Commit 0558ce09 authored by OGAWA Hirofumi's avatar OGAWA Hirofumi Committed by Greg Kroah-Hartman
Browse files

loop: Fix ABBA locking race 



[ Upstream commit b4912557 ]

Current loop calls vfs_statfs() while holding the q->limits_lock. If
FS takes some locking in vfs_statfs callback, this may lead to ABBA
locking bug (at least, FAT fs has this issue actually).

So this patch calls vfs_statfs() outside q->limits_locks instead,
because looks like no reason to hold q->limits_locks while getting
discord configs.

Chain exists of:
  &sbi->fat_lock --> &q->q_usage_counter(io)#17 --> &q->limits_lock

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&q->limits_lock);
                               lock(&q->q_usage_counter(io)#17);
                               lock(&q->limits_lock);
  lock(&sbi->fat_lock);

 *** DEADLOCK ***

Reported-by: default avatar <syzbot+a5d8c609c02f508672cc@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=a5d8c609c02f508672cc


Reviewed-by: default avatarMing Lei <ming.lei@redhat.com>
Signed-off-by: default avatarOGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
Stable-dep-of: f5c84eff ("loop: Add sanity check for read/write_iter")
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent 722f6dec
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment