From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: ARC-Seal: i=1; a=rsa-sha256; t=1516934821; cv=none; d=google.com; s=arc-20160816; b=Y1MmQjevePhO3wprxNtfUPKKK4PxSZ1yacq2y5Z+l1wi6f15j6ucehRe35l6XM+O6F MLuMexhBUh3Vjz9YeXq901dxjpAbVyFuNFxxIXyUvriBVXcAQuH0+XBPUh5Z7xNb15cH M0/e1C+simeJudX83c+SslCz/PZtPvWU4v4qdLwbY067rBFqws4VboWGvLFfBiIk9W0P xmqZSMs5g9rhpbmxRPGS9JLXaipYi2hhuceQsPv4ShCk2ItWO7L7vmRueDjxCizNEViG FvflvaQ8/X8C66hNC/8XLmiLwQxAdrnd36FSYm4wDyyICYf8704roOe2Q+aCs+11BMJ6 5pmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=message-id:date:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=ZSlr7VANiBSvYprTdPgxpUKighqlPpealzkIj3XcV34=; b=QxPnZ2U0nEbFeRsOdWuDgq3Oo+/JA4Hoa8zXjVCVT2qGePhHLV3bK3mLISkfTLvNag WtpDmjbwZ1S/iDLE4grWs8LsllsUTYYJkkYT3vys9oZ3ERhzguMsjZX1biH+4VjVFI8f pqbdJNUrMQsp2ANrAezx01+0WNXP3ElVB9urn1YmcMblE3g2Oe+zMH183i/UR8InZc13 kEDs+F9+cSf0I/zX20jzfiSxVoBnKeN/7Sx7Nuy/7XR4dONL5WJCOblle7pVnFKLKDgS CAiPhnWKkm1TPaEMFYz6x6+m76ASGw4aMMNjOsW62woH2w/6Ev4Uj/SM8aYr4pz0bmFB h4qQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=S5nkw5vc; spf=pass (google.com: domain of joelaf@google.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=joelaf@google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=S5nkw5vc; spf=pass (google.com: domain of joelaf@google.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=joelaf@google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com X-Google-Smtp-Source: AH8x2251ITLB1Zq1jeKv3Pw3CAJVF5kbtXZkak4kROlXSH4AT8pWWnxIzU0H2jeduhI2DyBy68BlhA== From: Joel Fernandes To: linux-kernel@vger.kernel.org Cc: Joel Fernandes , Todd Kjos , Arve Hjonnevag , Greg Kroah-Hartman Subject: [PATCH] staging: ashmem: Fix lockdep issue during llseek Date: Thu, 25 Jan 2018 18:46:49 -0800 Message-Id: <20180126024649.200330-1-joelaf@google.com> X-Mailer: git-send-email 2.16.0.rc1.238.g530d649a79-goog X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: =?utf-8?q?1590621447299099171?= X-GMAIL-MSGID: =?utf-8?q?1590621447299099171?= X-Mailing-List: linux-kernel@vger.kernel.org List-ID: ashmem_mutex create a chain of dependencies like so: (1) mmap syscall -> mmap_sem -> (acquired) ashmem_mmap ashmem_mutex (try to acquire) (block) (2) llseek syscall -> ashmem_llseek -> ashmem_mutex -> (acquired) inode_lock -> inode->i_rwsem (try to acquire) (block) (3) getdents -> iterate_dir -> inode_lock -> inode->i_rwsem (acquired) copy_to_user -> mmap_sem (try to acquire) There is a lock ordering created between mmap_sem and inode->i_rwsem during a syzcaller test, this patch fixes the issue by releasing the ashmem_mutex before the call to vfs_llseek, and reacquiring it after. Cc: Todd Kjos Cc: Arve Hjonnevag Cc: Greg Kroah-Hartman Reported-by: syzbot+8ec30bb7bf1a981a2012@syzkaller.appspotmail.com Signed-off-by: Joel Fernandes --- drivers/staging/android/ashmem.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c index 0f695df14c9d..248983cf2db1 100644 --- a/drivers/staging/android/ashmem.c +++ b/drivers/staging/android/ashmem.c @@ -343,7 +343,9 @@ static loff_t ashmem_llseek(struct file *file, loff_t offset, int origin) goto out; } + mutex_unlock(&ashmem_mutex); ret = vfs_llseek(asma->file, offset, origin); + mutex_lock(&ashmem_mutex); if (ret < 0) goto out; -- 2.16.0.rc1.238.g530d649a79-goog