aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRyusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>2009-04-29 13:21:00 -0400
committerRyusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>2009-05-10 23:57:46 -0400
commit47eb6b9c8fa963c9f49967ad1d9d7ec947d15b68 (patch)
treef69916e4135bd4550b11a8faa631eacd78fddded
parent843382370ec614768ac13582405f93635cf3637c (diff)
nilfs2: fix possible circular locking for get information ioctls
This is one of two patches which are to correct possible circular locking between mm->mmap_sem and nilfs->ns_segctor_sem. The problem was detected by lockdep check as follows: ======================================================= [ INFO: possible circular locking dependency detected ] 2.6.30-rc3-nilfs-00002-g3552613 #6 ------------------------------------------------------- mmap/5418 is trying to acquire lock: (&nilfs->ns_segctor_sem){++++.+}, at: [<d0d0e852>] nilfs_transaction_begin+0xb6/0x10c [nilfs2] but task is already holding lock: (&mm->mmap_sem){++++++}, at: [<c043700a>] do_page_fault+0x1d8/0x30a which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&mm->mmap_sem){++++++}: [<c01470a5>] __lock_acquire+0x1066/0x13b0 [<c01474a9>] lock_acquire+0xba/0xdd [<c01836bc>] might_fault+0x68/0x88 [<c023c730>] copy_to_user+0x2c/0xfc [<d0d11b4f>] nilfs_ioctl_wrap_copy+0x103/0x160 [nilfs2] [<d0d11fa9>] nilfs_ioctl+0x30a/0x3b0 [nilfs2] [<c01a3be7>] vfs_ioctl+0x22/0x69 [<c01a408e>] do_vfs_ioctl+0x460/0x499 [<c01a4107>] sys_ioctl+0x40/0x5a [<c01031a4>] sysenter_do_call+0x12/0x38 [<ffffffff>] 0xffffffff -> #0 (&nilfs->ns_segctor_sem){++++.+}: [<c0146e0b>] __lock_acquire+0xdcc/0x13b0 [<c01474a9>] lock_acquire+0xba/0xdd [<c0433f1d>] down_read+0x2a/0x3e [<d0d0e852>] nilfs_transaction_begin+0xb6/0x10c [nilfs2] [<d0cfe0e5>] nilfs_page_mkwrite+0xe7/0x154 [nilfs2] [<c0183b0b>] __do_fault+0x165/0x376 [<c01855cd>] handle_mm_fault+0x287/0x5d1 [<c043712d>] do_page_fault+0x2fb/0x30a [<c0435462>] error_code+0x72/0x78 [<ffffffff>] 0xffffffff other info that might help us debug this: 1 lock held by mmap/5418: #0: (&mm->mmap_sem){++++++}, at: [<c043700a>] do_page_fault+0x1d8/0x30a stack backtrace: Pid: 5418, comm: mmap Not tainted 2.6.30-rc3-nilfs-00002-g3552613 #6 Call Trace: [<c0432145>] ? printk+0xf/0x12 [<c0145c48>] print_circular_bug_tail+0xaa/0xb5 [<c0146e0b>] __lock_acquire+0xdcc/0x13b0 [<d0d10149>] ? nilfs_sufile_get_stat+0x1e/0x105 [nilfs2] [<c013b59a>] ? up_read+0x16/0x2c [<d0d10225>] ? nilfs_sufile_get_stat+0xfa/0x105 [nilfs2] [<c01474a9>] lock_acquire+0xba/0xdd [<d0d0e852>] ? nilfs_transaction_begin+0xb6/0x10c [nilfs2] [<c0433f1d>] down_read+0x2a/0x3e [<d0d0e852>] ? nilfs_transaction_begin+0xb6/0x10c [nilfs2] [<d0d0e852>] nilfs_transaction_begin+0xb6/0x10c [nilfs2] [<d0cfe0e5>] nilfs_page_mkwrite+0xe7/0x154 [nilfs2] [<c0183b0b>] __do_fault+0x165/0x376 [<c01855cd>] handle_mm_fault+0x287/0x5d1 [<c043700a>] ? do_page_fault+0x1d8/0x30a [<c013b54f>] ? down_read_trylock+0x39/0x43 [<c043712d>] do_page_fault+0x2fb/0x30a [<c0436e32>] ? do_page_fault+0x0/0x30a [<c0435462>] error_code+0x72/0x78 [<c0436e32>] ? do_page_fault+0x0/0x30a This makes the lock granularity of nilfs->ns_segctor_sem finer than that of the mmap semaphore for ioctl commands except nilfs_clean_segments(). The successive patch ("nilfs2: fix lock order reversal in nilfs_clean_segments ioctl") is required to fully resolve the problem. Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
-rw-r--r--fs/nilfs2/ioctl.c100
1 files changed, 38 insertions, 62 deletions
diff --git a/fs/nilfs2/ioctl.c b/fs/nilfs2/ioctl.c
index be387c6b2d46..e3c693d37d69 100644
--- a/fs/nilfs2/ioctl.c
+++ b/fs/nilfs2/ioctl.c
@@ -147,29 +147,12 @@ static ssize_t
147nilfs_ioctl_do_get_cpinfo(struct the_nilfs *nilfs, __u64 *posp, int flags, 147nilfs_ioctl_do_get_cpinfo(struct the_nilfs *nilfs, __u64 *posp, int flags,
148 void *buf, size_t size, size_t nmembs) 148 void *buf, size_t size, size_t nmembs)
149{ 149{
150 return nilfs_cpfile_get_cpinfo(nilfs->ns_cpfile, posp, flags, buf,
151 nmembs);
152}
153
154static int nilfs_ioctl_get_cpinfo(struct inode *inode, struct file *filp,
155 unsigned int cmd, void __user *argp)
156{
157 struct the_nilfs *nilfs = NILFS_SB(inode->i_sb)->s_nilfs;
158 struct nilfs_argv argv;
159 int ret; 150 int ret;
160 151
161 if (copy_from_user(&argv, argp, sizeof(argv)))
162 return -EFAULT;
163
164 down_read(&nilfs->ns_segctor_sem); 152 down_read(&nilfs->ns_segctor_sem);
165 ret = nilfs_ioctl_wrap_copy(nilfs, &argv, _IOC_DIR(cmd), 153 ret = nilfs_cpfile_get_cpinfo(nilfs->ns_cpfile, posp, flags, buf,
166 nilfs_ioctl_do_get_cpinfo); 154 nmembs);
167 up_read(&nilfs->ns_segctor_sem); 155 up_read(&nilfs->ns_segctor_sem);
168 if (ret < 0)
169 return ret;
170
171 if (copy_to_user(argp, &argv, sizeof(argv)))
172 ret = -EFAULT;
173 return ret; 156 return ret;
174} 157}
175 158
@@ -195,28 +178,11 @@ static ssize_t
195nilfs_ioctl_do_get_suinfo(struct the_nilfs *nilfs, __u64 *posp, int flags, 178nilfs_ioctl_do_get_suinfo(struct the_nilfs *nilfs, __u64 *posp, int flags,
196 void *buf, size_t size, size_t nmembs) 179 void *buf, size_t size, size_t nmembs)
197{ 180{
198 return nilfs_sufile_get_suinfo(nilfs->ns_sufile, *posp, buf, nmembs);
199}
200
201static int nilfs_ioctl_get_suinfo(struct inode *inode, struct file *filp,
202 unsigned int cmd, void __user *argp)
203{
204 struct the_nilfs *nilfs = NILFS_SB(inode->i_sb)->s_nilfs;
205 struct nilfs_argv argv;
206 int ret; 181 int ret;
207 182
208 if (copy_from_user(&argv, argp, sizeof(argv)))
209 return -EFAULT;
210
211 down_read(&nilfs->ns_segctor_sem); 183 down_read(&nilfs->ns_segctor_sem);
