There are two reasons to move mtd_device get|put operations into mtd
blktrans adding/deleting:
* Solve an AA-deadlock problem while formating mtd device to generate
a ftl device.
[<0>] blktrans_open+0x47/0x340 LOCK(mtd_table_mutex)
[<0>] __blkdev_get+0x5b/0x3e0
[<0>] blkdev_get_by_dev+0x18f/0x370
[<0>] __device_add_disk+0x2db/0x700
[<0>] device_add_disk+0x17/0x20
[<0>] add_mtd_blktrans_dev+0x39e/0x6d0
[<0>] ftl_add_mtd+0x792/0x908 [ftl]
[<0>] register_mtd_blktrans+0xfb/0x170 LOCK(mtd_table_mutex)
[<0>] ftl_tr_init+0x18/0x1000 [ftl]
[<0>] do_one_initcall+0x71/0x330
[<0>] do_init_module+0xa6/0x350
* Hold refcount of mtd device's module if mtd blktrans still exists.
Module Size Used by
mtdblock 20480 0
mtdram 20480 0
$ lsblk
mtdblock0 31:0 0 64M 0 disk
$ rmmod mtdram
# mtd device is removed unexpectedly when mtdblock exists!
$ lsmod
Module Size Used by
mtdblock 20480 0
$ lsblk
// No mtdblock found !
Patched:
Module Size Used by
mtdblock 20480 0
mtdram 20480 1
$ lsblk
mtdblock0 31:0 0 64M 0 disk
$ rmmod mtdram # EBUSY, and /dev/mtdblock0 still exists
, which works just like ubi/mtd:
Module Size Used by
ubi 380928 0
mtdram 20480 1
Fixes: 073db4a51ee43c ("mtd: fix: avoid race condition when ...")
Fixes: 008c751ec78587 ("mtd: allow to unload the mtdtrans module if ...")
Signed-off-by: Zhihao Cheng <[email protected]>
---
drivers/mtd/mtd_blkdevs.c | 25 ++++++-------------------
1 file changed, 6 insertions(+), 19 deletions(-)
diff --git a/drivers/mtd/mtd_blkdevs.c b/drivers/mtd/mtd_blkdevs.c
index fb8e12d590a1..19a2870a097a 100644
--- a/drivers/mtd/mtd_blkdevs.c
+++ b/drivers/mtd/mtd_blkdevs.c
@@ -209,7 +209,6 @@ static int blktrans_open(struct block_device *bdev, fmode_t mode)
if (!dev)
return -ERESTARTSYS; /* FIXME: busy loop! -arnd*/
- mutex_lock(&mtd_table_mutex);
mutex_lock(&dev->lock);
if (dev->open)
@@ -227,26 +226,18 @@ static int blktrans_open(struct block_device *bdev, fmode_t mode)
goto error_put;
}
- ret = __get_mtd_device(dev->mtd);
- if (ret)
- goto error_release;
dev->file_mode = mode;
unlock:
dev->open++;
mutex_unlock(&dev->lock);
- mutex_unlock(&mtd_table_mutex);
blktrans_dev_put(dev);
return ret;
-error_release:
- if (dev->tr->release)
- dev->tr->release(dev);
error_put:
module_put(dev->tr->owner);
kref_put(&dev->ref, blktrans_dev_release);
mutex_unlock(&dev->lock);
- mutex_unlock(&mtd_table_mutex);
blktrans_dev_put(dev);
return ret;
}
@@ -258,7 +249,6 @@ static void blktrans_release(struct gendisk *disk, fmode_t mode)
if (!dev)
return;
- mutex_lock(&mtd_table_mutex);
mutex_lock(&dev->lock);
if (--dev->open)
@@ -267,14 +257,10 @@ static void blktrans_release(struct gendisk *disk, fmode_t mode)
kref_put(&dev->ref, blktrans_dev_release);
module_put(dev->tr->owner);
- if (dev->mtd) {
- if (dev->tr->release)
- dev->tr->release(dev);
- __put_mtd_device(dev->mtd);
- }
+ if (dev->mtd && dev->tr->release)
+ dev->tr->release(dev);
unlock:
mutex_unlock(&dev->lock);
- mutex_unlock(&mtd_table_mutex);
blktrans_dev_put(dev);
}
@@ -425,6 +411,7 @@ int add_mtd_blktrans_dev(struct mtd_blktrans_dev *new)
}
gd->queue = new->rq;
+ __get_mtd_device(new->mtd);
if (new->readonly)
set_disk_ro(gd, 1);
@@ -474,15 +461,15 @@ int del_mtd_blktrans_dev(struct mtd_blktrans_dev *old)
blk_mq_unquiesce_queue(old->rq);
blk_mq_unfreeze_queue(old->rq);
- /* If the device is currently open, tell trans driver to close it,
- then put mtd device, and don't touch it again */
+ /* If the device is currently open, tell trans driver to close it */
mutex_lock(&old->lock);
if (old->open) {
if (old->tr->release)
old->tr->release(old);
- __put_mtd_device(old->mtd);
}
+ __put_mtd_device(old->mtd);
+ /* At that point, we don't touch the mtd anymore */
old->mtd = NULL;
mutex_unlock(&old->lock);
--
2.31.1
Hello!
