zram: close race by open overriding

[ Original patch from Minchan Kim <minchan@kernel.org> ] Commit ba6b17d68c8e ("zram: fix umount-reset_store-mount race condition") introduced bdev->bd_mutex to protect a race between mount and reset. At that time, we don't have dynamic zram-add/remove feature so it was okay. However, as we introduce dynamic device feature, bd_mutex became trouble. CPU 0 echo 1 > /sys/block/zram<id>/reset -> kernfs->s_active(A) -> zram:reset_store->bd_mutex(B) CPU 1 echo <id> > /sys/class/zram/zram-remove ->zram:zram_remove: bd_mutex(B) -> sysfs_remove_group -> kernfs->s_active(A) IOW, AB -> BA deadlock The reason we are holding bd_mutex for zram_remove is to prevent any incoming open /dev/zram[0-9]. Otherwise, we could remove zram others already have opened. But it causes above deadlock problem. To fix the problem, this patch overrides block_device.open and it returns -EBUSY if zram asserts he claims zram to reset so any incoming open will be failed so we don't need to hold bd_mutex for zram_remove ayn more. This patch is to prepare for zram-add/remove feature. [sergey.senozhatsky@gmail.com: simplify reset_store()] Signed-off-by: Minchan Kim <minchan@kernel.org> Acked-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

zram: close race by open overriding
[ Original patch from Minchan Kim <minchan@kernel.org> ] Commit ba6b17d68c8e ("zram: fix umount-reset_store-mount race condition") introduced bdev->bd_mutex to protect a race between mount and reset. At that time, we don't have dynamic zram-add/remove feature so it was okay. However, as we introduce dynamic device feature, bd_mutex became trouble. CPU 0 echo 1 > /sys/block/zram<id>/reset -> kernfs->s_active(A) -> zram:reset_store->bd_mutex(B) CPU 1 echo <id> > /sys/class/zram/zram-remove ->zram:zram_remove: bd_mutex(B) -> sysfs_remove_group -> kernfs->s_active(A) IOW, AB -> BA deadlock The reason we are holding bd_mutex for zram_remove is to prevent any incoming open /dev/zram[0-9]. Otherwise, we could remove zram others already have opened. But it causes above deadlock problem. To fix the problem, this patch overrides block_device.open and it returns -EBUSY if zram asserts he claims zram to reset so any incoming open will be failed so we don't need to hold bd_mutex for zram_remove ayn more. This patch is to prepare for zram-add/remove feature. [sergey.senozhatsky@gmail.com: simplify reset_store()] Signed-off-by: Minchan Kim <minchan@kernel.org> Acked-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Sergey Senozhatsky · Linus Torvalds
1 parent 92ff152887
Showing 2 changed files with 38 additions and 19 deletions Side-by-side Diff
drivers/block/zram/zram_drv.c
drivers/block/zram/zram_drv.h
@@ -1070,45 +1070,60 @@
 	struct zram *zram;
 	struct block_device *bdev;
  
+	ret = kstrtou16(buf, 10, &do_reset);
+	if (ret)
+		return ret;
+
+	if (!do_reset)
+		return -EINVAL;
+
 	zram = dev_to_zram(dev);
 	bdev = bdget_disk(zram->disk, 0);
-
 	if (!bdev)
 		return -ENOMEM;
  
 	mutex_lock(&bdev->bd_mutex);
-	/* Do not reset an active device! */
-	if (bdev->bd_openers) {
-		ret = -EBUSY;
-		goto out;
+	/* Do not reset an active device or claimed device */
+	if (bdev->bd_openers || zram->claim) {
+		mutex_unlock(&bdev->bd_mutex);
+		bdput(bdev);
+		return -EBUSY;
 	}
  
-	ret = kstrtou16(buf, 10, &do_reset);
-	if (ret)
-		goto out;
+	/* From now on, anyone can't open /dev/zram[0-9] */
+	zram->claim = true;
+	mutex_unlock(&bdev->bd_mutex);
  
-	if (!do_reset) {
-		ret = -EINVAL;
-		goto out;
-	}
-
-	/* Make sure all pending I/O is finished */
+	/* Make sure all the pending I/O are finished */
 	fsync_bdev(bdev);
 	zram_reset_device(zram);
-
-	mutex_unlock(&bdev->bd_mutex);
 	revalidate_disk(zram->disk);
 	bdput(bdev);
  
+	mutex_lock(&bdev->bd_mutex);
+	zram->claim = false;
+	mutex_unlock(&bdev->bd_mutex);
+
 	return len;
+}
  
-out:
-	mutex_unlock(&bdev->bd_mutex);
-	bdput(bdev);
+static int zram_open(struct block_device *bdev, fmode_t mode)
+{
+	int ret = 0;
+	struct zram *zram;
+
+	WARN_ON(!mutex_is_locked(&bdev->bd_mutex));
+
+	zram = bdev->bd_disk->private_data;
+	/* zram was claimed to reset so open request fails */
+	if (zram->claim)
+		ret = -EBUSY;
+
 	return ret;
 }
  
 static const struct block_device_operations zram_devops = {
+	.open = zram_open,
 	.swap_slot_free_notify = zram_slot_free_notify,
 	.rw_page = zram_rw_page,
 	.owner = THIS_MODULE
@@ -115,6 +115,10 @@
 	 */
 	u64 disksize;	/* bytes */
 	char compressor[10];
+	/*
+	 * zram is claimed so open request will be failed
+	 */
+	bool claim; /* Protected by bdev->bd_mutex */
 };
 #endif
...	...	@@ -1070,45 +1070,60 @@
1070	1070	struct zram *zram;
1071	1071	struct block_device *bdev;
1072	1072
	1073	+ ret = kstrtou16(buf, 10, &do_reset);
	1074	+ if (ret)
	1075	+ return ret;
	1076	+
	1077	+ if (!do_reset)
	1078	+ return -EINVAL;
	1079	+
1073	1080	zram = dev_to_zram(dev);
1074	1081	bdev = bdget_disk(zram->disk, 0);
1075		-
1076	1082	if (!bdev)
1077	1083	return -ENOMEM;
1078	1084
1079	1085	mutex_lock(&bdev->bd_mutex);
1080		- /* Do not reset an active device! */
1081		- if (bdev->bd_openers) {
1082		- ret = -EBUSY;
1083		- goto out;
	1086	+ /* Do not reset an active device or claimed device */
	1087	+ if (bdev->bd_openers \|\| zram->claim) {
	1088	+ mutex_unlock(&bdev->bd_mutex);
	1089	+ bdput(bdev);
	1090	+ return -EBUSY;
1084	1091	}
1085	1092
1086		- ret = kstrtou16(buf, 10, &do_reset);
1087		- if (ret)
1088		- goto out;
	1093	+ /* From now on, anyone can't open /dev/zram[0-9] */
	1094	+ zram->claim = true;
	1095	+ mutex_unlock(&bdev->bd_mutex);
1089	1096
1090		- if (!do_reset) {
1091		- ret = -EINVAL;
1092		- goto out;
1093		- }
1094		-
1095		- /* Make sure all pending I/O is finished */
	1097	+ /* Make sure all the pending I/O are finished */
1096	1098	fsync_bdev(bdev);
1097	1099	zram_reset_device(zram);
1098		-
1099		- mutex_unlock(&bdev->bd_mutex);
1100	1100	revalidate_disk(zram->disk);
1101	1101	bdput(bdev);
1102	1102
	1103	+ mutex_lock(&bdev->bd_mutex);
	1104	+ zram->claim = false;
	1105	+ mutex_unlock(&bdev->bd_mutex);
	1106	+
1103	1107	return len;
	1108	+}
1104	1109
1105		-out:
1106		- mutex_unlock(&bdev->bd_mutex);
1107		- bdput(bdev);
	1110	+static int zram_open(struct block_device *bdev, fmode_t mode)
	1111	+{
	1112	+ int ret = 0;
	1113	+ struct zram *zram;
	1114	+
	1115	+ WARN_ON(!mutex_is_locked(&bdev->bd_mutex));
	1116	+
	1117	+ zram = bdev->bd_disk->private_data;
	1118	+ /* zram was claimed to reset so open request fails */
	1119	+ if (zram->claim)
	1120	+ ret = -EBUSY;
	1121	+
1108	1122	return ret;
1109	1123	}
1110	1124
1111	1125	static const struct block_device_operations zram_devops = {
	1126	+ .open = zram_open,
1112	1127	.swap_slot_free_notify = zram_slot_free_notify,
1113	1128	.rw_page = zram_rw_page,
1114	1129	.owner = THIS_MODULE
...	...	@@ -115,6 +115,10 @@
115	115	*/
116	116	u64 disksize; /* bytes */
117	117	char compressor[10];
	118	+ /*
	119	+ * zram is claimed so open request will be failed
	120	+ */
	121	+ bool claim; /* Protected by bdev->bd_mutex */
118	122	};
119	123	#endif