Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Kara <jack@suse.cz>2019-03-20 13:25:53 +0100
committerJan Kara <jack@suse.cz>2019-03-20 13:27:43 +0100
commit604f34a5b14cf3e4fb576c02704c671bec3c8f8d (patch)
tree84b7ae14fb45c940da7ae55bdd329bb4661a49e6
parent6b31f4cc31c78c8d1a2ae43cb718a2eabbd07e18 (diff)
- Delete
patches.fixes/block-loop-Use-global-lock-for-ioctl-operation.patch: It makes existing deadlocks much more probable (bsc#1129739). - Delete patches.kabi/loop-lo_ctl_mutex-kabi-fixup.patch.
-rw-r--r--patches.fixes/block-loop-Use-global-lock-for-ioctl-operation.patch260
-rw-r--r--patches.kabi/loop-lo_ctl_mutex-kabi-fixup.patch26
-rw-r--r--series.conf2
3 files changed, 0 insertions, 288 deletions
diff --git a/patches.fixes/block-loop-Use-global-lock-for-ioctl-operation.patch b/patches.fixes/block-loop-Use-global-lock-for-ioctl-operation.patch
deleted file mode 100644
index fc51d91984..0000000000
--- a/patches.fixes/block-loop-Use-global-lock-for-ioctl-operation.patch
+++ /dev/null
@@ -1,260 +0,0 @@
-From 310ca162d779efee8a2dc3731439680f3e9c1e86 Mon Sep 17 00:00:00 2001
-From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
-Date: Thu, 8 Nov 2018 14:01:02 +0100
-Subject: [PATCH] block/loop: Use global lock for ioctl() operation.
-Git-commit: 310ca162d779efee8a2dc3731439680f3e9c1e86
-Patch-mainline: v5.0-rc1
-References: bsc#1124974
-
-syzbot is reporting NULL pointer dereference [1] which is caused by
-race condition between ioctl(loop_fd, LOOP_CLR_FD, 0) versus
-ioctl(other_loop_fd, LOOP_SET_FD, loop_fd) due to traversing other
-loop devices at loop_validate_file() without holding corresponding
-lo->lo_ctl_mutex locks.
-
-Since ioctl() request on loop devices is not frequent operation, we don't
-need fine grained locking. Let's use global lock in order to allow safe
-traversal at loop_validate_file().
-
-Note that syzbot is also reporting circular locking dependency between
-bdev->bd_mutex and lo->lo_ctl_mutex [2] which is caused by calling
-blkdev_reread_part() with lock held. This patch does not address it.
-
-[1] https://syzkaller.appspot.com/bug?id=f3cfe26e785d85f9ee259f385515291d21bd80a3
-[2] https://syzkaller.appspot.com/bug?id=bf154052f0eea4bc7712499e4569505907d15889
-
-Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
-Reported-by: syzbot <syzbot+bf89c128e05dd6c62523@syzkaller.appspotmail.com>
-Reviewed-by: Jan Kara <jack@suse.cz>
-Signed-off-by: Jan Kara <jack@suse.cz>
-Signed-off-by: Jens Axboe <axboe@kernel.dk>
-Acked-by: Jan Kara <jack@suse.cz>
-
----
- drivers/block/loop.c | 58 +++++++++++++++++++++++++--------------------------
- drivers/block/loop.h | 1
- 2 files changed, 29 insertions(+), 30 deletions(-)
-
---- a/drivers/block/loop.c
-+++ b/drivers/block/loop.c
-@@ -82,6 +82,7 @@
-
- static DEFINE_IDR(loop_index_idr);
- static DEFINE_MUTEX(loop_index_mutex);
-+static DEFINE_MUTEX(loop_ctl_mutex);
-
- static int max_part;
- static int part_shift;
-@@ -1066,7 +1067,7 @@ static int loop_clr_fd(struct loop_devic
- */
- if (atomic_read(&lo->lo_refcnt) > 1) {
- lo->lo_flags |= LO_FLAGS_AUTOCLEAR;
-- mutex_unlock(&lo->lo_ctl_mutex);
-+ mutex_unlock(&loop_ctl_mutex);
- return 0;
- }
-
-@@ -1115,12 +1116,12 @@ static int loop_clr_fd(struct loop_devic
- if (!part_shift)
- lo->lo_disk->flags |= GENHD_FL_NO_PART_SCAN;
- loop_unprepare_queue(lo);
-- mutex_unlock(&lo->lo_ctl_mutex);
-+ mutex_unlock(&loop_ctl_mutex);
- /*
-- * Need not hold lo_ctl_mutex to fput backing file.
