbe: support ML7831 IOH Greg KH
2012-05-18 21:16 ` [ 52/54] pch_gbe: Fixed the issue on which PC was frozen when link was downed Greg KH
2012-05-18 21:16 ` [ 53/54] pch_gbe: Do not abort probe on bad MAC Greg KH
2012-05-18 21:16 ` [ 54/54] pch_gbe: memory corruption calling pch_gbe_validate_option() Greg KH
2012-05-19 1:01 ` [ 00/54] 3.0.32-stable review Steven Rostedt
2012-05-19 4:20 ` Greg KH
2012-05-20 2:01 ` [PATCH] pidmap: Use GFP_ATOMIC to allocate page (was: Re: [ 00/54] 3.0.32-stable review) Steven Rostedt
2012-05-20 2:32 ` David Rientjes
2012-05-20 19:03 ` Linus Torvalds
2012-05-20 23:22 ` David Rientjes
2012-05-20 23:35 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120518211602.541111605@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=David.Woodhouse@intel.com \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=artem.bityutskiy@linux.intel.com \
--cc=joshc@linux.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).