diff options
| author | Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp> | 2009-04-29 13:21:00 -0400 |
|---|---|---|
| committer | Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp> | 2009-05-10 23:57:46 -0400 |
| commit | 47eb6b9c8fa963c9f49967ad1d9d7ec947d15b68 (patch) | |
| tree | f69916e4135bd4550b11a8faa631eacd78fddded | |
| parent | 843382370ec614768ac13582405f93635cf3637c (diff) | |
nilfs2: fix possible circular locking for get information ioctls
This is one of two patches which are to correct possible circular
locking between mm->mmap_sem and nilfs->ns_segctor_sem.
The problem was detected by lockdep check as follows:
=======================================================
[ INFO: possible circular locking dependency detected ]
2.6.30-rc3-nilfs-00002-g3552613 #6
-------------------------------------------------------
mmap/5418 is trying to acquire lock:
(&nilfs->ns_segctor_sem){++++.+}, at: [<d0d0e852>] nilfs_transaction_begin+0xb6/0x10c [nilfs2]
but task is already holding lock:
(&mm->mmap_sem){++++++}, at: [<c043700a>] do_page_fault+0x1d8/0x30a
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&mm->mmap_sem){++++++}:
[<c01470a5>] __lock_acquire+0x1066/0x13b0
[<c01474a9>] lock_acquire+0xba/0xdd
[<c01836bc>] might_fault+0x68/0x88
[<c023c730>] copy_to_user+0x2c/0xfc
[<d0d11b4f>] nilfs_ioctl_wrap_copy+0x103/0x160 [nilfs2]
[<d0d11fa9>] nilfs_ioctl+0x30a/0x3b0 [nilfs2]
[<c01a3be7>] vfs_ioctl+0x22/0x69
[<c01a408e>] do_vfs_ioctl+0x460/0x499
[<c01a4107>] sys_ioctl+0x40/0x5a
[<c01031a4>] sysenter_do_call+0x12/0x38
[<ffffffff>] 0xffffffff
-> #0 (&nilfs->ns_segctor_sem){++++.+}:
[<c0146e0b>] __lock_acquire+0xdcc/0x13b0
[<c01474a9>] lock_acquire+0xba/0xdd
[<c0433f1d>] down_read+0x2a/0x3e
[<d0d0e852>] nilfs_transaction_begin+0xb6/0x10c [nilfs2]
[<d0cfe0e5>] nilfs_page_mkwrite+0xe7/0x154 [nilfs2]
[<c0183b0b>] __do_fault+0x165/0x376
[<c01855cd>] handle_mm_fault+0x287/0x5d1
[<c043712d>] do_page_fault+0x2fb/0x30a
[<c0435462>] error_code+0x72/0x78
[<ffffffff>] 0xffffffff
other info that might help us debug this:
1 lock held by mmap/5418:
#0: (&mm->mmap_sem){++++++}, at: [<c043700a>] do_page_fault+0x1d8/0x30a
stack backtrace:
Pid: 5418, comm: mmap Not tainted 2.6.30-rc3-nilfs-00002-g3552613 #6
Call Trace:
[<c0432145>] ? printk+0xf/0x12
[<c0145c48>] print_circular_bug_tail+0xaa/0xb5
[<c0146e0b>] __lock_acquire+0xdcc/0x13b0
[<d0d10149>] ? nilfs_sufile_get_stat+0x1e/0x105 [nilfs2]
[<c013b59a>] ? up_read+0x16/0x2c
[<d0d10225>] ? nilfs_sufile_get_stat+0xfa/0x105 [nilfs2]
[<c01474a9>] lock_acquire+0xba/0xdd
[<d0d0e852>] ? nilfs_transaction_begin+0xb6/0x10c [nilfs2]
[<c0433f1d>] down_read+0x2a/0x3e
[<d0d0e852>] ? nilfs_transaction_begin+0xb6/0x10c [nilfs2]
[<d0d0e852>] nilfs_transaction_begin+0xb6/0x10c [nilfs2]
[<d0cfe0e5>] nilfs_page_mkwrite+0xe7/0x154 [nilfs2]
[<c0183b0b>] __do_fault+0x165/0x376
[<c01855cd>] handle_mm_fault+0x287/0x5d1
[<c043700a>] ? do_page_fault+0x1d8/0x30a
[<c013b54f>] ? down_read_trylock+0x39/0x43
[<c043712d>] do_page_fault+0x2fb/0x30a
[<c0436e32>] ? do_page_fault+0x0/0x30a
[<c0435462>] error_code+0x72/0x78
[<c0436e32>] ? do_page_fault+0x0/0x30a
This makes the lock granularity of nilfs->ns_segctor_sem finer than
that of the mmap semaphore for ioctl commands except
nilfs_clean_segments().