-- * Calling fput holding lo_ctl_mutex triggers a circular
-+ * Need not hold loop_ctl_mutex to fput backing file.
-+ * Calling fput holding loop_ctl_mutex triggers a circular
- * lock dependency possibility warning as fput can take
-- * bd_mutex which is usually taken before lo_ctl_mutex.
-+ * bd_mutex which is usually taken before loop_ctl_mutex.
- */
- fput(filp);
- return 0;
-@@ -1243,7 +1244,7 @@ loop_get_status(struct loop_device *lo,
- int ret;
-
- if (lo->lo_state != Lo_bound) {
-- mutex_unlock(&lo->lo_ctl_mutex);
-+ mutex_unlock(&loop_ctl_mutex);
- return -ENXIO;
- }
-
-@@ -1262,9 +1263,9 @@ loop_get_status(struct loop_device *lo,
- lo->lo_encrypt_key_size);
- }
-
-- /* Drop lo_ctl_mutex while we call into the filesystem. */
-+ /* Drop loop_ctl_mutex while we call into the filesystem. */
- file = get_file(lo->lo_backing_file);
-- mutex_unlock(&lo->lo_ctl_mutex);
-+ mutex_unlock(&loop_ctl_mutex);
- ret = vfs_getattr(&file->f_path, &stat, STATX_INO,
- AT_STATX_SYNC_AS_STAT);
- if (!ret) {
-@@ -1357,7 +1358,7 @@ loop_get_status_old(struct loop_device *
- int err;
-
- if (!arg) {
-- mutex_unlock(&lo->lo_ctl_mutex);
-+ mutex_unlock(&loop_ctl_mutex);
- return -EINVAL;
- }
- err = loop_get_status(lo, &info64);
-@@ -1375,7 +1376,7 @@ loop_get_status64(struct loop_device *lo
- int err;
-
- if (!arg) {
-- mutex_unlock(&lo->lo_ctl_mutex);
-+ mutex_unlock(&loop_ctl_mutex);
- return -EINVAL;
- }
- err = loop_get_status(lo, &info64);
-@@ -1414,7 +1415,7 @@ static int lo_ioctl(struct block_device
- struct loop_device *lo = bdev->bd_disk->private_data;
- int err;
-
-- mutex_lock_nested(&lo->lo_ctl_mutex, 1);
-+ mutex_lock_nested(&loop_ctl_mutex, 1);
- switch (cmd) {
- case LOOP_SET_FD:
- err = loop_set_fd(lo, mode, bdev, arg);
-@@ -1423,7 +1424,7 @@ static int lo_ioctl(struct block_device
- err = loop_change_fd(lo, bdev, arg);
- break;
- case LOOP_CLR_FD:
-- /* loop_clr_fd would have unlocked lo_ctl_mutex on success */
-+ /* loop_clr_fd would have unlocked loop_ctl_mutex on success */
- err = loop_clr_fd(lo);
- if (!err)
- goto out_unlocked;
-@@ -1436,7 +1437,7 @@ static int lo_ioctl(struct block_device
- break;
- case LOOP_GET_STATUS:
- err = loop_get_status_old(lo, (struct loop_info __user *) arg);
-- /* loop_get_status() unlocks lo_ctl_mutex */
-+ /* loop_get_status() unlocks loop_ctl_mutex */
- goto out_unlocked;
- case LOOP_SET_STATUS64:
- err = -EPERM;
-@@ -1446,7 +1447,7 @@ static int lo_ioctl(struct block_device
- break;
- case LOOP_GET_STATUS64:
- err = loop_get_status64(lo, (struct loop_info64 __user *) arg);
-- /* loop_get_status() unlocks lo_ctl_mutex */
