[PATCH -next] mtd: fix possible deadlock when loading and opening mtd device

From: Yang Yingliang
Date: Tue Aug 24 2021 - 06:24:37 EST

Next message: Tzung-Bi Shih: "Re: [PATCH 5/9] media: mtk-vcodec: Rewrite venc clock interface"
Previous message: Stephen Rothwell: "linux-next: Tree for Aug 24"
Next in thread: Miquel Raynal: "Re: [PATCH -next] mtd: fix possible deadlock when loading and opening mtd device"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I got the possible circular locking dependency detected report:

[ 52.472106][ T483] ======================================================
[ 52.473212][ T483] WARNING: possible circular locking dependency detected
[ 52.474322][ T483] 5.14.0-rc6-next-20210820+ #438 Not tainted
[ 52.475272][ T483] ------------------------------------------------------
[ 52.476385][ T483] systemd-udevd/483 is trying to acquire lock:
[ 52.477356][ T483] ffffffff8c5d45a8 (mtd_table_mutex){+.+.}-{3:3}, at: blktrans_open.cold.18+0x44/0x4b1
[ 52.480510][ T483]
[ 52.480510][ T483] but task is already holding lock:
[ 52.481664][ T483] ffff88810eff8918 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x428/0x910
[ 52.483164][ T483]
[ 52.483164][ T483] which lock already depends on the new lock.
[ 52.483164][ T483]
[ 52.484578][ T483]
[ 52.484578][ T483] the existing dependency chain (in reverse order) is:
[ 52.485803][ T483]
[ 52.485803][ T483] -> #1 (&disk->open_mutex){+.+.}-{3:3}:
[ 52.486888][ T483] __mutex_lock+0x140/0x15d0
[ 52.487599][ T483] bd_register_pending_holders+0xb9/0x302
[ 52.488463][ T483] device_add_disk+0x375/0xcf0
[ 52.489198][ T483] add_mtd_blktrans_dev+0x11a4/0x16f0
[ 52.490019][ T483] mtdblock_add_mtd+0x21a/0x2b0
[ 52.490771][ T483] blktrans_notify_add+0xae/0xdb
[ 52.491531][ T483] add_mtd_device.cold.26+0xa98/0xc98
[ 52.492348][ T483] mtd_device_parse_register+0x516/0x870
[ 52.493201][ T483] mtdram_init_device+0x294/0x350
[ 52.493966][ T483] init_mtdram+0xde/0x16e
[ 52.494644][ T483] do_one_initcall+0x105/0x650
[ 52.495381][ T483] kernel_init_freeable+0x6aa/0x732
[ 52.496171][ T483] kernel_init+0x1c/0x1c0
[ 52.496847][ T483] ret_from_fork+0x1f/0x30
[ 52.497530][ T483]
[ 52.497530][ T483] -> #0 (mtd_table_mutex){+.+.}-{3:3}:
[ 52.498591][ T483] __lock_acquire+0x2cfa/0x5990
[ 52.499343][ T483] lock_acquire+0x1a0/0x500
[ 52.500041][ T483] __mutex_lock+0x140/0x15d0
[ 52.500749][ T483] blktrans_open.cold.18+0x44/0x4b1
[ 52.501545][ T483] blkdev_get_whole+0x9f/0x280
[ 52.502282][ T483] blkdev_get_by_dev+0x593/0x910
[ 52.503041][ T483] blkdev_open+0x154/0x2a0
[ 52.503726][ T483] do_dentry_open+0x6a9/0x1260
[ 52.504461][ T483] path_openat+0xe06/0x2850
[ 52.505160][ T483] do_filp_open+0x1b0/0x280
[ 52.505857][ T483] do_sys_openat2+0x60e/0x9a0
[ 52.506576][ T483] do_sys_open+0xca/0x140
[ 52.507251][ T483] do_syscall_64+0x38/0xb0
[ 52.507936][ T483] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 52.508822][ T483]
[ 52.508822][ T483] other info that might help us debug this:
[ 52.508822][ T483]
[ 52.510218][ T483] Possible unsafe locking scenario:
[ 52.510218][ T483]
[ 52.511240][ T483] CPU0 CPU1
[ 52.511975][ T483] ---- ----
[ 52.512708][ T483] lock(&disk->open_mutex);
[ 52.513342][ T483] lock(mtd_table_mutex);
[ 52.514295][ T483] lock(&disk->open_mutex);
[ 52.515276][ T483] lock(mtd_table_mutex);
[ 52.515884][ T483]
[ 52.515884][ T483] *** DEADLOCK ***

load module path: open device path:
init_mtdram()
add_mtd_device()
mutex_lock(&mtd_table_mutex)
blktrans_notifier()
add_mtd()
blkdev_get_by_dev()
mutex_lock(&disk->open_mutex)
blktrans_open()
mutex_lock(&mtd_table_mutex);
bd_register_pending_holders()
mutex_lock(&disk->open_mutex)

add_mtd() is called under mtd_table_mutex, before it acquires open_mutex,
open_mutex may be acquired by another cpu when opening the device, and it
will wait for mtd_table_mutex which is already acquired, then the 'ABBA'
deadlock scenario is happend, reduce the mtd_table_mutex to avoid this.

Signed-off-by: Yang Yingliang <yangyingliang@xxxxxxxxxx>
---
drivers/mtd/mtd_blkdevs.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/drivers/mtd/mtd_blkdevs.c b/drivers/mtd/mtd_blkdevs.c
index 44bea3f65060..476933ab561d 100644
--- a/drivers/mtd/mtd_blkdevs.c
+++ b/drivers/mtd/mtd_blkdevs.c
@@ -358,6 +358,7 @@ int add_mtd_blktrans_dev(struct mtd_blktrans_dev *new)
list_add_tail(&new->list, &tr->devs);
added:
mutex_unlock(&blktrans_ref_mutex);
+ mutex_unlock(&mtd_table_mutex);

mutex_init(&new->lock);
kref_init(&new->ref);
@@ -434,6 +435,7 @@ int add_mtd_blktrans_dev(struct mtd_blktrans_dev *new)
new->disk_attributes);
WARN_ON(ret);
}
+ mutex_lock(&mtd_table_mutex);
return 0;

out_free_tag_set:
@@ -441,6 +443,7 @@ int add_mtd_blktrans_dev(struct mtd_blktrans_dev *new)
out_kfree_tag_set:
kfree(new->tag_set);
out_list_del:
+ mutex_lock(&mtd_table_mutex);
list_del(&new->list);
return ret;
}
--
2.25.1

Next message: Tzung-Bi Shih: "Re: [PATCH 5/9] media: mtk-vcodec: Rewrite venc clock interface"
Previous message: Stephen Rothwell: "linux-next: Tree for Aug 24"
Next in thread: Miquel Raynal: "Re: [PATCH -next] mtd: fix possible deadlock when loading and opening mtd device"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]