From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
syzbot
<bot+48594378e9851eab70bcd6f99327c7db58c5a28a@syzkaller.appspotmail.com>,
Ming Lei <tom.leiming@gmail.com>,
Dmitry Vyukov <dvyukov@google.com>, Jens Axboe <axboe@fb.com>,
Jens Axboe <axboe@kernel.dk>
Subject: [PATCH 4.4 09/97] block/loop: fix deadlock after loop_set_status
Date: Sun, 22 Apr 2018 15:52:47 +0200 [thread overview]
Message-ID: <20180422135305.158659000@linuxfoundation.org> (raw)
In-Reply-To: <20180422135304.577223025@linuxfoundation.org>
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
commit 1e047eaab3bb5564f25b41e9cd3a053009f4e789 upstream.
syzbot is reporting deadlocks at __blkdev_get() [1].
----------------------------------------
[ 92.493919] systemd-udevd D12696 525 1 0x00000000
[ 92.495891] Call Trace:
[ 92.501560] schedule+0x23/0x80
[ 92.502923] schedule_preempt_disabled+0x5/0x10
[ 92.504645] __mutex_lock+0x416/0x9e0
[ 92.510760] __blkdev_get+0x73/0x4f0
[ 92.512220] blkdev_get+0x12e/0x390
[ 92.518151] do_dentry_open+0x1c3/0x2f0
[ 92.519815] path_openat+0x5d9/0xdc0
[ 92.521437] do_filp_open+0x7d/0xf0
[ 92.527365] do_sys_open+0x1b8/0x250
[ 92.528831] do_syscall_64+0x6e/0x270
[ 92.530341] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 92.931922] 1 lock held by systemd-udevd/525:
[ 92.933642] #0: 00000000a2849e25 (&bdev->bd_mutex){+.+.}, at: __blkdev_get+0x73/0x4f0
----------------------------------------
The reason of deadlock turned out that wait_event_interruptible() in
blk_queue_enter() got stuck with bdev->bd_mutex held at __blkdev_put()
due to q->mq_freeze_depth == 1.
----------------------------------------
[ 92.787172] a.out S12584 634 633 0x80000002
[ 92.789120] Call Trace:
[ 92.796693] schedule+0x23/0x80
[ 92.797994] blk_queue_enter+0x3cb/0x540
[ 92.803272] generic_make_request+0xf0/0x3d0
[ 92.807970] submit_bio+0x67/0x130
[ 92.810928] submit_bh_wbc+0x15e/0x190
[ 92.812461] __block_write_full_page+0x218/0x460
[ 92.815792] __writepage+0x11/0x50
[ 92.817209] write_cache_pages+0x1ae/0x3d0
[ 92.825585] generic_writepages+0x5a/0x90
[ 92.831865] do_writepages+0x43/0xd0
[ 92.836972] __filemap_fdatawrite_range+0xc1/0x100
[ 92.838788] filemap_write_and_wait+0x24/0x70
[ 92.840491] __blkdev_put+0x69/0x1e0
[ 92.841949] blkdev_close+0x16/0x20
[ 92.843418] __fput+0xda/0x1f0
[ 92.844740] task_work_run+0x87/0xb0
[ 92.846215] do_exit+0x2f5/0xba0
[ 92.850528] do_group_exit+0x34/0xb0
[ 92.852018] SyS_exit_group+0xb/0x10
[ 92.853449] do_syscall_64+0x6e/0x270
[ 92.854944] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 92.943530] 1 lock held by a.out/634:
[ 92.945105] #0: 00000000a2849e25 (&bdev->bd_mutex){+.+.}, at: __blkdev_put+0x3c/0x1e0
----------------------------------------
The reason of q->mq_freeze_depth == 1 turned out that loop_set_status()
forgot to call blk_mq_unfreeze_queue() at error paths for
info->lo_encrypt_type != NULL case.
----------------------------------------
[ 37.509497] CPU: 2 PID: 634 Comm: a.out Tainted: G W 4.16.0+ #457
[ 37.513608] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/19/2017
[ 37.518832] RIP: 0010:blk_freeze_queue_start+0x17/0x40
[ 37.521778] RSP: 0018:ffffb0c2013e7c60 EFLAGS: 00010246
[ 37.524078] RAX: 0000000000000000 RBX: ffff8b07b1519798 RCX: 0000000000000000
[ 37.527015] RDX: 0000000000000002 RSI: ffffb0c2013e7cc0 RDI: ffff8b07b1519798
[ 37.529934] RBP: ffffb0c2013e7cc0 R08: 0000000000000008 R09: 47a189966239b898
[ 37.532684] R10: dad78b99b278552f R11: 9332dca72259d5ef R12: ffff8b07acd73678
[ 37.535452] R13: 0000000000004c04 R14: 0000000000000000 R15: ffff8b07b841e940
[ 37.538186] FS: 00007fede33b9740(0000) GS:ffff8b07b8e80000(0000) knlGS:0000000000000000
[ 37.541168] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 37.543590] CR2: 00000000206fdf18 CR3: 0000000130b30006 CR4: 00000000000606e0
[ 37.546410] Call Trace:
[ 37.547902] blk_freeze_queue+0x9/0x30
[ 37.549968] loop_set_status+0x67/0x3c0 [loop]
[ 37.549975] loop_set_status64+0x3b/0x70 [loop]
[ 37.549986] lo_ioctl+0x223/0x810 [loop]
[ 37.549995] blkdev_ioctl+0x572/0x980
[ 37.550003] block_ioctl+0x34/0x40
[ 37.550006] do_vfs_ioctl+0xa7/0x6d0
[ 37.550017] ksys_ioctl+0x6b/0x80
[ 37.573076] SyS_ioctl+0x5/0x10
[ 37.574831] do_syscall_64+0x6e/0x270
[ 37.576769] entry_SYSCALL_64_after_hwframe+0x42/0xb7
----------------------------------------
[1] https://syzkaller.appspot.com/bug?id=cd662bc3f6022c0979d01a262c318fab2ee9b56f
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reported-by: syzbot <bot+48594378e9851eab70bcd6f99327c7db58c5a28a@syzkaller.appspotmail.com>
Fixes: ecdd09597a572513 ("block/loop: fix race between I/O and set_status")
Cc: Ming Lei <tom.leiming@gmail.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: stable <stable@vger.kernel.org>
Cc: Jens Axboe <axboe@fb.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/block/loop.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
--- a/drivers/block/loop.c
+++ b/drivers/block/loop.c
@@ -1121,11 +1121,15 @@ loop_set_status(struct loop_device *lo,
if (info->lo_encrypt_type) {
unsigned int type = info->lo_encrypt_type;
- if (type >= MAX_LO_CRYPT)
- return -EINVAL;
+ if (type >= MAX_LO_CRYPT) {
+ err = -EINVAL;
+ goto exit;
+ }
xfer = xfer_funcs[type];
- if (xfer == NULL)
- return -EINVAL;
+ if (xfer == NULL) {
+ err = -EINVAL;
+ goto exit;
+ }
} else
xfer = NULL;
next prev parent reply other threads:[~2018-04-22 14:16 UTC|newest]
Thread overview: 104+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-22 13:52 [PATCH 4.4 00/97] 4.4.129-stable review Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 01/97] media: v4l2-compat-ioctl32: dont oops on overlay Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 02/97] parisc: Fix out of array access in match_pci_device() Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 03/97] perf intel-pt: Fix overlap detection to identify consecutive buffers correctly Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 04/97] perf intel-pt: Fix sync_switch Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 05/97] perf intel-pt: Fix error recovery from missing TIP packet Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 06/97] perf intel-pt: Fix timestamp following overflow Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 08/97] Revert "perf tests: Decompress kernel module before objdump" Greg Kroah-Hartman
2018-04-22 13:52 ` Greg Kroah-Hartman [this message]
2018-04-22 13:52 ` [PATCH 4.4 10/97] s390/qdio: dont retry EQBS after CCQ 96 Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 11/97] s390/qdio: dont merge ERROR output buffers Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 12/97] s390/ipl: ensure loadparm valid flag is set Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 13/97] getname_kernel() needs to make sure that ->name != ->iname in long case Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 14/97] rtl8187: Fix NULL pointer dereference in priv->conf_mutex Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 15/97] hwmon: (ina2xx) Fix access to uninitialized mutex Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 16/97] cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 17/97] slip: Check if rstate is initialized before uncompressing Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 18/97] lan78xx: Correctly indicate invalid OTP Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 19/97] x86/hweight: Get rid of the special calling convention Greg Kroah-Hartman
2018-04-22 13:52 ` [PATCH 4.4 21/97] tty: make n_tty_read() always abort if hangup is in progress Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 22/97] ubifs: Check ubifs_wbuf_sync() return code Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 23/97] ubi: fastmap: Dont flush fastmap work on detach Greg Kroah-Hartman
2018-05-16 16:53 ` Ben Hutchings
2018-05-16 17:37 ` Richard Weinberger
2018-04-22 13:53 ` [PATCH 4.4 24/97] ubi: Fix error for write access Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 25/97] ubi: Reject MLC NAND Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 26/97] fs/reiserfs/journal.c: add missing resierfs_warning() arg Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 27/97] resource: fix integer overflow at reallocation Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 28/97] ipc/shm: fix use-after-free of shm file via remap_file_pages() Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 29/97] mm, slab: reschedule cache_reap() on the same CPU Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 30/97] usb: musb: gadget: misplaced out of bounds check Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 31/97] ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 32/97] ARM: dts: at91: sama5d4: fix pinctrl compatible string Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 33/97] xen-netfront: Fix hang on device removal Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 34/97] regmap: Fix reversed bounds check in regmap_raw_write() Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 35/97] ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 36/97] ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status() Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 38/97] usb: dwc3: pci: Properly cleanup resource Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 39/97] HID: i2c-hid: fix size check and type usage Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 