• Dan Williams's avatar
    libnvdimm: fix reconfig_mutex, mmap_sem, and jbd2_handle lockdep splat · 1405ba5d
    Dan Williams authored
    BugLink: http://bugs.launchpad.net/bugs/1687629
    
    commit 0beb2012 upstream.
    
    Holding the reconfig_mutex over a potential userspace fault sets up a
    lockdep dependency chain between filesystem-DAX and the libnvdimm ioctl
    path. Move the user access outside of the lock.
    
         [ INFO: possible circular locking dependency detected ]
         4.11.0-rc3+ #13 Tainted: G        W  O
         -------------------------------------------------------
         fallocate/16656 is trying to acquire lock:
          (&nvdimm_bus->reconfig_mutex){+.+.+.}, at: [<ffffffffa00080b1>] nvdimm_bus_lock+0x21/0x30 [libnvdimm]
         but task is already holding lock:
          (jbd2_handle){++++..}, at: [<ffffffff813b4944>] start_this_handle+0x104/0x460
    
        which lock already depends on the new lock.
    
        the existing dependency chain (in reverse order) is:
    
        -> #2 (jbd2_handle){++++..}:
                lock_acquire+0xbd/0x200
                start_this_handle+0x16a/0x460
                jbd2__journal_start+0xe9/0x2d0
                __ext4_journal_start_sb+0x89/0x1c0
                ext4_dirty_inode+0x32/0x70
                __mark_inode_dirty+0x235/0x670
                generic_update_time+0x87/0xd0
                touch_atime+0xa9/0xd0
                ext4_file_mmap+0x90/0xb0
                mmap_region+0x370/0x5b0
                do_mmap+0x415/0x4f0
                vm_mmap_pgoff+0xd7/0x120
                SyS_mmap_pgoff+0x1c5/0x290
                SyS_mmap+0x22/0x30
                entry_SYSCALL_64_fastpath+0x1f/0xc2
    
        -> #1 (&mm->mmap_sem){++++++}:
                lock_acquire+0xbd/0x200
                __might_fault+0x70/0xa0
                __nd_ioctl+0x683/0x720 [libnvdimm]
                nvdimm_ioctl+0x8b/0xe0 [libnvdimm]
                do_vfs_ioctl+0xa8/0x740
                SyS_ioctl+0x79/0x90
                do_syscall_64+0x6c/0x200
                return_from_SYSCALL_64+0x0/0x7a
    
        -> #0 (&nvdimm_bus->reconfig_mutex){+.+.+.}:
                __lock_acquire+0x16b6/0x1730
                lock_acquire+0xbd/0x200
                __mutex_lock+0x88/0x9b0
                mutex_lock_nested+0x1b/0x20
                nvdimm_bus_lock+0x21/0x30 [libnvdimm]
                nvdimm_forget_poison+0x25/0x50 [libnvdimm]
                nvdimm_clear_poison+0x106/0x140 [libnvdimm]
                pmem_do_bvec+0x1c2/0x2b0 [nd_pmem]
                pmem_make_request+0xf9/0x270 [nd_pmem]
                generic_make_request+0x118/0x3b0
                submit_bio+0x75/0x150
    
    Fixes: 62232e45 ("libnvdimm: control (ioctl) messages for nvdimm_bus and nvdimm devices")
    Cc: Dave Jiang <dave.jiang@intel.com>
    Reported-by: default avatarVishal Verma <vishal.l.verma@intel.com>
    Signed-off-by: default avatarDan Williams <dan.j.williams@intel.com>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
    Signed-off-by: default avatarThadeu Lima de Souza Cascardo <cascardo@canonical.com>
    1405ba5d
bus.c 17 KB