diff mbox series

[v2,2/2] block: Fix a race condition in submit_bio()

Message ID 20190730183653.253579-3-bvanassche@acm.org (mailing list archive)
State New, archived
Headers show
Series Fix a race condition triggered by submit_bio() | expand

Commit Message

Bart Van Assche July 30, 2019, 6:36 p.m. UTC 
generic_make_request_checks() needs to be protected by a
blk_queue_enter() / blk_queue_exit() pair because it calls
blkcg_bio_issue_check() and because that last function calls
blkg_lookup().

This patch fixes https://syzkaller.appspot.com/bug?id=ff9ab4a23afa7553fb79f745a92be87ba4144508.

This patch also fixes the following kernel warning, triggered by
blktests:

WARNING: CPU: 5 PID: 10706 at block/blk-core.c:903 generic_make_request_checks+0x9c6/0xe60
RIP: 0010:generic_make_request_checks+0x9c6/0xe60
Call Trace:
 generic_make_request+0x7a/0x5c0
 submit_bio+0x92/0x280
 mpage_readpages+0x2b1/0x300
 blkdev_readpages+0x1d/0x20
 read_pages+0xd9/0x2c0
 __do_page_cache_readahead+0x2e0/0x310
 force_page_cache_readahead+0xfb/0x170
 page_cache_sync_readahead+0x28d/0x2a0
 generic_file_read_iter+0xc13/0x1530
 blkdev_read_iter+0x7d/0x90
 new_sync_read+0x2c5/0x3d0
 __vfs_read+0x7b/0x90
 vfs_read+0xc6/0x1f0
 ksys_read+0xc3/0x160
 __x64_sys_read+0x43/0x50
 do_syscall_64+0x71/0x270
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

Cc: Tejun Heo <tj@kernel.org>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Ming Lei <ming.lei@redhat.com>
Cc: Hannes Reinecke <hare@suse.com>
Cc: Johannes Thumshirn <jthumshirn@suse.de>
Cc: Alexandru Moise <00moses.alexander00@gmail.com>
Cc: Joseph Qi <joseph.qi@linux.alibaba.com>
Reported-by: syzbot+21cfe1f803e0e158acf1@syzkaller.appspotmail.com
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
---
 block/blk-core.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/block/blk-core.c b/block/blk-core.c
index ff27c3080348..cd844c54e9f1 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -1150,6 +1150,9 @@  EXPORT_SYMBOL_GPL(direct_make_request);
  */
 blk_qc_t submit_bio(struct bio *bio)
 {
+	struct request_queue *q = bio->bi_disk->queue;
+	blk_qc_t ret;
+
 	if (blkcg_punt_bio_submit(bio))
 		return BLK_QC_T_NONE;
 
@@ -1182,7 +1185,15 @@  blk_qc_t submit_bio(struct bio *bio)
 		}
 	}
 
-	return generic_make_request(bio);
+	if (unlikely(blk_queue_enter(q, 0) < 0)) {
+		bio->bi_status = BLK_STS_IOERR;
+		bio->bi_end_io(bio);
+		return BLK_QC_T_NONE;
+	}
+	ret = generic_make_request(bio);
+	blk_queue_exit(q);
+
+	return ret;
 }
 EXPORT_SYMBOL(submit_bio);