From patchwork Thu Jul 16 02:45:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Suren Baghdasaryan X-Patchwork-Id: 11666555 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5DF1B13A4 for ; Thu, 16 Jul 2020 02:45:38 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 1F76E2083B for ; Thu, 16 Jul 2020 02:45:38 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="AGBvyE3K" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1F76E2083B Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 38B6F8D0005; Wed, 15 Jul 2020 22:45:37 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 33B588D0003; Wed, 15 Jul 2020 22:45:37 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 202398D0005; Wed, 15 Jul 2020 22:45:37 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0108.hostedemail.com [216.40.44.108]) by kanga.kvack.org (Postfix) with ESMTP id 06F2B8D0003 for ; Wed, 15 Jul 2020 22:45:37 -0400 (EDT) Received: from smtpin20.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 60F501EE6 for ; Thu, 16 Jul 2020 02:45:36 +0000 (UTC) X-FDA: 77042398272.20.tin80_540b28b26efe Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin20.hostedemail.com (Postfix) with ESMTP id 2FCD4180C060E for ; Thu, 16 Jul 2020 02:45:36 +0000 (UTC) X-Spam-Summary: 1,0,0,1b9a0d5d5bfda754,d41d8cd98f00b204,3tr8pxwykcas352pymrzzrwp.nzxwty58-xxv6lnv.z2r@flex--surenb.bounces.google.com,,RULES_HIT:41:152:355:379:541:800:960:967:973:988:989:1260:1277:1313:1314:1345:1437:1516:1518:1535:1542:1593:1594:1711:1730:1747:1777:1792:1801:2194:2199:2393:2525:2559:2563:2682:2685:2859:2933:2937:2939:2942:2945:2947:2951:2954:3022:3138:3139:3140:3141:3142:3152:3354:3865:3866:3867:3868:3870:3871:3872:3874:3934:3936:3938:3941:3944:3947:3950:3953:3956:3959:4321:4605:5007:6261:6653:6742:7875:7903:9025:9121:9969:10004:10400:10429:10430:10431:10450:10455:11026:11233:11473:11658:11914:12043:12296:12297:12438:12555:12895:12986:14181:14394:14659:14721:19903:19904:19997:19999:21080:21444:21627:21660:21990:30029:30054:30070,0,RBL:209.85.219.202:@flex--surenb.bounces.google.com:.lbl8.mailshell.net-62.18.0.100 66.100.201.100;04yrcsjp767h6bexn3enpb69omz3ropfrxeojux6ininrbef3j6zssgop3exztt.pg4pub4z5ykqniff7hhnn1hbeksyf3joeejoj7neqmisskueusmgbhddr9xpf39.r-l bl8.mail X-HE-Tag: tin80_540b28b26efe X-Filterd-Recvd-Size: 5362 Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) by imf04.hostedemail.com (Postfix) with ESMTP for ; Thu, 16 Jul 2020 02:45:35 +0000 (UTC) Received: by mail-yb1-f202.google.com with SMTP id j187so5429041ybj.7 for ; Wed, 15 Jul 2020 19:45:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=xWu7gPZztNAK+TxJrFnoSXXwBfp6shDBhGamt8B80c8=; b=AGBvyE3KJbosodgTS9w19CA1M+qXplTx2t0WHQsXS12u2LmGODvao6q4grprQiMr+Z E++7i3g9dwDbM8KkF4cfYRMP5vEfinEzTWGR/BsVG/Ptw8Von+PtKX7kIMbQ+SRIqwBN f/baF9a8zwUVDIGaa7sQErP7Z20PkIAieTYAll6VA3JQY/WMOm8Vq6+rDUhSLGj6FgS7 4XTo6hrI/g5XlTAJ0ShVcNtfBgjQyr3rzy4JZe5wLS5QvGzZodg/pdiyONk2D1TehBto /NXRBhV11U4yRk/QzrEe5o7zq+WutrxqZzF5HcV+eWyBgQrrn7FFHh+7ZdTs6zOAKMiu GguA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=xWu7gPZztNAK+TxJrFnoSXXwBfp6shDBhGamt8B80c8=; b=g2pAgIoEaKyLvVZnSXGRgbk/wPoDDvQ32ORh4uENwCNPLo899b22rnR8BcQ3KkPJt0 HNambVPO7bZcJm6tvCTbQqeSLJqFYdVYUpbgUIiDakf4h8Ndyoa6oZPtI0tMsQH5fMHP cAXuJ5WENs424RM2dMNQQ671Ko8kDK2Zpy5+dP4638hOfTjE/zjofe6YQPf3/CyAtm8I xKgkXXbCYW5l92QfLzirQtaHKCaBjDCDzBNn48TLGZ7qe1KaqEe1RV/fdd8bNDjb/13w CQIjyH+7ovOFenvqCQ8A7FrDk5nxYB5qxU6Eyj7z7elIMD4txQCyd5Di5OtXa8EHzhan B5Vw== X-Gm-Message-State: AOAM533COWm0hKnV+0ozo8+V68j88JY9GNHnHtFgbxm2b6c2vxBFeYqY m1oyuNtfwC4tDRMbAX+n1Qyht8IomVI= X-Google-Smtp-Source: ABdhPJwIAGAziDbNA7/jYqZZpWADP6cnWXnwe2nm5sHqpT+EewgRttLsf0e6DqpfxRS3toIODLp/aELaaK4= X-Received: by 2002:a25:7689:: with SMTP id r131mr3513121ybc.125.1594867534900; Wed, 15 Jul 2020 19:45:34 -0700 (PDT) Date: Wed, 15 Jul 2020 19:45:27 -0700 Message-Id: <20200716024527.4009170-1-surenb@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.28.0.rc0.105.gf9edc3c819-goog Subject: [PATCH 1/1] staging: android: ashmem: Fix lockdep warning for write operation From: Suren Baghdasaryan To: surenb@google.com Cc: gregkh@linuxfoundation.org, arve@android.com, tkjos@android.com, maco@android.com, joel@joelfernandes.org, christian@brauner.io, hridya@google.com, mhocko@kernel.org, hdanton@sina.com, ebiggers@kernel.org, devel@driverdev.osuosl.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, kernel-team@android.com X-Rspamd-Queue-Id: 2FCD4180C060E X-Spamd-Result: default: False [0.00 / 100.00] X-Rspamd-Server: rspam05 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: syzbot report [1] describes a deadlock when write operation against an ashmem fd executed at the time when ashmem is shrinking its cache results in the following lock sequence: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(fs_reclaim); lock(&sb->s_type->i_mutex_key#13); lock(fs_reclaim); lock(&sb->s_type->i_mutex_key#13); kswapd takes fs_reclaim and then inode_lock while generic_perform_write takes inode_lock and then fs_reclaim. However ashmem does not support writing into backing shmem with a write syscall. The only way to change its content is to mmap it and operate on mapped memory. Therefore the race that lockdep is warning about is not valid. Resolve this by introducing a separate lockdep class for the backing shmem inodes. [1]: https://lkml.kernel.org/lkml/0000000000000b5f9d059aa2037f@google.com/ Signed-off-by: Suren Baghdasaryan Reported-by: syzbot+7a0d9d0b26efefe61780@syzkaller.appspotmail.com Reviewed-by: Joel Fernandes (Google) --- drivers/staging/android/ashmem.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c index c05a214191da..10b4be1f3e78 100644 --- a/drivers/staging/android/ashmem.c +++ b/drivers/staging/android/ashmem.c @@ -95,6 +95,15 @@ static DEFINE_MUTEX(ashmem_mutex); static struct kmem_cache *ashmem_area_cachep __read_mostly; static struct kmem_cache *ashmem_range_cachep __read_mostly; +/* + * A separate lockdep class for the backing shmem inodes to resolve the lockdep + * warning about the race between kswapd taking fs_reclaim before inode_lock + * and write syscall taking inode_lock and then fs_reclaim. + * Note that such race is impossible because ashmem does not support write + * syscalls operating on the backing shmem. + */ +static struct lock_class_key backing_shmem_inode_class; + static inline unsigned long range_size(struct ashmem_range *range) { return range->pgend - range->pgstart + 1; @@ -396,6 +405,7 @@ static int ashmem_mmap(struct file *file, struct vm_area_struct *vma) if (!asma->file) { char *name = ASHMEM_NAME_DEF; struct file *vmfile; + struct inode *inode; if (asma->name[ASHMEM_NAME_PREFIX_LEN] != '\0') name = asma->name; @@ -407,6 +417,8 @@ static int ashmem_mmap(struct file *file, struct vm_area_struct *vma) goto out; } vmfile->f_mode |= FMODE_LSEEK; + inode = file_inode(vmfile); + lockdep_set_class(&inode->i_rwsem, &backing_shmem_inode_class); asma->file = vmfile; /* * override mmap operation of the vmfile so that it can't be