212 ret = nilfs_ioctl_wrap_copy(nilfs, &argv, _IOC_DIR(cmd), 184 ret = nilfs_sufile_get_suinfo(nilfs->ns_sufile, *posp, buf, nmembs);
213 nilfs_ioctl_do_get_suinfo);
214 up_read(&nilfs->ns_segctor_sem); 185 up_read(&nilfs->ns_segctor_sem);
215 if (ret < 0)
216 return ret;
217
218 if (copy_to_user(argp, &argv, sizeof(argv)))
219 ret = -EFAULT;
220 return ret; 186 return ret;
221} 187}
222 188
@@ -242,28 +208,11 @@ static ssize_t
242nilfs_ioctl_do_get_vinfo(struct the_nilfs *nilfs, __u64 *posp, int flags, 208nilfs_ioctl_do_get_vinfo(struct the_nilfs *nilfs, __u64 *posp, int flags,
243 void *buf, size_t size, size_t nmembs) 209 void *buf, size_t size, size_t nmembs)
244{ 210{
245 return nilfs_dat_get_vinfo(nilfs_dat_inode(nilfs), buf, nmembs);
246}
247
248static int nilfs_ioctl_get_vinfo(struct inode *inode, struct file *filp,
249 unsigned int cmd, void __user *argp)
250{
251 struct the_nilfs *nilfs = NILFS_SB(inode->i_sb)->s_nilfs;
252 struct nilfs_argv argv;
253 int ret; 211 int ret;
254 212
255 if (copy_from_user(&argv, argp, sizeof(argv)))
256 return -EFAULT;
257
258 down_read(&nilfs->ns_segctor_sem); 213 down_read(&nilfs->ns_segctor_sem);
259 ret = nilfs_ioctl_wrap_copy(nilfs, &argv, _IOC_DIR(cmd), 214 ret = nilfs_dat_get_vinfo(nilfs_dat_inode(nilfs), buf, nmembs);
260 nilfs_ioctl_do_get_vinfo);
261 up_read(&nilfs->ns_segctor_sem); 215 up_read(&nilfs->ns_segctor_sem);
262 if (ret < 0)
263 return ret;
264
265 if (copy_to_user(argp, &argv, sizeof(argv)))
266 ret = -EFAULT;
267 return ret; 216 return ret;
268} 217}
269 218
@@ -276,17 +225,21 @@ nilfs_ioctl_do_get_bdescs(struct the_nilfs *nilfs, __u64 *posp, int flags,
276 struct nilfs_bdesc *bdescs = buf; 225 struct nilfs_bdesc *bdescs = buf;
277 int ret, i; 226 int ret, i;
278 227
228 down_read(&nilfs->ns_segctor_sem);
279 for (i = 0; i < nmembs; i++) { 229 for (i = 0; i < nmembs; i++) {
280 ret = nilfs_bmap_lookup_at_level(bmap, 230 ret = nilfs_bmap_lookup_at_level(bmap,
281 bdescs[i].bd_offset, 231 bdescs[i].bd_offset,
282 bdescs[i].bd_level + 1, 232 bdescs[i].bd_level + 1,
283 &bdescs[i].bd_blocknr); 233 &bdescs[i].bd_blocknr);
284 if (ret < 0) { 234 if (ret < 0) {
285 if (ret != -ENOENT) 235 if (ret != -ENOENT) {
236 up_read(&nilfs->ns_segctor_sem);
286 return ret; 237 return ret;
238 }
287 bdescs[i].bd_blocknr = 0; 239 bdescs[i].bd_blocknr = 0;
288 } 240 }
289 } 241 }
242 up_read(&nilfs->ns_segctor_sem);
290 return nmembs; 243 return nmembs;
291} 244}
292 245
@@ -300,10 +253,8 @@ static int nilfs_ioctl_get_bdescs(struct inode *inode, struct file *filp,
300 if (copy_from_user(&argv, argp, sizeof(argv))) 253 if (copy_from_user(&argv, argp, sizeof(argv)))
301 return -EFAULT; 254 return -EFAULT;
302 255
303 down_read(&nilfs->ns_segctor_sem);
