From 88bb5e27126939753046a5a792cf0425eac8ad2d Mon Sep 17 00:00:00 2001 From: Jiri Slaby Date: Apr 20 2023 11:01:05 +0000 Subject: ubi: Fix deadlock caused by recursively holding work_sem (bsc#1012628). --- diff --git a/patches.kernel.org/6.2.12-127-ubi-Fix-deadlock-caused-by-recursively-holding.patch b/patches.kernel.org/6.2.12-127-ubi-Fix-deadlock-caused-by-recursively-holding.patch new file mode 100644 index 0000000..fcfcac9 --- /dev/null +++ b/patches.kernel.org/6.2.12-127-ubi-Fix-deadlock-caused-by-recursively-holding.patch @@ -0,0 +1,67 @@ +From: ZhaoLong Wang +Date: Sat, 4 Mar 2023 09:41:41 +0800 +Subject: [PATCH] ubi: Fix deadlock caused by recursively holding work_sem +References: bsc#1012628 +Patch-mainline: 6.2.12 +Git-commit: f773f0a331d6c41733b17bebbc1b6cae12e016f5 + +[ Upstream commit f773f0a331d6c41733b17bebbc1b6cae12e016f5 ] + +During the processing of the bgt, if the sync_erase() return -EBUSY +or some other error code in __erase_worker(),schedule_erase() called +again lead to the down_read(ubi->work_sem) hold twice and may get +block by down_write(ubi->work_sem) in ubi_update_fastmap(), +which cause deadlock. + + ubi bgt other task + do_work + down_read(&ubi->work_sem) ubi_update_fastmap + erase_worker # Blocked by down_read + __erase_worker down_write(&ubi->work_sem) + schedule_erase + schedule_ubi_work + down_read(&ubi->work_sem) + +Fix this by changing input parameter @nested of the schedule_erase() to +'true' to avoid recursively acquiring the down_read(&ubi->work_sem). + +Also, fix the incorrect comment about @nested parameter of the +schedule_erase() because when down_write(ubi->work_sem) is held, the +@nested is also need be true. + +Link: https://bugzilla.kernel.org/show_bug.cgi?id=217093 +Fixes: 2e8f08deabbc ("ubi: Fix races around ubi_refill_pools()") +Signed-off-by: ZhaoLong Wang +Reviewed-by: Zhihao Cheng +Signed-off-by: Richard Weinberger +Signed-off-by: Sasha Levin +Signed-off-by: Jiri Slaby +--- + drivers/mtd/ubi/wl.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/mtd/ubi/wl.c b/drivers/mtd/ubi/wl.c +index 9e143192..6049ab9e 100644 +--- a/drivers/mtd/ubi/wl.c ++++ b/drivers/mtd/ubi/wl.c +@@ -575,7 +575,7 @@ static int erase_worker(struct ubi_device *ubi, struct ubi_work *wl_wrk, + * @vol_id: the volume ID that last used this PEB + * @lnum: the last used logical eraseblock number for the PEB + * @torture: if the physical eraseblock has to be tortured +- * @nested: denotes whether the work_sem is already held in read mode ++ * @nested: denotes whether the work_sem is already held + * + * This function returns zero in case of success and a %-ENOMEM in case of + * failure. +@@ -1131,7 +1131,7 @@ static int __erase_worker(struct ubi_device *ubi, struct ubi_work *wl_wrk) + int err1; + + /* Re-schedule the LEB for erasure */ +- err1 = schedule_erase(ubi, e, vol_id, lnum, 0, false); ++ err1 = schedule_erase(ubi, e, vol_id, lnum, 0, true); + if (err1) { + spin_lock(&ubi->wl_lock); + wl_entry_destroy(ubi, e); +-- +2.35.3 + diff --git a/series.conf b/series.conf index 90090e0..380a159 100644 --- a/series.conf +++ b/series.conf @@ -2354,6 +2354,7 @@ patches.kernel.org/6.2.12-124-mptcp-fix-NULL-pointer-dereference-on-fastopen.patch patches.kernel.org/6.2.12-125-selftests-mptcp-userspace-pm-uniform-verify-ev.patch patches.kernel.org/6.2.12-126-ubi-Fix-failure-attaching-when-vid_hdr-offset-.patch + patches.kernel.org/6.2.12-127-ubi-Fix-deadlock-caused-by-recursively-holding.patch ######################################################## # Build fixes that apply to the vanilla kernel too.