[PATCH] mtd: fix lock hierarchy in deregister_mtd_blktrans
Desmond Cheong Zhi Xi
desmondcheongzx at gmail.com
Mon Aug 2 04:16:39 PDT 2021
On 17/7/21 6:07 pm, Desmond Cheong Zhi Xi wrote:
> There is a lock hierarchy of major_names_lock --> mtd_table_mutex. One
> existing chain is as follows:
>
> 1. major_names_lock --> loop_ctl_mutex (when blk_request_module calls
> loop_probe)
>
> 2. loop_ctl_mutex --> bdev->bd_mutex (when loop_control_ioctl calls
> loop_remove, which then calls del_gendisk)
>
> 3. bdev->bd_mutex --> mtd_table_mutex (when blkdev_get_by_dev calls
> __blkdev_get, which then calls blktrans_open)
>
> Since unregister_blkdev grabs the major_names_lock, we need to call it
> outside the critical section for mtd_table_mutex, otherwise we invert
> the lock hierarchy.
>
> Reported-by: Hillf Danton <hdanton at sina.com>
> Signed-off-by: Desmond Cheong Zhi Xi <desmondcheongzx at gmail.com>
> ---
> drivers/mtd/mtd_blkdevs.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/mtd/mtd_blkdevs.c b/drivers/mtd/mtd_blkdevs.c
> index 7d26cfe24d05..87e26788ef60 100644
> --- a/drivers/mtd/mtd_blkdevs.c
> +++ b/drivers/mtd/mtd_blkdevs.c
> @@ -563,8 +563,8 @@ int deregister_mtd_blktrans(struct mtd_blktrans_ops *tr)
> list_for_each_entry_safe(dev, next, &tr->devs, list)
> tr->remove_dev(dev);
>
> - unregister_blkdev(tr->major, tr->name);
> mutex_unlock(&mtd_table_mutex);
> + unregister_blkdev(tr->major, tr->name);
>
> BUG_ON(!list_empty(&tr->devs));
> return 0;
>
Hi Miquèl,
Just a friendly ping, this patch is part 2 of fixing the lock hierarchy
inversion between major_names_lock and mtd_table_mutex that was
identified by Hillf Danton.
Best wishes,
Desmond
More information about the linux-mtd
mailing list