40/97] powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write() Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 41/97] powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 42/97] powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 43/97] HID: Fix hid_report_len usage Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 44/97] HID: core: Fix size as type u32 Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 45/97] ASoC: ssm2602: Replace reg_default_raw with reg_default Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 46/97] thunderbolt: Resume control channel after hibernation image is created Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 47/97] random: use a tighter cap in credit_entropy_bits_safe() Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 48/97] jbd2: if the journal is aborted then dont allow update of the log tail Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 49/97] ext4: dont update checksum of new initialized bitmaps Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 50/97] ext4: add validity checks for bitmap block numbers Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 51/97] ext4: fail ext4_iget for root directory if unallocated Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 52/97] RDMA/ucma: Dont allow setting RDMA_OPTION_IB_PATH without an RDMA device Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 53/97] ALSA: pcm: Fix UAF at PCM release via PCM timer access Greg Kroah-Hartman
2018-05-16 20:51 ` Ben Hutchings
2018-05-16 22:09 ` Takashi Iwai
2018-05-17 8:54 ` Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 54/97] IB/srp: Fix srp_abort() Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 55/97] IB/srp: Fix completion vector assignment algorithm Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 56/97] dmaengine: at_xdmac: fix rare residue corruption Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 57/97] um: Use POSIX ucontext_t instead of struct ucontext Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 58/97] iommu/vt-d: Fix a potential memory leak Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 59/97] mmc: jz4740: Fix race condition in IRQ mask update Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 60/97] clk: mvebu: armada-38x: add support for 1866MHz variants Greg Kroah-Hartman
2018-05-16 23:32 ` Ben Hutchings
2018-05-16 23:34 ` Ben Hutchings
2018-04-22 13:53 ` [PATCH 4.4 61/97] clk: mvebu: armada-38x: add support for missing clocks Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 62/97] clk: bcm2835: De-assert/assert PLL reset signal when appropriate Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 63/97] thermal: imx: Fix race condition in imx_thermal_probe() Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 64/97] watchdog: f71808e_wdt: Fix WD_EN register read Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 65/97] ALSA: oss: consolidate kmalloc/memset 0 call to kzalloc Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 66/97] ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 67/97] ALSA: pcm: Avoid potential races between OSS ioctls and read/write Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 68/97] ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 69/97] ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 70/97] ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 71/97] vfio-pci: Virtualize PCIe & AF FLR Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 72/97] vfio/pci: Virtualize Maximum Payload Size Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 73/97] vfio/pci: Virtualize Maximum Read Request Size Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 74/97] ext4: dont allow r/w mounts if metadata blocks overlap the superblock Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 76/97] ext4: fix crashes in dioread_nolock mode Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 77/97] ext4: fix deadlock between inline_data and ext4_expand_extra_isize_ea() Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 79/97] ALSA: rawmidi: Fix missing input substream checks in compat ioctls Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 80/97] ALSA: hda - New VIA controller suppor no-snoop path Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 4.4 81/97] HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 82/97] MIPS: uaccess: Add micromips clobbers to bzero invocation Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 83/97] MIPS: memset.S: EVA & fault support for small_memset Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 84/97] MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 85/97] MIPS: memset.S: Fix clobber of v1 in last_fixup Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 86/97] powerpc/eeh: Fix enabling bridge MMIO windows Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 87/97] powerpc/lib: Fix off-by-one in alternate feature patching Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 88/97] jffs2_kill_sb(): deal with failed allocations Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 89/97] hypfs_kill_super(): " Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 90/97] rpc_pipefs: fix double-dput() Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 91/97] Dont leak MNT_INTERNAL away from internal mounts Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 92/97] autofs: mount point create should honour passed in mode Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 93/97] mm: allow GFP_{FS,IO} for page_cache_read page cache allocation Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 94/97] mm/filemap.c: fix NULL pointer in page_cache_tree_insert() Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 96/97] fanotify: fix logic of events on child Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 4.4 97/97] writeback: safer lock nesting Greg Kroah-Hartman
2018-04-22 20:44 ` [PATCH 4.4 00/97] 4.4.129-stable review Nathan Chancellor
2018-04-23 6:57 ` Greg Kroah-Hartman
2018-04-23 7:38 ` Naresh Kamboju
2018-04-23 16:53 ` Guenter Roeck
2018-04-23 21:38 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180422135305.158659000@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=axboe@fb.com \
--cc=axboe@kernel.dk \
--cc=bot+48594378e9851eab70bcd6f99327c7db58c5a28a@syzkaller.appspotmail.com \
--cc=dvyukov@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=stable@vger.kernel.org \
--cc=tom.leiming@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).