From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Dave Jiang <dave.jiang@intel.com>,
Vishal Verma <vishal.l.verma@intel.com>,
Dan Williams <dan.j.williams@intel.com>
Subject: [PATCH 4.9 37/69] libnvdimm: fix reconfig_mutex, mmap_sem, and jbd2_handle lockdep splat
Date: Wed, 19 Apr 2017 16:42:53 +0200 [thread overview]
Message-ID: <20170419141618.477135546@linuxfoundation.org> (raw)
In-Reply-To: <20170419141616.919951169@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Williams <dan.j.williams@intel.com>
commit 0beb2012a1722633515c8aaa263c73449636c893 upstream.
Holding the reconfig_mutex over a potential userspace fault sets up a
lockdep dependency chain between filesystem-DAX and the libnvdimm ioctl
path. Move the user access outside of the lock.
[ INFO: possible circular locking dependency detected ]
4.11.0-rc3+ #13 Tainted: G W O
-------------------------------------------------------
fallocate/16656 is trying to acquire lock:
(&nvdimm_bus->reconfig_mutex){+.+.+.}, at: [<ffffffffa00080b1>] nvdimm_bus_lock+0x21/0x30 [libnvdimm]
but task is already holding lock:
(jbd2_handle){++++..}, at: [<ffffffff813b4944>] start_this_handle+0x104/0x460
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (jbd2_handle){++++..}:
lock_acquire+0xbd/0x200
start_this_handle+0x16a/0x460
jbd2__journal_start+0xe9/0x2d0
__ext4_journal_start_sb+0x89/0x1c0
ext4_dirty_inode+0x32/0x70
__mark_inode_dirty+0x235/0x670
generic_update_time+0x87/0xd0
touch_atime+0xa9/0xd0
ext4_file_mmap+0x90/0xb0
mmap_region+0x370/0x5b0
do_mmap+0x415/0x4f0
vm_mmap_pgoff+0xd7/0x120
SyS_mmap_pgoff+0x1c5/0x290
SyS_mmap+0x22/0x30
entry_SYSCALL_64_fastpath+0x1f/0xc2
-> #1 (&mm->mmap_sem){++++++}:
lock_acquire+0xbd/0x200
__might_fault+0x70/0xa0
__nd_ioctl+0x683/0x720 [libnvdimm]
nvdimm_ioctl+0x8b/0xe0 [libnvdimm]
do_vfs_ioctl+0xa8/0x740
SyS_ioctl+0x79/0x90
do_syscall_64+0x6c/0x200
return_from_SYSCALL_64+0x0/0x7a
-> #0 (&nvdimm_bus->reconfig_mutex){+.+.+.}:
__lock_acquire+0x16b6/0x1730
lock_acquire+0xbd/0x200
__mutex_lock+0x88/0x9b0
mutex_lock_nested+0x1b/0x20
nvdimm_bus_lock+0x21/0x30 [libnvdimm]
nvdimm_forget_poison+0x25/0x50 [libnvdimm]
nvdimm_clear_poison+0x106/0x140 [libnvdimm]
pmem_do_bvec+0x1c2/0x2b0 [nd_pmem]
pmem_make_request+0xf9/0x270 [nd_pmem]
generic_make_request+0x118/0x3b0
submit_bio+0x75/0x150
Fixes: 62232e45f4a2 ("libnvdimm: control (ioctl) messages for nvdimm_bus and nvdimm devices")
Cc: Dave Jiang <dave.jiang@intel.com>
Reported-by: Vishal Verma <vishal.l.verma@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvdimm/bus.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/nvdimm/bus.c
+++ b/drivers/nvdimm/bus.c
@@ -934,8 +934,14 @@ static int __nd_ioctl(struct nvdimm_bus
rc = nd_desc->ndctl(nd_desc, nvdimm, cmd, buf, buf_len, NULL);
if (rc < 0)
goto out_unlock;
+ nvdimm_bus_unlock(&nvdimm_bus->dev);
+
if (copy_to_user(p, buf, buf_len))
rc = -EFAULT;
+
+ vfree(buf);
+ return rc;
+
out_unlock:
nvdimm_bus_unlock(&nvdimm_bus->dev);
out:
next prev parent reply other threads:[~2017-04-19 14:44 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-19 14:42 [PATCH 4.9 00/69] 4.9.24-stable review Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 01/69] cgroup, kthread: close race window where new kthreads can be migrated to non-root cgroups Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 02/69] tcmu: Fix possible overwrite of t_data_sgs last iov[] Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 03/69] tcmu: Fix wrongly calculating of the base_command_size Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 04/69] tcmu: Skip Data-Out blocks before