-+ /* loop_get_status() unlocks loop_ctl_mutex */
- goto out_unlocked;
- case LOOP_SET_CAPACITY:
- err = -EPERM;
-@@ -1461,7 +1462,7 @@ static int lo_ioctl(struct block_device
- default:
- err = lo->ioctl ? lo->ioctl(lo, cmd, arg) : -EINVAL;
- }
-- mutex_unlock(&lo->lo_ctl_mutex);
-+ mutex_unlock(&loop_ctl_mutex);
-
- out_unlocked:
- return err;
-@@ -1578,7 +1579,7 @@ loop_get_status_compat(struct loop_devic
- int err;
-
- if (!arg) {
-- mutex_unlock(&lo->lo_ctl_mutex);
-+ mutex_unlock(&loop_ctl_mutex);
- return -EINVAL;
- }
- err = loop_get_status(lo, &info64);
-@@ -1595,16 +1596,16 @@ static int lo_compat_ioctl(struct block_
-
- switch(cmd) {
- case LOOP_SET_STATUS:
-- mutex_lock(&lo->lo_ctl_mutex);
-+ mutex_lock(&loop_ctl_mutex);
- err = loop_set_status_compat(
- lo, (const struct compat_loop_info __user *) arg);
-- mutex_unlock(&lo->lo_ctl_mutex);
-+ mutex_unlock(&loop_ctl_mutex);
- break;
- case LOOP_GET_STATUS:
-- mutex_lock(&lo->lo_ctl_mutex);
-+ mutex_lock(&loop_ctl_mutex);
- err = loop_get_status_compat(
- lo, (struct compat_loop_info __user *) arg);
-- /* loop_get_status() unlocks lo_ctl_mutex */
-+ /* loop_get_status() unlocks loop_ctl_mutex */
- break;
- case LOOP_SET_CAPACITY:
- case LOOP_CLR_FD:
-@@ -1648,7 +1649,7 @@ static void __lo_release(struct loop_dev
- if (atomic_dec_return(&lo->lo_refcnt))
- return;
-
-- mutex_lock(&lo->lo_ctl_mutex);
-+ mutex_lock(&loop_ctl_mutex);
- if (lo->lo_flags & LO_FLAGS_AUTOCLEAR) {
- /*
- * In autoclear mode, stop the loop thread
-@@ -1665,7 +1666,7 @@ static void __lo_release(struct loop_dev
- loop_flush(lo);
- }
-
-- mutex_unlock(&lo->lo_ctl_mutex);
-+ mutex_unlock(&loop_ctl_mutex);
- }
-
- static void lo_release(struct gendisk *disk, fmode_t mode)
-@@ -1711,10 +1712,10 @@ static int unregister_transfer_cb(int id
- struct loop_device *lo = ptr;
- struct loop_func_table *xfer = data;
-
-- mutex_lock(&lo->lo_ctl_mutex);
-+ mutex_lock(&loop_ctl_mutex);
- if (lo->lo_encryption == xfer)
- loop_release_xfer(lo);
-- mutex_unlock(&lo->lo_ctl_mutex);
-+ mutex_unlock(&loop_ctl_mutex);
- return 0;
- }
-
-@@ -1883,7 +1884,6 @@ static int loop_add(struct loop_device *
- if (!part_shift)
- disk->flags |= GENHD_FL_NO_PART_SCAN;
- disk->flags |= GENHD_FL_EXT_DEVT;
-- mutex_init(&lo->lo_ctl_mutex);
- atomic_set(&lo->lo_refcnt, 0);
- lo->lo_number = i;
- spin_lock_init(&lo->lo_lock);
-@@ -1996,19 +1996,19 @@ static long loop_control_ioctl(struct fi
- ret = loop_lookup(&lo, parm);
- if (ret < 0)
- break;
-- mutex_lock(&lo->lo_ctl_mutex);
-+ mutex_lock(&loop_ctl_mutex);
- if (lo->lo_state != Lo_unbound) {
- ret = -EBUSY;
-- mutex_unlock(&lo->lo_ctl_mutex);