The successive patch ("nilfs2: fix lock order reversal in
nilfs_clean_segments ioctl") is required to fully resolve the problem.
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
| -rw-r--r-- | fs/nilfs2/ioctl.c | 100 |
1 files changed, 38 insertions, 62 deletions
diff --git a/fs/nilfs2/ioctl.c b/fs/nilfs2/ioctl.c index be387c6b2d46..e3c693d37d69 100644 --- a/fs/nilfs2/ioctl.c +++ b/fs/nilfs2/ioctl.c | |||
| @@ -147,29 +147,12 @@ static ssize_t | |||
| 147 | nilfs_ioctl_do_get_cpinfo(struct the_nilfs *nilfs, __u64 *posp, int flags, | 147 | nilfs_ioctl_do_get_cpinfo(struct the_nilfs *nilfs, __u64 *posp, int flags, |
| 148 | void *buf, size_t size, size_t nmembs) | 148 | void *buf, size_t size, size_t nmembs) |
| 149 | { | 149 | { |
| 150 | return nilfs_cpfile_get_cpinfo(nilfs->ns_cpfile, posp, flags, buf, | ||
| 151 | nmembs); | ||
| 152 | } | ||
| 153 | |||
| 154 | static int nilfs_ioctl_get_cpinfo(struct inode *inode, struct file *filp, | ||
| 155 | unsigned int cmd, void __user *argp) | ||
| 156 | { | ||
| 157 | struct the_nilfs *nilfs = NILFS_SB(inode->i_sb)->s_nilfs; | ||
| 158 | struct nilfs_argv argv; | ||
| 159 | int ret; | 150 | int ret; |
| 160 | 151 | ||
| 161 | if (copy_from_user(&argv, argp, sizeof(argv))) | ||
| 162 | return -EFAULT; | ||
| 163 | |||
| 164 | down_read(&nilfs->ns_segctor_sem); | 152 | down_read(&nilfs->ns_segctor_sem); |
| 165 | ret = nilfs_ioctl_wrap_copy(nilfs, &argv, _IOC_DIR(cmd), | 153 | ret = nilfs_cpfile_get_cpinfo(nilfs->ns_cpfile, posp, flags, buf, |
| 166 | nilfs_ioctl_do_get_cpinfo); | 154 | nmembs); |
| 167 | up_read(&nilfs->ns_segctor_sem); | 155 | up_read(&nilfs->ns_segctor_sem); |
| 168 | if (ret < 0) | ||
| 169 | return ret; | ||
| 170 | |||
| 171 | if (copy_to_user(argp, &argv, sizeof(argv))) | ||
| 172 | ret = -EFAULT; | ||
| 173 | return ret; | 156 | return ret; |
| 174 | } | 157 | } |
| 175 | 158 | ||
| @@ -195,28 +178,11 @@ static ssize_t | |||
| 195 | nilfs_ioctl_do_get_suinfo(struct the_nilfs *nilfs, __u64 *posp, int flags, | 178 | nilfs_ioctl_do_get_suinfo(struct the_nilfs *nilfs, __u64 *posp, int flags, |
| 196 | void *buf, size_t size, size_t nmembs) | 179 | void *buf, size_t size, size_t nmembs) |
| 197 | { | 180 | { |
| 198 | return nilfs_sufile_get_suinfo(nilfs->ns_sufile, *posp, buf, nmembs); | ||
| 199 | } | ||
| 200 | |||
| 201 | static int nilfs_ioctl_get_suinfo(struct inode *inode, struct file *filp, | ||
| 202 | unsigned int cmd, void __user *argp) | ||
| 203 | { | ||
| 204 | struct the_nilfs *nilfs = NILFS_SB(inode->i_sb)->s_nilfs; | ||
| 205 | struct nilfs_argv argv; | ||
| 206 | int ret; | 181 | int ret; |
| 207 | 182 | ||
| 208 | if (copy_from_user(&argv, argp, sizeof(argv))) | ||
| 209 | return -EFAULT; | ||
| 210 | |||
| 211 | down_read(&nilfs->ns_segctor_sem); | 183 | down_read(&nilfs->ns_segctor_sem); |
| 212 | ret = nilfs_ioctl_wrap_copy(nilfs, &argv, _IOC_DIR(cmd), | 184 | ret = nilfs_sufile_get_suinfo(nilfs->ns_sufile, *posp, buf, nmembs); |
| 213 | nilfs_ioctl_do_get_suinfo); | ||
| 214 | up_read(&nilfs->ns_segctor_sem); | 185 | up_read(&nilfs->ns_segctor_sem); |
| 215 | if (ret < 0) | ||
| 216 | return ret; | ||
| 217 | |||
| 218 | if (copy_to_user(argp, &argv, sizeof(argv))) | ||