gathering Data-In buffer for BIDI case Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 05/69] thp: fix MADV_DONTNEED vs. MADV_FREE race Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 06/69] thp: fix MADV_DONTNEED vs clear soft dirty race Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 07/69] zsmalloc: expand class bit Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 08/69] orangefs: free superblock when mount fails Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 09/69] drm/nouveau/mpeg: mthd returns true on success now Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 10/69] drm/nouveau/mmu/nv4a: use nv04 mmu rather than the nv44 one Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 11/69] drm/etnaviv: fix missing unlock on error in etnaviv_gpu_submit() Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 12/69] CIFS: reconnect thread reschedule itself Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 13/69] CIFS: store results of cifs_reopen_file to avoid infinite wait Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 14/69] Input: xpad - add support for Razer Wildcat gamepad Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 15/69] perf/x86: Avoid exposing wrong/stale data in intel_pmu_lbr_read_32() Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 16/69] x86/efi: Dont try to reserve runtime regions Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 17/69] x86/signals: Fix lower/upper bound reporting in compat siginfo Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 18/69] x86, pmem: fix broken __copy_user_nocache cache-bypass assumptions Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 19/69] x86/vdso: Ensure vdso32_enabled gets set to valid values only Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 20/69] x86/vdso: Plug race between mapping and ELF header setup Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 21/69] acpi, nfit, libnvdimm: fix interleave set cookie calculation (64-bit comparison) Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 22/69] ACPI / scan: Set the visited flag for all enumerated devices Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 23/69] parisc: fix bugs in pa_memcpy Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 24/69] efi/libstub: Skip GOP with PIXEL_BLT_ONLY format Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 25/69] efi/fb: Avoid reconfiguration of BAR that covers the framebuffer Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 26/69] iscsi-target: Fix TMR reference leak during session shutdown Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 27/69] iscsi-target: Drop work-around for legacy GlobalSAN initiator Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 28/69] scsi: sr: Sanity check returned mode data Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 29/69] scsi: sd: Consider max_xfer_blocks if opt_xfer_blocks is unusable Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 30/69] scsi: qla2xxx: Add fix to read correct register value for ISP82xx Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 31/69] scsi: sd: Fix capacity calculation with 32-bit sector_t Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 32/69] target: Avoid mappedlun symlink creation during lun shutdown Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 33/69] xen, fbfront: fix connecting to backend Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 34/69] [iov_iter] new privimitive: iov_iter_revert() Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 35/69] make skb_copy_datagram_msg() et.al. preserve ->msg_iter on error Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 36/69] libnvdimm: fix blk free space accounting Greg Kroah-Hartman