-+ mutex_unlock(&loop_ctl_mutex);
- break;
- }
- if (atomic_read(&lo->lo_refcnt) > 0) {
- ret = -EBUSY;
-- mutex_unlock(&lo->lo_ctl_mutex);
-+ mutex_unlock(&loop_ctl_mutex);
- break;
- }
- lo->lo_disk->private_data = NULL;
-- mutex_unlock(&lo->lo_ctl_mutex);
-+ mutex_unlock(&loop_ctl_mutex);
- idr_remove(&loop_index_idr, lo->lo_number);
- loop_remove(lo);
- break;
---- a/drivers/block/loop.h
-+++ b/drivers/block/loop.h
-@@ -56,7 +56,6 @@ struct loop_device {
-
- spinlock_t lo_lock;
- int lo_state;
-- struct mutex lo_ctl_mutex;
- struct kthread_worker worker;
- struct task_struct *worker_task;
- bool use_dio;
diff --git a/patches.kabi/loop-lo_ctl_mutex-kabi-fixup.patch b/patches.kabi/loop-lo_ctl_mutex-kabi-fixup.patch
deleted file mode 100644
index f01ad26e2c..0000000000
--- a/patches.kabi/loop-lo_ctl_mutex-kabi-fixup.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From: Jan Kara <jack@suse.cz>
-Subject: loop: Reintroduce lo_ctl_mutex removed by commit 310ca162d
-References: bsc#1124974
-Patch-mainline: Never, kabi
-
-Commit 310ca162d "block/loop: Use global lock for ioctl() operation." removed
-lo_ctl_mutex as it is not needed anymore. No external module has any business
-in touching it (the whole structure is exported for cryptoloop module) but
-let's reintroduce the mutex to avoid kABI breakage.
-
-Signed-off-by: Jan Kara <jack@suse.cz>
-
----
- drivers/block/loop.h | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/drivers/block/loop.h
-+++ b/drivers/block/loop.h
-@@ -56,6 +56,7 @@ struct loop_device {
-
- spinlock_t lo_lock;
- int lo_state;
-+ struct mutex lo_ctl_mutex;
- struct kthread_worker worker;
- struct task_struct *worker_task;
- bool use_dio;
diff --git a/series.conf b/series.conf
index 893195fc8a..b7c0ef1fe1 100644
--- a/series.conf
+++ b/series.conf
@@ -20237,7 +20237,6 @@
patches.fixes/ext4-include-terminating-u32-in-size-of-xattr-entrie.patch
patches.fixes/ext4-force-inode-writes-when-nfsd-calls-commit_metad.patch
patches.fixes/ext4-check-for-shutdown-and-r-o-file-system-in-ext4_.patch
- patches.fixes/block-loop-Use-global-lock-for-ioctl-operation.patch
patches.drivers/sata_rcar-fix-deferred-probing.patch
patches.drivers/scsi-lpfc-Correct-speeds-on-SFP-swap.patch
patches.drivers/scsi-lpfc-Fix-lpfc_sli4_read_config-return-value-che.patch
@@ -21690,7 +21689,6 @@
patches.kabi/kabi-fsnotify-Fix-busy-inodes-during-unmount.patch
patches.kabi/kabi-x86-speculation-fix-cpu_tlbstate-issue.patch
- patches.kabi/loop-lo_ctl_mutex-kabi-fixup.patch
patches.kabi/hid-debug-kfifo-kabi-workaround.patch
patches.kabi/kabi-protect-vhost_log_write.patch