From patchwork Fri Nov 9 22:58:40 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jens Axboe X-Patchwork-Id: 10676667 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 58EB213AD for ; Fri, 9 Nov 2018 22:58:46 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4887F2DA33 for ; Fri, 9 Nov 2018 22:58:46 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3C5FC2DCFD; Fri, 9 Nov 2018 22:58:46 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B83582DA33 for ; Fri, 9 Nov 2018 22:58:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727012AbeKJIl1 (ORCPT ); Sat, 10 Nov 2018 03:41:27 -0500 Received: from mail-io1-f66.google.com ([209.85.166.66]:40712 "EHLO mail-io1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726885AbeKJIl0 (ORCPT ); Sat, 10 Nov 2018 03:41:26 -0500 Received: by mail-io1-f66.google.com with SMTP id r7-v6so2313515iog.7 for ; Fri, 09 Nov 2018 14:58:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel-dk.20150623.gappssmtp.com; s=20150623; h=to:cc:from:subject:message-id:date:user-agent:mime-version :content-language:content-transfer-encoding; bh=A58DVvpKJ5kCdVkzHww1VMs5orNAsVfLKBapimfiO1I=; b=k5B+ChhtxWj/G1FETV7VZY2dNpk0egYRUPyHd0RvMM8+H+COVDzp1AuhqFWBjAxeug BgGt+QU/bPG7npaV51jOi+ATyhGFV5snHdQeXeTe2VE4yJGlqeh9Wd0rD4WH4vFC18nA 1zCa8HMBkg1Eb6wcz23MBbTYIAimcw8DwXjfYfnOBUQWNvukkntSF5+a6As6gXI2P4MO fT2UOMpdq1xgU9kXhM9Fq4fGwSQgP6LIRd2CQyiS6yH1o7q3iTGH1Y0XGCbhmvEFrowp Aa4H+AMucg0IKaHmjQp3yaqcr/fXqJ7ZetJTJYozXvDrgDHy7LaG3+QpvBh0Uu+K+bOZ +55g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:cc:from:subject:message-id:date:user-agent :mime-version:content-language:content-transfer-encoding; bh=A58DVvpKJ5kCdVkzHww1VMs5orNAsVfLKBapimfiO1I=; b=QHgbTkoCNdU//u1tIU4voRiwoJCsOM8W3T2+NcFTWYLGwTKvZmp7gOxWO10QLRUdUx IbRI6a846dZwfcmBGqvi4d91fQ09/zzxgyiUoVzUWPi8n8CveWJFeMpH2QAkwnVVtER/ i26O9qs497905w3zA6J4xHLENsZcZy8ut5lBgAFqiksuNRLwhC3/gv3W/pQm3ZEJs23+ nyo/Ot6o3DFeU8DDkcOkzhmKNtKq99Rz7neKbPrj6/pnWinY+en1P5XSJ3O5OjTyKWuZ q4HM83AdjGmCOIVFHSzsWwFY3ODPsFypA+ukhXm5j/03d7QUrYGExuIcEm9SmEyQeijg jwWw== X-Gm-Message-State: AGRZ1gKN/Ngi6q5FsUGcndwIOkMnkHcu0jofi9+fAKgAbw6FRFq42yU1 4JgB52gCgX6vIow/+91udaq6o/ncg9E= X-Google-Smtp-Source: AJdET5fDpKdZHVjaUaBU4ftOEniRdm3FeJVFgkH8MblZF1GYp+NhUewC07XCrS/P00vA9iJeMElHng== X-Received: by 2002:a6b:8fca:: with SMTP id r193-v6mr8907342iod.266.1541804323357; Fri, 09 Nov 2018 14:58:43 -0800 (PST) Received: from [192.168.1.56] ([216.160.245.98]) by smtp.gmail.com with ESMTPSA id v15sm1070223itk.12.2018.11.09.14.58.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 09 Nov 2018 14:58:42 -0800 (PST) To: "linux-block@vger.kernel.org" Cc: Omar Sandoval From: Jens Axboe Subject: [PATCH] floppy: fix race condition in __floppy_read_block_0() Message-ID: <21f7532d-8d90-56d0-3916-6329f6c2378f@kernel.dk> Date: Fri, 9 Nov 2018 15:58:40 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1 MIME-Version: 1.0 Content-Language: en-US Sender: linux-block-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-block@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP LKP recently reported a hang at bootup in the floppy code: [ 245.678853] INFO: task mount:580 blocked for more than 120 seconds. [ 245.679906] Tainted: G T 4.19.0-rc6-00172-ga9f38e1 #1 [ 245.680959] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 245.682181] mount D 6372 580 1 0x00000004 [ 245.683023] Call Trace: [ 245.683425] __schedule+0x2df/0x570 [ 245.683975] schedule+0x2d/0x80 [ 245.684476] schedule_timeout+0x19d/0x330 [ 245.685090] ? wait_for_common+0xa5/0x170 [ 245.685735] wait_for_common+0xac/0x170 [ 245.686339] ? do_sched_yield+0x90/0x90 [ 245.686935] wait_for_completion+0x12/0x20 [ 245.687571] __floppy_read_block_0+0xfb/0x150 [ 245.688244] ? floppy_resume+0x40/0x40 [ 245.688844] floppy_revalidate+0x20f/0x240 [ 245.689486] check_disk_change+0x43/0x60 [ 245.690087] floppy_open+0x1ea/0x360 [ 245.690653] __blkdev_get+0xb4/0x4d0 [ 245.691212] ? blkdev_get+0x1db/0x370 [ 245.691777] blkdev_get+0x1f3/0x370 [ 245.692351] ? path_put+0x15/0x20 [ 245.692871] ? lookup_bdev+0x4b/0x90 [ 245.693539] blkdev_get_by_path+0x3d/0x80 [ 245.694165] mount_bdev+0x2a/0x190 [ 245.694695] squashfs_mount+0x10/0x20 [ 245.695271] ? squashfs_alloc_inode+0x30/0x30 [ 245.695960] mount_fs+0xf/0x90 [ 245.696451] vfs_kern_mount+0x43/0x130 [ 245.697036] do_mount+0x187/0xc40 [ 245.697563] ? memdup_user+0x28/0x50 [ 245.698124] ksys_mount+0x60/0xc0 [ 245.698639] sys_mount+0x19/0x20 [ 245.699167] do_int80_syscall_32+0x61/0x130 [ 245.699813] entry_INT80_32+0xc7/0xc7 showing that we never complete that read request. The reason is that the completion setup is racy - it initializes the completion event AFTER submitting the IO, which means that the IO could complete before/during the init. If it does, we are passing garbage to complete() and we may sleep forever waiting for the event to occur. Fixes: 7b7b68bba5ef ("floppy: bail out in open() if drive is not responding to block0 read") Signed-off-by: Jens Axboe Reviewed-by: Omar Sandoval --- drivers/block/floppy.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c index a8cfa011c284..fb23578e9a41 100644 --- a/drivers/block/floppy.c +++ b/drivers/block/floppy.c @@ -4148,10 +4148,11 @@ static int __floppy_read_block_0(struct block_device *bdev, int drive) bio.bi_end_io = floppy_rb0_cb; bio_set_op_attrs(&bio, REQ_OP_READ, 0); + init_completion(&cbdata.complete); + submit_bio(&bio); process_fd_request(); - init_completion(&cbdata.complete); wait_for_completion(&cbdata.complete); __free_page(page);