2017-04-19 14:42 ` Greg Kroah-Hartman [this message]
2017-04-19 14:42 ` [PATCH 4.9 38/69] can: ifi: use correct register to read rx status Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 39/69] pwm: rockchip: State of PWM clock should synchronize with PWM enabled state Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 40/69] cpufreq: Bring CPUs up even if cpufreq_online() failed Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 41/69] irqchip/irq-imx-gpcv2: Fix spinlock initialization Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 42/69] ftrace: Fix removing of second function probe Greg Kroah-Hartman
2017-04-19 14:42 ` [PATCH 4.9 43/69] char: lack of bool string made CONFIG_DEVPORT always on Greg Kroah-Hartman
2017-04-19 14:43 ` [PATCH 4.9 44/69] Revert "MIPS: Lantiq: Fix cascaded IRQ setup" Greg Kroah-Hartman
2017-04-19 14:43 ` [PATCH 4.9 45/69] kvm: fix page struct leak in handle_vmon Greg Kroah-Hartman
2017-04-19 14:43 ` [PATCH 4.9 46/69] zram: do not use copy_page with non-page aligned address Greg Kroah-Hartman
2017-04-19 14:43 ` [PATCH 4.9 47/69] ftrace: Fix function pid filter on instances Greg Kroah-Hartman
2017-04-19 14:43 ` [PATCH 4.9 48/69] crypto: algif_aead - Fix bogus request dereference in completion function Greg Kroah-Hartman
2017-04-19 14:43 ` [PATCH 4.9 49/69] crypto: ahash - Fix EINPROGRESS notification callback Greg Kroah-Hartman
2017-04-19 14:43 ` [PATCH 4.9 50/69] parisc: Fix get_user() for 64-bit value on 32-bit kernel Greg Kroah-Hartman
2017-04-19 14:43 ` [PATCH 4.9 51/69] ath9k: fix NULL pointer dereference Greg Kroah-Hartman
2017-04-19 14:43 ` [PATCH 4.9 52/69] [media] dvb-usb-v2: avoid use-after-free Greg Kroah-Hartman
2017-04-19 14:43 ` [PATCH 4.9 53/69] ext4: fix inode checksum calculation problem if i_extra_size is small Greg Kroah-Hartman
2017-04-19 14:43 ` [PATCH 4.9 54/69] mm: memcontrol: use special workqueue for creating per-memcg caches Greg Kroah-Hartman
2017-04-19 14:43 ` [PATCH 4.9 55/69] drm/nouveau/disp/mcp7x: disable dptmds workaround Greg Kroah-Hartman
2017-04-19 14:43 ` [PATCH 4.9 56/69] nbd: use loff_t for blocksize and nbd_set_size args Greg Kroah-Hartman
2017-04-19 14:43 ` [PATCH 4.9 57/69] nbd: fix 64-bit division Greg Kroah-Hartman
2017-04-19 14:43 ` [PATCH 4.9 58/69] ASoC: Intel: select DW_DMAC_CORE since its mandatory Greg Kroah-Hartman
2017-04-19 14:43 ` [PATCH 4.9 60/69] x86/xen: Fix APIC id mismatch warning on Intel Greg Kroah-Hartman
2017-04-19 14:43 ` [PATCH 4.9 61/69] ACPI / EC: Use busy polling mode when GPE is not enabled Greg Kroah-Hartman
2017-04-19 14:43 ` [PATCH 4.9 62/69] rtc: tegra: Implement clock handling Greg Kroah-Hartman
2017-04-19 14:43 ` [PATCH 4.9 63/69] mm: Tighten x86 /dev/mem with zeroing reads Greg Kroah-Hartman
2017-04-19 14:43 ` [PATCH 4.9 64/69] [media] dvb-usb: dont use stack for firmware load Greg Kroah-Hartman
2017-04-19 14:43 ` [PATCH 4.9 67/69] virtio-console: avoid DMA from stack Greg Kroah-Hartman
2017-04-19 14:43 ` [PATCH 4.9 69/69] sctp: deny peeloff operation on asocs with threads sleeping on it Greg Kroah-Hartman
2017-04-19 20:39 ` [PATCH 4.9 00/69] 4.9.24-stable review Shuah Khan
2017-04-19 23:21 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170419141618.477135546@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=dan.j.williams@intel.com \
--cc=dave.jiang@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=vishal.l.verma@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).