304 ret = nilfs_ioctl_wrap_copy(nilfs, &argv, _IOC_DIR(cmd), 256 ret = nilfs_ioctl_wrap_copy(nilfs, &argv, _IOC_DIR(cmd),
305 nilfs_ioctl_do_get_bdescs); 257 nilfs_ioctl_do_get_bdescs);
306 up_read(&nilfs->ns_segctor_sem);
307 if (ret < 0) 258 if (ret < 0)
308 return ret; 259 return ret;
309 260
@@ -623,6 +574,29 @@ static int nilfs_ioctl_sync(struct inode *inode, struct file *filp,
623 return 0; 574 return 0;
624} 575}
625 576
577static int nilfs_ioctl_get_info(struct inode *inode, struct file *filp,
578 unsigned int cmd, void __user *argp,
579 ssize_t (*dofunc)(struct the_nilfs *,
580 __u64 *, int,
581 void *, size_t, size_t))
582
583{
584 struct the_nilfs *nilfs = NILFS_SB(inode->i_sb)->s_nilfs;
585 struct nilfs_argv argv;
586 int ret;
587
588 if (copy_from_user(&argv, argp, sizeof(argv)))
589 return -EFAULT;
590
591 ret = nilfs_ioctl_wrap_copy(nilfs, &argv, _IOC_DIR(cmd), dofunc);
592 if (ret < 0)
593 return ret;
594
595 if (copy_to_user(argp, &argv, sizeof(argv)))
596 ret = -EFAULT;
597 return ret;
598}
599
626long nilfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 600long nilfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
627{ 601{
628 struct inode *inode = filp->f_dentry->d_inode; 602 struct inode *inode = filp->f_dentry->d_inode;
@@ -634,16 +608,18 @@ long nilfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
634 case NILFS_IOCTL_DELETE_CHECKPOINT: 608 case NILFS_IOCTL_DELETE_CHECKPOINT:
635 return nilfs_ioctl_delete_checkpoint(inode, filp, cmd, argp); 609 return nilfs_ioctl_delete_checkpoint(inode, filp, cmd, argp);
636 case NILFS_IOCTL_GET_CPINFO: 610 case NILFS_IOCTL_GET_CPINFO:
637 return nilfs_ioctl_get_cpinfo(inode, filp, cmd, argp); 611 return nilfs_ioctl_get_info(inode, filp, cmd, argp,
612 nilfs_ioctl_do_get_cpinfo);
638 case NILFS_IOCTL_GET_CPSTAT: 613 case NILFS_IOCTL_GET_CPSTAT:
639 return nilfs_ioctl_get_cpstat(inode, filp, cmd, argp); 614 return nilfs_ioctl_get_cpstat(inode, filp, cmd, argp);
640 case NILFS_IOCTL_GET_SUINFO: 615 case NILFS_IOCTL_GET_SUINFO:
641 return nilfs_ioctl_get_suinfo(inode, filp, cmd, argp); 616 return nilfs_ioctl_get_info(inode, filp, cmd, argp,
617 nilfs_ioctl_do_get_suinfo);
642 case NILFS_IOCTL_GET_SUSTAT: 618 case NILFS_IOCTL_GET_SUSTAT:
643 return nilfs_ioctl_get_sustat(inode, filp, cmd, argp); 619 return nilfs_ioctl_get_sustat(inode, filp, cmd, argp);
644 case NILFS_IOCTL_GET_VINFO: 620 case NILFS_IOCTL_GET_VINFO:
645 /* XXX: rename to ??? */ 621 return nilfs_ioctl_get_info(inode, filp, cmd, argp,
646 return nilfs_ioctl_get_vinfo(inode, filp, cmd, argp); 622 nilfs_ioctl_do_get_vinfo);
647 case NILFS_IOCTL_GET_BDESCS: 623 case NILFS_IOCTL_GET_BDESCS:
648 return nilfs_ioctl_get_bdescs(inode, filp, cmd, argp); 624 return nilfs_ioctl_get_bdescs(inode, filp, cmd, argp);
649 case NILFS_IOCTL_CLEAN_SEGMENTS: 625 case NILFS_IOCTL_CLEAN_SEGMENTS: