From: Christoph Hellwig <hch@lst.de>
To: Song Liu <song@kernel.org>
Cc: Luis Chamberlain <mcgrof@kernel.org>,
linux-raid@vger.kernel.org,
syzbot+fadc0aaf497e6a493b9f@syzkaller.appspotmail.com
Subject: [PATCH 1/5] md: fix a lock order reversal in md_alloc
Date: Wed, 1 Sep 2021 13:38:29 +0200 [thread overview]
Message-ID: <20210901113833.1334886-2-hch@lst.de> (raw)
In-Reply-To: <20210901113833.1334886-1-hch@lst.de>
Commit b0140891a8cea3 ("md: Fix race when creating a new md device.")
not only moved assigning mddev->gendisk before calling add_disk, which
fixes the races described in the commit log, but also added a
mddev->open_mutex critical section over add_disk and creation of the
md kobj. Adding a kobject after add_disk is racy vs deleting the gendisk
right after adding it, but md already prevents against that by holding
a mddev->active reference.
On the other hand taking this lock added a lock order reversal with what
is not disk->open_mutex (used to be bdev->bd_mutex when the commit was
added) for partition devices, which need that lock for the internal open
for the partition scan, and a recent commit also takes it for
non-partitioned devices, leading to further lockdep splatter.
Fixes: b0140891a8ce ("md: Fix race when creating a new md device.")
Fixes: d62633873590 ("block: support delayed holder registration")
Reported-by: syzbot+fadc0aaf497e6a493b9f@syzkaller.appspotmail.com
Signed-off-by: Christoph Hellwig <hch@lst.de>
Tested-by: syzbot+fadc0aaf497e6a493b9f@syzkaller.appspotmail.com
---
drivers/md/md.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/drivers/md/md.c b/drivers/md/md.c
index ae8fe54ea3581..6c0c3d0d905aa 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -5700,10 +5700,6 @@ static int md_alloc(dev_t dev, char *name)
disk->flags |= GENHD_FL_EXT_DEVT;
disk->events |= DISK_EVENT_MEDIA_CHANGE;
mddev->gendisk = disk;
- /* As soon as we call add_disk(), another thread could get
- * through to md_open, so make sure it doesn't get too far
- */
- mutex_lock(&mddev->open_mutex);
add_disk(disk);
error = kobject_add(&mddev->kobj, &disk_to_dev(disk)->kobj, "%s", "md");
@@ -5718,7 +5714,6 @@ static int md_alloc(dev_t dev, char *name)
if (mddev->kobj.sd &&
sysfs_create_group(&mddev->kobj, &md_bitmap_group))
pr_debug("pointless warning\n");
- mutex_unlock(&mddev->open_mutex);
abort:
mutex_unlock(&disks_mutex);
if (!error && mddev->kobj.sd) {
--
2.30.2
next prev parent reply other threads:[~2021-09-01 11:40 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-01 11:38 fix a lock order reversal in md_alloc Christoph Hellwig
2021-09-01 11:38 ` Christoph Hellwig [this message]
2021-09-03 6:08 ` [PATCH 1/5] md: " Guoqing Jiang
2021-09-03 7:48 ` NeilBrown
2021-09-01 11:38 ` [PATCH 2/5] md: add error handling support for add_disk() Christoph Hellwig
2021-09-01 11:38 ` [PATCH 3/5] md: add the bitmap group to the default groups for the md kobject Christoph Hellwig
2021-09-01 11:38 ` [PATCH 4/5] md: extend disks_mutex coverage Christoph Hellwig
2021-09-01 11:38 ` [PATCH 5/5] md: properly unwind when failing to add the kobject in md_alloc Christoph Hellwig
2021-09-02 5:06 ` fix a lock order reversal " Song Liu
2021-09-04 1:48 ` Luis Chamberlain
2021-09-09 6:14 ` Song Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210901113833.1334886-2-hch@lst.de \
--to=hch@lst.de \
--cc=linux-raid@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=song@kernel.org \
--cc=syzbot+fadc0aaf497e6a493b9f@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.