On 15/06/2021 11:13, Zhihao Cheng wrote:
> There are two reasons to move mtd_device get|put operations into mtd
> blktrans adding/deleting:
...
> Fixes: 073db4a51ee43c ("mtd: fix: avoid race condition when ...")
> Fixes: 008c751ec78587 ("mtd: allow to unload the mtdtrans module if ...")
> Signed-off-by: Zhihao Cheng <[email protected]>
Reviewed-by: Alexander Sverdlin <[email protected]>
> ---
> drivers/mtd/mtd_blkdevs.c | 25 ++++++-------------------
> 1 file changed, 6 insertions(+), 19 deletions(-)
>
> diff --git a/drivers/mtd/mtd_blkdevs.c b/drivers/mtd/mtd_blkdevs.c
> index fb8e12d590a1..19a2870a097a 100644
> --- a/drivers/mtd/mtd_blkdevs.c
> +++ b/drivers/mtd/mtd_blkdevs.c
> @@ -209,7 +209,6 @@ static int blktrans_open(struct block_device *bdev, fmode_t mode)
> if (!dev)
> return -ERESTARTSYS; /* FIXME: busy loop! -arnd*/
>
> - mutex_lock(&mtd_table_mutex);
> mutex_lock(&dev->lock);
>
> if (dev->open)
> @@ -227,26 +226,18 @@ static int blktrans_open(struct block_device *bdev, fmode_t mode)
> goto error_put;
> }
>
> - ret = __get_mtd_device(dev->mtd);
> - if (ret)
> - goto error_release;
> dev->file_mode = mode;
>
> unlock:
> dev->open++;
> mutex_unlock(&dev->lock);
> - mutex_unlock(&mtd_table_mutex);
> blktrans_dev_put(dev);
> return ret;
>
> -error_release:
> - if (dev->tr->release)
> - dev->tr->release(dev);
> error_put:
> module_put(dev->tr->owner);
> kref_put(&dev->ref, blktrans_dev_release);
> mutex_unlock(&dev->lock);
> - mutex_unlock(&mtd_table_mutex);
> blktrans_dev_put(dev);
> return ret;
> }
> @@ -258,7 +249,6 @@ static void blktrans_release(struct gendisk *disk, fmode_t mode)
> if (!dev)
> return;
>
> - mutex_lock(&mtd_table_mutex);
> mutex_lock(&dev->lock);
>
> if (--dev->open)
> @@ -267,14 +257,10 @@ static void blktrans_release(struct gendisk *disk, fmode_t mode)
> kref_put(&dev->ref, blktrans_dev_release);
> module_put(dev->tr->owner);
>
> - if (dev->mtd) {
> - if (dev->tr->release)
> - dev->tr->release(dev);
> - __put_mtd_device(dev->mtd);
> - }
> + if (dev->mtd && dev->tr->release)
> + dev->tr->release(dev);
> unlock:
> mutex_unlock(&dev->lock);
> - mutex_unlock(&mtd_table_mutex);
> blktrans_dev_put(dev);
> }
>
> @@ -425,6 +411,7 @@ int add_mtd_blktrans_dev(struct mtd_blktrans_dev *new)
> }
>
> gd->queue = new->rq;
> + __get_mtd_device(new->mtd);
>
> if (new->readonly)
> set_disk_ro(gd, 1);
> @@ -474,15 +461,15 @@ int del_mtd_blktrans_dev(struct mtd_blktrans_dev *old)
> blk_mq_unquiesce_queue(old->rq);
> blk_mq_unfreeze_queue(old->rq);
>
> - /* If the device is currently open, tell trans driver to close it,
> - then put mtd device, and don't touch it again */
> + /* If the device is currently open, tell trans driver to close it */
> mutex_lock(&old->lock);
> if (old->open) {
> if (old->tr->release)
> old->tr->release(old);
> - __put_mtd_device(old->mtd);
> }
> + __put_mtd_device(old->mtd);
>
> + /* At that point, we don't touch the mtd anymore */
> old->mtd = NULL;
>
> mutex_unlock(&old->lock);
--
Best regards,
Alexander Sverdlin.
在 2021/6/15 17:27, Alexander Sverdlin 写道:
> Hello!
>
> On 15/06/2021 11:13, Zhihao Cheng wrote:
>> There are two reasons to move mtd_device get|put operations into mtd
>> blktrans adding/deleting:
> ...
>
>> Fixes: 073db4a51ee43c ("mtd: fix: avoid race condition when ...")
>> Fixes: 008c751ec78587 ("mtd: allow to unload the mtdtrans module if ...")
>> Signed-off-by: Zhihao Cheng <[email protected]>
> Reviewed-by: Alexander Sverdlin <[email protected]>
friendly ping