From: Alexey Khoroshilov <khoroshilov@ispras.ru>
To: Keith Busch <keith.busch@intel.com>, Jens Axboe <axboe@fb.com>
Cc: Alexey Khoroshilov <khoroshilov@ispras.ru>,
linux-nvme@lists.infradead.org, linux-kernel@vger.kernel.org,
ldv-project@linuxtesting.org
Subject: [PATCH] NVMe: fix deadlock on failure branch in nvme_get_ns_from_disk()
Date: Sat, 21 May 2016 01:36:00 +0300 [thread overview]
Message-ID: <1463783760-5851-1-git-send-email-khoroshilov@ispras.ru> (raw)
kref_put(&ns->kref, nvme_free_ns) is called in nvme_get_ns_from_disk()
under dev_list_lock spinlock, while nvme_free_ns() locks the spinlock
by itself. This can lead to a deadlock.
The patch moves try_module_get() and its error handling
out of spinlock section.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Fixes: e439bb12e75c ("nvme/host: reference the fabric module for each bdev open callout")
---
drivers/nvme/host/core.c | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index 643f457131c2..761d4c73a233 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -83,24 +83,25 @@ static void nvme_put_ns(struct nvme_ns *ns)
static struct nvme_ns *nvme_get_ns_from_disk(struct gendisk *disk)
{
struct nvme_ns *ns;
+ struct module *module;
spin_lock(&dev_list_lock);
ns = disk->private_data;
if (ns) {
- if (!kref_get_unless_zero(&ns->kref))
- goto fail;
- if (!try_module_get(ns->ctrl->ops->module))
- goto fail_put_ns;
+ if (!kref_get_unless_zero(&ns->kref)) {
+ spin_unlock(&dev_list_lock);
+ return NULL;
+ }
+ module = ns->ctrl->ops->module;
}
spin_unlock(&dev_list_lock);
- return ns;
+ if (!try_module_get(module)) {
+ nvme_put_ns(ns);
+ return NULL;
+ }
-fail_put_ns:
- kref_put(&ns->kref, nvme_free_ns);
-fail:
- spin_unlock(&dev_list_lock);
- return NULL;
+ return ns;
}
void nvme_requeue_req(struct request *req)
--
1.9.1
next reply other threads:[~2016-05-20 22:37 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-20 22:36 Alexey Khoroshilov [this message]
2016-05-20 23:05 ` [PATCH] NVMe: fix deadlock on failure branch in nvme_get_ns_from_disk() Keith Busch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1463783760-5851-1-git-send-email-khoroshilov@ispras.ru \
--to=khoroshilov@ispras.ru \
--cc=axboe@fb.com \
--cc=keith.busch@intel.com \
--cc=ldv-project@linuxtesting.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nvme@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).