Skip to content

Commit 85b0a54

Browse files
jankaraaxboe
jankara
authored and
axboe
committed
loop: Move loop_reread_partitions() out of loop_ctl_mutex
Calling loop_reread_partitions() under loop_ctl_mutex causes lockdep to complain about circular lock dependency between bdev->bd_mutex and lo->lo_ctl_mutex. The problem is that on loop device open or close lo_open() and lo_release() get called with bdev->bd_mutex held and they need to acquire loop_ctl_mutex. OTOH when loop_reread_partitions() is called with loop_ctl_mutex held, it will call blkdev_reread_part() which acquires bdev->bd_mutex. See syzbot report for details [1]. Move all calls of loop_rescan_partitions() out of loop_ctl_mutex to avoid lockdep warning and fix deadlock possibility. [1] https://syzkaller.appspot.com/bug?id=bf154052f0eea4bc7712499e4569505907d1588 Reported-by: syzbot <syzbot+4684a000d5abdade83fac55b1e7d1f935ef1936e@syzkaller.appspotmail.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Jens Axboe <axboe@kernel.dk>
1 parent d57f337 commit 85b0a54

File tree

1 file changed

+14
-5
lines changed

1 file changed

+14
-5
lines changed

drivers/block/loop.c

Lines changed: 14 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -679,6 +679,7 @@ static int loop_change_fd(struct loop_device *lo, struct block_device *bdev,
679679
{
680680
struct file *file, *old_file;
681681
int error;
682+
bool partscan;
682683

683684
error = mutex_lock_killable_nested(&loop_ctl_mutex, 1);
684685
if (error)
@@ -720,9 +721,10 @@ static int loop_change_fd(struct loop_device *lo, struct block_device *bdev,
720721
blk_mq_unfreeze_queue(lo->lo_queue);
721722

722723
fput(old_file);
723-
if (lo->lo_flags & LO_FLAGS_PARTSCAN)
724-
loop_reread_partitions(lo, bdev);
724+
partscan = lo->lo_flags & LO_FLAGS_PARTSCAN;
725725
mutex_unlock(&loop_ctl_mutex);
726+
if (partscan)
727+
loop_reread_partitions(lo, bdev);
726728
return 0;
727729

728730
out_putf:
@@ -903,6 +905,7 @@ static int loop_set_fd(struct loop_device *lo, fmode_t mode,
903905
int lo_flags = 0;
904906
int error;
905907
loff_t size;
908+
bool partscan;
906909

907910
/* This is safe, since we have a reference from open(). */
908911
__module_get(THIS_MODULE);
@@ -969,14 +972,15 @@ static int loop_set_fd(struct loop_device *lo, fmode_t mode,
969972
lo->lo_state = Lo_bound;
970973
if (part_shift)
971974
lo->lo_flags |= LO_FLAGS_PARTSCAN;
972-
if (lo->lo_flags & LO_FLAGS_PARTSCAN)
973-
loop_reread_partitions(lo, bdev);
975+
partscan = lo->lo_flags & LO_FLAGS_PARTSCAN;
974976

975977
/* Grab the block_device to prevent its destruction after we
976978
* put /dev/loopXX inode. Later in __loop_clr_fd() we bdput(bdev).
977979
*/
978980
bdgrab(bdev);
979981
mutex_unlock(&loop_ctl_mutex);
982+
if (partscan)
983+
loop_reread_partitions(lo, bdev);
980984
return 0;
981985

982986
out_unlock:
@@ -1157,6 +1161,8 @@ loop_set_status(struct loop_device *lo, const struct loop_info64 *info)
11571161
int err;
11581162
struct loop_func_table *xfer;
11591163
kuid_t uid = current_uid();
1164+
struct block_device *bdev;
1165+
bool partscan = false;
11601166

11611167
err = mutex_lock_killable_nested(&loop_ctl_mutex, 1);
11621168
if (err)
@@ -1245,10 +1251,13 @@ loop_set_status(struct loop_device *lo, const struct loop_info64 *info)
12451251
!(lo->lo_flags & LO_FLAGS_PARTSCAN)) {
12461252
lo->lo_flags |= LO_FLAGS_PARTSCAN;
12471253
lo->lo_disk->flags &= ~GENHD_FL_NO_PART_SCAN;
1248-
loop_reread_partitions(lo, lo->lo_device);
1254+
bdev = lo->lo_device;
1255+
partscan = true;
12491256
}
12501257
out_unlock:
12511258
mutex_unlock(&loop_ctl_mutex);
1259+
if (partscan)
1260+
loop_reread_partitions(lo, bdev);
12521261

12531262
return err;
12541263
}

0 commit comments

Comments
 (0)