Commit 4f331f01 authored Jul 20, 2010 by Tejun Heo Committed by Al Viro Aug 09, 2010

vfs: don't hold s_umount over close_bdev_exclusive() call



Fix an obscure AB-BA deadlock in get_sb_bdev().

When a superblock is mounted more than once get_sb_bdev() calls
close_bdev_exclusive() to drop the extra bdev reference while holding
s_umount.  However, sb->s_umount nests inside bd_mutex during
__invalidate_device() and close_bdev_exclusive() acquires bd_mutex during
blkdev_put(); thus creating an AB-BA deadlock.

This condition doesn't trigger frequently.  For this condition to be
visible to lockdep, the filesystem must occupy the whole device (as
__invalidate_device() only grabs bd_mutex for the whole device), the FS
must be mounted more than once and partition rescan should be issued while
the FS is still mounted.

Fix it by dropping s_umount over close_bdev_exclusive().

Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Ciprian Docan <docan@eden.rutgers.edu>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Acked-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

parent 719f2c87

fs/super.c

+9 −0

Original line number	Diff line number	Diff line
		@@ -773,7 +773,16 @@ int get_sb_bdev(struct file_system_type *fs_type,
		goto error_bdev;
		}

		/*
		* s_umount nests inside bd_mutex during
		* __invalidate_device(). close_bdev_exclusive()
		* acquires bd_mutex and can't be called under
		* s_umount. Drop s_umount temporarily. This is safe
		* as we're holding an active reference.
		*/
		up_write(&s->s_umount);
		close_bdev_exclusive(bdev, mode);
		down_write(&s->s_umount);
		} else {
		char b[BDEVNAME_SIZE];