From patchwork Thu Jul 30 19:26:32 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Suren Baghdasaryan X-Patchwork-Id: 11693573 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1242B912 for ; Thu, 30 Jul 2020 19:26:41 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id C98042072A for ; Thu, 30 Jul 2020 19:26:40 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="gj5uH8D4" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C98042072A Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id D4B156B0022; Thu, 30 Jul 2020 15:26:39 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id CFAE48D0001; Thu, 30 Jul 2020 15:26:39 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BE9DC6B0024; Thu, 30 Jul 2020 15:26:39 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0068.hostedemail.com [216.40.44.68]) by kanga.kvack.org (Postfix) with ESMTP id A692F6B0022 for ; Thu, 30 Jul 2020 15:26:39 -0400 (EDT) Received: from smtpin19.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id 233808248D51 for ; Thu, 30 Jul 2020 19:26:39 +0000 (UTC) X-FDA: 77095724118.19.rub83_521804c26f7d Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin19.hostedemail.com (Postfix) with ESMTP id E25821AD1B2 for ; Thu, 30 Jul 2020 19:26:38 +0000 (UTC) X-Spam-Summary: 1,0,0,99d15b2fdc21205e,d41d8cd98f00b204,37r4jxwykclyoqnajxckkcha.ykihejqt-iigrwyg.knc@flex--surenb.bounces.google.com,,RULES_HIT:41:152:355:379:541:800:960:967:973:988:989:1260:1277:1313:1314:1345:1437:1516:1518:1535:1542:1593:1594:1711:1730:1747:1777:1792:1801:2194:2199:2393:2525:2559:2563:2682:2685:2859:2933:2937:2939:2942:2945:2947:2951:2954:3022:3138:3139:3140:3141:3142:3152:3354:3865:3866:3867:3868:3870:3871:3872:3874:3934:3936:3938:3941:3944:3947:3950:3953:3956:3959:4321:4605:5007:6261:6653:6742:7875:7903:9025:9121:9969:10004:10400:10429:10430:10431:10450:10455:11026:11233:11473:11658:11914:12043:12296:12297:12438:12555:12895:12986:13221:13229:13255:14181:14394:14659:14721:19903:19904:19997:19999:21080:21444:21451:21627:21660:21990:30029:30054:30070,0,RBL:209.85.222.202:@flex--surenb.bounces.google.com:.lbl8.mailshell.net-62.18.0.100 66.100.201.100;04yfge6crgrxwue65uau13bjnjeppoc8uy4u3qiffninrbef3j6zssgop3exztt.pg4pub4z5ykqniff7hhnn1hbeksyf3joeejgyyyux5b ykkueusm X-HE-Tag: rub83_521804c26f7d X-Filterd-Recvd-Size: 5574 Received: from mail-qk1-f202.google.com (mail-qk1-f202.google.com [209.85.222.202]) by imf23.hostedemail.com (Postfix) with ESMTP for ; Thu, 30 Jul 2020 19:26:38 +0000 (UTC) Received: by mail-qk1-f202.google.com with SMTP id c202so13485447qkg.12 for ; Thu, 30 Jul 2020 12:26:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=fWc6OJCig1UgfvHtWplz+nD9vozoDKzNVIvYHPTkg44=; b=gj5uH8D4Swjos7n2MMJejn1TAY3/L82VroaxdW/TCkIJ79VyK0QF+7je5BWTh2VdbP S5EJcY/69Oah1CX+JxuEJQFQiERjk/P36vSs5VY/IAzzXXFTcElypDb5ad2LCfKgg07p bxmXzb+N1u0FJ/kmrnEpOysUXavSYtx5LY2CqEkI9v108NbkONilghGgiQFXGU6ZnOQS tV4PACfZgq/MYzgVSxp7OsSRh4PVZC9+HRmf49Eutm2q6iUHcHMvbPFTIqgYorCXg0F3 6Rxksb9qwD2MmW8j0Y9pUDSrTzgxYA1mNCTFcqttpvKe9S03LbVAvGFse0CBzYiYrZDF 25FQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=fWc6OJCig1UgfvHtWplz+nD9vozoDKzNVIvYHPTkg44=; b=O00uCKYC8UGq5k1jBIqQCHLhEh0aUwA84tRozFOeubxeWDbu4qEDzAqbHcTqJ1qyGr EKtEtZhLBwKkI1Y13vL42arYxBT7Ky7ZcuXvug915CiOTKR09/ah9q8emRVyOGqqZ5pg qYJcmBwbh6pWvYt3p/upv11xleDbDBfWDHJuScpdkz1uVfvvqcd76yWj393xM2wPck6g FSlRkj9q7GbiQ/Z2/m+puyNB2uQ+IWuGVKLXR1jXl1Kwj5/hNQQUBEG7eyWXhHvwZzqH aKK+ki0N/sWfNGw0soPwyFy+sMOofdLFZ4q7mcsdxirNL2HvfYU+NqFs8kju/fAXqZhx mQ+g== X-Gm-Message-State: AOAM530RVsSLIJvAhu8wBdX0W5ilFduhGvNTIfC65nmIj6g6VQdxFxHz Qqpro79w9GSbxioSXMG2+9MKDOqcduA= X-Google-Smtp-Source: ABdhPJzEMZe4ramJ8Ov7HBdblAvH3a+W031fHCnG32znIrk4AscZJPDQJ3jlVI/1fwnUZWE1mXm5diLdqiM= X-Received: by 2002:ad4:40cb:: with SMTP id x11mr702214qvp.176.1596137197459; Thu, 30 Jul 2020 12:26:37 -0700 (PDT) Date: Thu, 30 Jul 2020 12:26:32 -0700 Message-Id: <20200730192632.3088194-1-surenb@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.28.0.163.g6104cc2f0b6-goog Subject: [PATCH v2 1/1] staging: android: ashmem: Fix lockdep warning for write operation From: Suren Baghdasaryan To: surenb@google.com Cc: gregkh@linuxfoundation.org, arve@android.com, tkjos@android.com, maco@android.com, joel@joelfernandes.org, christian@brauner.io, hridya@google.com, mhocko@kernel.org, hdanton@sina.com, ebiggers@kernel.org, devel@driverdev.osuosl.org, linux-mm@kvack.org, stable@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-team@android.com, syzbot+7a0d9d0b26efefe61780@syzkaller.appspotmail.com X-Rspamd-Queue-Id: E25821AD1B2 X-Spamd-Result: default: False [0.00 / 100.00] X-Rspamd-Server: rspam02 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: syzbot report [1] describes a deadlock when write operation against an ashmem fd executed at the time when ashmem is shrinking its cache results in the following lock sequence: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(fs_reclaim); lock(&sb->s_type->i_mutex_key#13); lock(fs_reclaim); lock(&sb->s_type->i_mutex_key#13); kswapd takes fs_reclaim and then inode_lock while generic_perform_write takes inode_lock and then fs_reclaim. However ashmem does not support writing into backing shmem with a write syscall. The only way to change its content is to mmap it and operate on mapped memory. Therefore the race that lockdep is warning about is not valid. Resolve this by introducing a separate lockdep class for the backing shmem inodes. [1]: https://lkml.kernel.org/lkml/0000000000000b5f9d059aa2037f@google.com/ Reported-by: syzbot+7a0d9d0b26efefe61780@syzkaller.appspotmail.com Signed-off-by: Suren Baghdasaryan Reviewed-by: Joel Fernandes (Google) --- drivers/staging/android/ashmem.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c index c05a214191da..10b4be1f3e78 100644 --- a/drivers/staging/android/ashmem.c +++ b/drivers/staging/android/ashmem.c @@ -95,6 +95,15 @@ static DEFINE_MUTEX(ashmem_mutex); static struct kmem_cache *ashmem_area_cachep __read_mostly; static struct kmem_cache *ashmem_range_cachep __read_mostly; +/* + * A separate lockdep class for the backing shmem inodes to resolve the lockdep + * warning about the race between kswapd taking fs_reclaim before inode_lock + * and write syscall taking inode_lock and then fs_reclaim. + * Note that such race is impossible because ashmem does not support write + * syscalls operating on the backing shmem. + */ +static struct lock_class_key backing_shmem_inode_class; + static inline unsigned long range_size(struct ashmem_range *range) { return range->pgend - range->pgstart + 1; @@ -396,6 +405,7 @@ static int ashmem_mmap(struct file *file, struct vm_area_struct *vma) if (!asma->file) { char *name = ASHMEM_NAME_DEF; struct file *vmfile; + struct inode *inode; if (asma->name[ASHMEM_NAME_PREFIX_LEN] != '\0') name = asma->name; @@ -407,6 +417,8 @@ static int ashmem_mmap(struct file *file, struct vm_area_struct *vma) goto out; } vmfile->f_mode |= FMODE_LSEEK; + inode = file_inode(vmfile); + lockdep_set_class(&inode->i_rwsem, &backing_shmem_inode_class); asma->file = vmfile; /* * override mmap operation of the vmfile so that it can't be