| 219 | ret = -EFAULT; | ||
| 220 | return ret; | 186 | return ret; |
| 221 | } | 187 | } |
| 222 | 188 | ||
| @@ -242,28 +208,11 @@ static ssize_t | |||
| 242 | nilfs_ioctl_do_get_vinfo(struct the_nilfs *nilfs, __u64 *posp, int flags, | 208 | nilfs_ioctl_do_get_vinfo(struct the_nilfs *nilfs, __u64 *posp, int flags, |
| 243 | void *buf, size_t size, size_t nmembs) | 209 | void *buf, size_t size, size_t nmembs) |
| 244 | { | 210 | { |
| 245 | return nilfs_dat_get_vinfo(nilfs_dat_inode(nilfs), buf, nmembs); | ||
| 246 | } | ||
| 247 | |||
| 248 | static int nilfs_ioctl_get_vinfo(struct inode *inode, struct file *filp, | ||
| 249 | unsigned int cmd, void __user *argp) | ||
| 250 | { | ||
| 251 | struct the_nilfs *nilfs = NILFS_SB(inode->i_sb)->s_nilfs; | ||
| 252 | struct nilfs_argv argv; | ||
| 253 | int ret; | 211 | int ret; |
| 254 | 212 | ||
| 255 | if (copy_from_user(&argv, argp, sizeof(argv))) | ||
| 256 | return -EFAULT; | ||
| 257 | |||
| 258 | down_read(&nilfs->ns_segctor_sem); | 213 | down_read(&nilfs->ns_segctor_sem); |
| 259 | ret = nilfs_ioctl_wrap_copy(nilfs, &argv, _IOC_DIR(cmd), | 214 | ret = nilfs_dat_get_vinfo(nilfs_dat_inode(nilfs), buf, nmembs); |
| 260 | nilfs_ioctl_do_get_vinfo); | ||
| 261 | up_read(&nilfs->ns_segctor_sem); | 215 | up_read(&nilfs->ns_segctor_sem); |
| 262 | if (ret < 0) | ||
| 263 | return ret; | ||
| 264 | |||
| 265 | if (copy_to_user(argp, &argv, sizeof(argv))) | ||
| 266 | ret = -EFAULT; | ||
| 267 | return ret; | 216 | return ret; |
| 268 | } | 217 | } |
| 269 | 218 | ||
| @@ -276,17 +225,21 @@ nilfs_ioctl_do_get_bdescs(struct the_nilfs *nilfs, __u64 *posp, int flags, | |||
| 276 | struct nilfs_bdesc *bdescs = buf; | 225 | struct nilfs_bdesc *bdescs = buf; |
| 277 | int ret, i; | 226 | int ret, i; |
| 278 | 227 | ||
| 228 | down_read(&nilfs->ns_segctor_sem); | ||
| 279 | for (i = 0; i < nmembs; i++) { | 229 | for (i = 0; i < nmembs; i++) { |
| 280 | ret = nilfs_bmap_lookup_at_level(bmap, | 230 | ret = nilfs_bmap_lookup_at_level(bmap, |
| 281 | bdescs[i].bd_offset, | 231 | bdescs[i].bd_offset, |
| 282 | bdescs[i].bd_level + 1, | 232 | bdescs[i].bd_level + 1, |
| 283 | &bdescs[i].bd_blocknr); | 233 | &bdescs[i].bd_blocknr); |
| 284 | if (ret < 0) { | 234 | if (ret < 0) { |
| 285 | if (ret != -ENOENT) | 235 | if (ret != -ENOENT) { |
| 236 | up_read(&nilfs->ns_segctor_sem); | ||
| 286 | return ret; | 237 | return ret; |
| 238 | } | ||
| 287 | bdescs[i].bd_blocknr = 0; | 239 | bdescs[i].bd_blocknr = 0; |
| 288 | } | 240 | } |
| 289 | } | 241 | } |
| 242 | up_read(&nilfs->ns_segctor_sem); | ||
| 290 | return nmembs; | 243 | return nmembs; |
| 291 | } | 244 | } |
| 292 | 245 | ||
| @@ -300,10 +253,8 @@ static int nilfs_ioctl_get_bdescs(struct inode *inode, struct file *filp, | |||
| 300 | if (copy_from_user(&argv, argp, sizeof(argv))) | 253 | if (copy_from_user(&argv, argp, sizeof(argv))) |
| 301 | return -EFAULT; | 254 | return -EFAULT; |
| 302 | 255 | ||
| 303 | down_read(&nilfs->ns_segctor_sem); | ||
| 304 | ret = nilfs_ioctl_wrap_copy(nilfs, &argv, _IOC_DIR(cmd), | 256 | ret = nilfs_ioctl_wrap_copy(nilfs, &argv, _IOC_DIR(cmd), |
| 305 | nilfs_ioctl_do_get_bdescs); | 257 | nilfs_ioctl_do_get_bdescs); |
