[SRU B][PATCH 05/13] block: Protect less code with sysfs_lock in blk_{un, }register_queue()

Thu Jan 10 03:12:11 UTC 2019

From: Bart Van Assche <bart.vanassche at wdc.com>

BugLink: https://bugs.launchpad.net/bugs/1810998

The __blk_mq_register_dev(), blk_mq_unregister_dev(),
elv_register_queue() and elv_unregister_queue() calls need to be
protected with sysfs_lock but other code in these functions not.
Hence protect only this code with sysfs_lock. This patch fixes a
locking inversion issue in blk_unregister_queue() and also in an
error path of blk_register_queue(): it is not allowed to hold
sysfs_lock around the kobject_del(&q->kobj) call.

Reviewed-by: Christoph Hellwig <hch at lst.de>
Signed-off-by: Bart Van Assche <bart.vanassche at wdc.com>
Signed-off-by: Jens Axboe <axboe at kernel.dk>
(backported from commit 2c2086afc2b8b974fac32cb028e73dc27bfae442)
[mfo: backport:
 - blk-sysfs.c
   - hunk 3: update upper 2 context lines (blk_register_queue()
     is not yet exported, and that is not required here.]
Signed-off-by: Mauricio Faria de Oliveira <mfo at canonical.com>
---
 block/blk-sysfs.c | 37 ++++++++++++++++++++++++++++---------
 1 file changed, 28 insertions(+), 9 deletions(-)

diff --git a/block/blk-sysfs.c b/block/blk-sysfs.c
index 9272452ff456..c29ec0cfab1d 100644
--- a/block/blk-sysfs.c
+++ b/block/blk-sysfs.c
@@ -853,6 +853,10 @@ struct kobj_type blk_queue_ktype = {
 	.release	= blk_release_queue,
 };
 
+/**
+ * blk_register_queue - register a block layer queue with sysfs
+ * @disk: Disk of which the request queue should be registered with sysfs.
+ */
 int blk_register_queue(struct gendisk *disk)
 {
 	int ret;
@@ -909,11 +913,12 @@ int blk_register_queue(struct gendisk *disk)
 	if (q->request_fn || (q->mq_ops && q->elevator)) {
 		ret = elv_register_queue(q);
 		if (ret) {
+			mutex_unlock(&q->sysfs_lock);
 			kobject_uevent(&q->kobj, KOBJ_REMOVE);
 			kobject_del(&q->kobj);
 			blk_trace_remove_sysfs(dev);
 			kobject_put(&dev->kobj);
-			goto unlock;
+			return ret;
 		}
 	}
 	ret = 0;
@@ -922,6 +927,13 @@ int blk_register_queue(struct gendisk *disk)
 	return ret;
 }
 
+/**
+ * blk_unregister_queue - counterpart of blk_register_queue()
+ * @disk: Disk of which the request queue should be unregistered from sysfs.
+ *
+ * Note: the caller is responsible for guaranteeing that this function is called
+ * after blk_register_queue() has finished.
+ */
 void blk_unregister_queue(struct gendisk *disk)
 {
 	struct request_queue *q = disk->queue;
@@ -930,8 +942,9 @@ void blk_unregister_queue(struct gendisk *disk)
 		return;
 
 	/*
-	 * Protect against the 'queue' kobj being accessed
-	 * while/after it is removed.
+	 * Since sysfs_remove_dir() prevents adding new directory entries
+	 * before removal of existing entries starts, protect against
+	 * concurrent elv_iosched_store() calls.
 	 */
 	mutex_lock(&q->sysfs_lock);
 
@@ -939,18 +952,24 @@ void blk_unregister_queue(struct gendisk *disk)
 	queue_flag_clear(QUEUE_FLAG_REGISTERED, q);
 	spin_unlock_irq(q->queue_lock);
 
-	wbt_exit(q);
-
+	/*
+	 * Remove the sysfs attributes before unregistering the queue data
+	 * structures that can be modified through sysfs.
+	 */
 	if (q->mq_ops)
 		blk_mq_unregister_dev(disk_to_dev(disk), q);
-
-	if (q->request_fn || (q->mq_ops && q->elevator))
-		elv_unregister_queue(q);
+	mutex_unlock(&q->sysfs_lock);
 
 	kobject_uevent(&q->kobj, KOBJ_REMOVE);
 	kobject_del(&q->kobj);
 	blk_trace_remove_sysfs(disk_to_dev(disk));
-	kobject_put(&disk_to_dev(disk)->kobj);
 
+	wbt_exit(q);
+
+	mutex_lock(&q->sysfs_lock);
+	if (q->request_fn || (q->mq_ops && q->elevator))
+		elv_unregister_queue(q);
 	mutex_unlock(&q->sysfs_lock);
+
+	kobject_put(&disk_to_dev(disk)->kobj);
 }
-- 
2.17.1


