korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-19 17:14:40 +08:00
Code Issues Packages Projects Releases Wiki Activity
36d4cb460b
linux/drivers/target
History
Bart Van Assche 36d4cb460b scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion 
The approach for adding a device to the devices_idr data structure and for
removing it is as follows:

* &dev->dev_group.cg_item is initialized before a device is added to
  devices_idr.

* If the reference count of a device drops to zero then
  target_free_device() removes the device from devices_idr.

* All devices_idr manipulations are protected by device_mutex.

This means that increasing the reference count of a device is sufficient to
prevent removal from devices_idr and also that it is safe access
dev_group.cg_item for any device that is referenced by devices_idr. Use
this to modify target_find_device() and target_for_each_device() such that
these functions no longer introduce a dependency between device_mutex and
the configfs root inode mutex.

Note: it is safe to pass a NULL pointer to config_item_put() and also to
config_item_get_unless_zero().

This patch prevents that lockdep reports the following complaint:

======================================================
WARNING: possible circular locking dependency detected
4.12.0-rc1-dbg+ #1 Not tainted
------------------------------------------------------
rmdir/12053 is trying to acquire lock:
 (device_mutex#2){+.+.+.}, at: [<ffffffffa010afce>]
target_free_device+0xae/0xf0 [target_core_mod]

but task is already holding lock:
 (&sb->s_type->i_mutex_key#14){++++++}, at: [<ffffffff811c5c30>]
vfs_rmdir+0x50/0x140

which lock already depends on the new lock.

the existing dependency chain (in reverse order) is:

-> #1 (&sb->s_type->i_mutex_key#14){++++++}:
       lock_acquire+0x59/0x80
       down_write+0x36/0x70
       configfs_depend_item+0x3a/0xb0 [configfs]
       target_depend_item+0x13/0x20 [target_core_mod]
       target_xcopy_locate_se_dev_e4_iter+0x87/0x100 [target_core_mod]
       target_devices_idr_iter+0x16/0x20 [target_core_mod]
       idr_for_each+0x39/0xc0
       target_for_each_device+0x36/0x50 [target_core_mod]
       target_xcopy_locate_se_dev_e4+0x28/0x80 [target_core_mod]
       target_xcopy_do_work+0x2e9/0xdd0 [target_core_mod]
       process_one_work+0x1ca/0x3f0
       worker_thread+0x49/0x3b0
       kthread+0x109/0x140
       ret_from_fork+0x31/0x40

-> #0 (device_mutex#2){+.+.+.}:
       __lock_acquire+0x101f/0x11d0
       lock_acquire+0x59/0x80
       __mutex_lock+0x7e/0x950
       mutex_lock_nested+0x16/0x20
       target_free_device+0xae/0xf0 [target_core_mod]
       target_core_dev_release+0x10/0x20 [target_core_mod]
       config_item_put+0x6e/0xb0 [configfs]
       configfs_rmdir+0x1a6/0x300 [configfs]
       vfs_rmdir+0xb7/0x140
       do_rmdir+0x1f4/0x200
       SyS_rmdir+0x11/0x20
       entry_SYSCALL_64_fastpath+0x23/0xc2

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&sb->s_type->i_mutex_key#14);
                               lock(device_mutex#2);
                               lock(&sb->s_type->i_mutex_key#14);
  lock(device_mutex#2);

 *** DEADLOCK ***

3 locks held by rmdir/12053:
 #0:  (sb_writers#10){.+.+.+}, at: [<ffffffff811e223f>]
mnt_want_write+0x1f/0x50
 #1:  (&sb->s_type->i_mutex_key#14/1){+.+.+.}, at: [<ffffffff811cb97e>]
do_rmdir+0x15e/0x200
 #2:  (&sb->s_type->i_mutex_key#14){++++++}, at: [<ffffffff811c5c30>]
vfs_rmdir+0x50/0x140

stack backtrace:
CPU: 3 PID: 12053 Comm: rmdir Not tainted 4.12.0-rc1-dbg+ #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.0.0-prebuilt.qemu-project.org 04/01/2014
Call Trace:
 dump_stack+0x86/0xcf
 print_circular_bug+0x1c7/0x220
 __lock_acquire+0x101f/0x11d0
 lock_acquire+0x59/0x80
 __mutex_lock+0x7e/0x950
 mutex_lock_nested+0x16/0x20
 target_free_device+0xae/0xf0 [target_core_mod]
 target_core_dev_release+0x10/0x20 [target_core_mod]
 config_item_put+0x6e/0xb0 [configfs]
 configfs_rmdir+0x1a6/0x300 [configfs]
 vfs_rmdir+0xb7/0x140
 do_rmdir+0x1f4/0x200
 SyS_rmdir+0x11/0x20
 entry_SYSCALL_64_fastpath+0x23/0xc2

Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com>
[Rebased to handle conflict withe target_find_device removal]
Signed-off-by: Mike Christie <mchristi@redhat.com>

Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2018-07-02 16:44:30 -04:00
..
iscsi scsi: target: Convert target drivers to use sbitmap 2018-06-19 22:02:25 -04:00
loopback target/tcm_loop: Use blk_queue_flag_set() 2018-03-08 14:13:48 -07:00
sbp scsi: target: Convert target drivers to use sbitmap 2018-06-19 22:02:25 -04:00
tcm_fc scsi: target: Convert target drivers to use sbitmap 2018-06-19 22:02:25 -04:00
Kconfig target: Use sgl_alloc_order() and sgl_free() 2018-01-06 09:18:00 -07:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
target_core_alua.c target: fix ALUA state file path truncation 2017-11-04 15:00:30 -07:00
target_core_alua.h Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2017-11-24 19:19:20 -10:00
target_core_configfs.c scsi: target: Use config_item_name() instead of open-coding it 2018-07-02 16:44:30 -04:00
target_core_device.c scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion 2018-07-02 16:44:30 -04:00
target_core_fabric_configfs.c target: Move a declaration of a global variable into a header file 2017-11-04 15:15:30 -07:00
target_core_fabric_lib.c target-core: don't use "const char*" for a buffer that is written to 2018-01-12 15:07:09 -08:00
target_core_file.c scsi: target: target/file: Add support of direct and async I/O 2018-05-14 22:40:08 -04:00
target_core_file.h scsi: target: target/file: Add support of direct and async I/O 2018-05-14 22:40:08 -04:00
target_core_hba.c target: Fix target_sense_desc_format NULL pointer dereference 2015-09-24 23:17:23 -07:00
target_core_iblock.c target: convert to bioset_init()/mempool_init() 2018-05-30 15:33:32 -06:00
target_core_iblock.h target: convert to bioset_init()/mempool_init() 2018-05-30 15:33:32 -06:00
target_core_internal.h scsi: target: prefer dbroot of /etc/target over /var/target 2018-04-19 00:47:02 -04:00
target_core_pr.c target-core: don't use "const char*" for a buffer that is written to 2018-01-12 15:07:09 -08:00
target_core_pr.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
target_core_pscsi.c SCSI misc on 20180610 2018-06-10 13:01:12 -07:00
target_core_pscsi.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
target_core_rd.c target: break up free_device callback 2017-07-06 23:11:37 -07:00
target_core_rd.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
target_core_sbc.c scsi: target: Use config_item_name() instead of open-coding it 2018-07-02 16:44:30 -04:00
target_core_spc.c target: Fix cmd size for PR-OUT in passthrough_parse_cdb 2017-07-09 20:58:49 -07:00
target_core_stat.c target: make config_item_type const 2017-10-19 16:15:17 +02:00
target_core_tmr.c target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK 2017-11-07 19:50:24 -08:00
target_core_tpg.c target: Fix node_acl demo-mode + uncached dynamic shutdown regression 2017-08-09 20:55:19 -07:00
target_core_transport.c scsi: target: Convert target drivers to use sbitmap 2018-06-19 22:02:25 -04:00
target_core_ua.c Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-07-04 14:13:43 -07:00
target_core_ua.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
target_core_user.c scsi: tcmu: Don't pass KERN_ERR to pr_err 2018-06-26 12:55:08 -04:00
target_core_xcopy.c xcopy: loop over devices using idr helper 2017-07-06 23:11:40 -07:00
target_core_xcopy.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00