| 306 | up_read(&nilfs->ns_segctor_sem); | ||
| 307 | if (ret < 0) | 258 | if (ret < 0) |
| 308 | return ret; | 259 | return ret; |
| 309 | 260 | ||
| @@ -623,6 +574,29 @@ static int nilfs_ioctl_sync(struct inode *inode, struct file *filp, | |||
| 623 | return 0; | 574 | return 0; |
| 624 | } | 575 | } |
| 625 | 576 | ||
| 577 | static int nilfs_ioctl_get_info(struct inode *inode, struct file *filp, | ||
| 578 | unsigned int cmd, void __user *argp, | ||
| 579 | ssize_t (*dofunc)(struct the_nilfs *, | ||
| 580 | __u64 *, int, | ||
| 581 | void *, size_t, size_t)) | ||
| 582 | |||
| 583 | { | ||
| 584 | struct the_nilfs *nilfs = NILFS_SB(inode->i_sb)->s_nilfs; | ||
| 585 | struct nilfs_argv argv; | ||
| 586 | int ret; | ||
| 587 | |||
| 588 | if (copy_from_user(&argv, argp, sizeof(argv))) | ||
| 589 | return -EFAULT; | ||
| 590 | |||
| 591 | ret = nilfs_ioctl_wrap_copy(nilfs, &argv, _IOC_DIR(cmd), dofunc); | ||
| 592 | if (ret < 0) | ||
| 593 | return ret; | ||
| 594 | |||
| 595 | if (copy_to_user(argp, &argv, sizeof(argv))) | ||
| 596 | ret = -EFAULT; | ||
| 597 | return ret; | ||
| 598 | } | ||
| 599 | |||
| 626 | long nilfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) | 600 | long nilfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) |
| 627 | { | 601 | { |
| 628 | struct inode *inode = filp->f_dentry->d_inode; | 602 | struct inode *inode = filp->f_dentry->d_inode; |
| @@ -634,16 +608,18 @@ long nilfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) | |||
| 634 | case NILFS_IOCTL_DELETE_CHECKPOINT: | 608 | case NILFS_IOCTL_DELETE_CHECKPOINT: |
| 635 | return nilfs_ioctl_delete_checkpoint(inode, filp, cmd, argp); | 609 | return nilfs_ioctl_delete_checkpoint(inode, filp, cmd, argp); |
| 636 | case NILFS_IOCTL_GET_CPINFO: | 610 | case NILFS_IOCTL_GET_CPINFO: |
| 637 | return nilfs_ioctl_get_cpinfo(inode, filp, cmd, argp); | 611 | return nilfs_ioctl_get_info(inode, filp, cmd, argp, |
| 612 | nilfs_ioctl_do_get_cpinfo); | ||
| 638 | case NILFS_IOCTL_GET_CPSTAT: | 613 | case NILFS_IOCTL_GET_CPSTAT: |
| 639 | return nilfs_ioctl_get_cpstat(inode, filp, cmd, argp); | 614 | return nilfs_ioctl_get_cpstat(inode, filp, cmd, argp); |
| 640 | case NILFS_IOCTL_GET_SUINFO: | 615 | case NILFS_IOCTL_GET_SUINFO: |
| 641 | return nilfs_ioctl_get_suinfo(inode, filp, cmd, argp); | 616 | return nilfs_ioctl_get_info(inode, filp, cmd, argp, |
| 617 | nilfs_ioctl_do_get_suinfo); | ||
| 642 | case NILFS_IOCTL_GET_SUSTAT: | 618 | case NILFS_IOCTL_GET_SUSTAT: |
| 643 | return nilfs_ioctl_get_sustat(inode, filp, cmd, argp); | 619 | return nilfs_ioctl_get_sustat(inode, filp, cmd, argp); |
| 644 | case NILFS_IOCTL_GET_VINFO: | 620 | case NILFS_IOCTL_GET_VINFO: |
| 645 | /* XXX: rename to ??? */ | 621 | return nilfs_ioctl_get_info(inode, filp, cmd, argp, |
| 646 | return nilfs_ioctl_get_vinfo(inode, filp, cmd, argp); | 622 | nilfs_ioctl_do_get_vinfo); |
| 647 | case NILFS_IOCTL_GET_BDESCS: | 623 | case NILFS_IOCTL_GET_BDESCS: |
| 648 | return nilfs_ioctl_get_bdescs(inode, filp, cmd, argp); | 624 | return nilfs_ioctl_get_bdescs(inode, filp, cmd, argp); |
| 649 | case NILFS_IOCTL_CLEAN_SEGMENTS: | 625 | case NILFS_IOCTL_CLEAN_SEGMENTS: |