Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp1873559ybc; Sun, 24 Nov 2019 08:03:05 -0800 (PST) X-Google-Smtp-Source: APXvYqzQFSWjGH/k0Lr960cO4yGou87EZbYG/WOg8vU5GgHQ7OJ55MXCDv/i8FT1jl2rv9248U3P X-Received: by 2002:a17:906:7708:: with SMTP id q8mr32396609ejm.33.1574611385365; Sun, 24 Nov 2019 08:03:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574611385; cv=none; d=google.com; s=arc-20160816; b=SCHyXOK/UAIPL377ajZw2l5gjnsWowUkMPNJFBjjxv0f1tt5fArulUy3/kpsxYpewk gw7w7tsQKNnYODJd4BZdXskClIyBCAhZLV0oW0cidi5Hem8SShIQ8atwoaN+ATfW52Na B7t2UOhfWX3rZLu/RtErJWagdw5RiCF5BE2pucUaghKMd/vukq7QRwn08GjQCY9GcHhX Q33UOCLHB1SEuBcjP/5nshF72DtHdyGfoLe6g9BoNdH2Y4gM0HBEgG6LcA0X2KLIkg95 Np3WANpL3L1pnCDBf2oatd6jlhczTKcUtpiKz5p0ZwAuRPY+Zs1Uo/H0b5Xf2FZel7wI OXZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:in-reply-to :subject:cc:to:from:date; bh=zgHDMv/idV1jYXdTDf/WcdahIkROyBpOk5eD5DKbYHQ=; b=uxIG79SxvInuLhOfhNuS0dSsnwjEbZ38VsaiXja0FE3hbv4bHdAHIJrXX2ussuXDMZ yBCrWUk46QijE9S1UMmWSO1sxFhi7ig8niUhZrqN/503Ks3+Gl8KvDgYsQT3kD4eZ3V+ dsnBqHJRSqHCm9hTtj/zVSW8SGbE3q92RDybBqoUVJvZ2JnIZsstXcPjmGZXeA4kdXY2 mG4YLUJC1P/ETkL9CmVpU1rTNRhH+mUtJ7d4g9zl7YRzoq3fd/SeoZKTQkO0Q1Dpvenb htv+1txBM7kUF/WIuMHbrfGrI5vDAZE+iSeikUm21b8LIAWBeKTR1aPSEpoWrE7Fjcap cobg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id me16si2646222ejb.158.2019.11.24.08.02.27; Sun, 24 Nov 2019 08:03:05 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726760AbfKXP7o (ORCPT + 99 others); Sun, 24 Nov 2019 10:59:44 -0500 Received: from netrider.rowland.org ([192.131.102.5]:34729 "HELO netrider.rowland.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1725989AbfKXP7n (ORCPT ); Sun, 24 Nov 2019 10:59:43 -0500 Received: (qmail 26292 invoked by uid 500); 24 Nov 2019 10:59:42 -0500 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 24 Nov 2019 10:59:42 -0500 Date: Sun, 24 Nov 2019 10:59:42 -0500 (EST) From: Alan Stern X-X-Sender: stern@netrider.rowland.org To: syzbot , Andrey Konovalov cc: arnd@arndb.de, , , , , Kernel development list , USB list , , , , Subject: Re: Re: Re: possible deadlock in mon_bin_vma_fault In-Reply-To: <00000000000046a8b6059806b796@google.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, 23 Nov 2019, syzbot wrote: > > On Fri, 22 Nov 2019, syzbot wrote: > > >> > #syz test: linux-4.19.y f6e27dbb1afa > > >> "linux-4.19.y" does not look like a valid git repo address. > > > Let's try again. The "git tree" value in the original bug report was > > "upstream", so I'll use that even though it doesn't look like a valid > > git repo address either. > > > Alan Stern > > > #syz test: upstream f6e27dbb1afa > > "upstream" does not look like a valid git repo address. Andrey, can you do something about that? It would be a lot nicer if _all_ the syzbot output and records included an actual git repo address in the appropriate places. Alan Stern #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git v5.3 commit 5252eb4c8297fedbf1c5f1e67da44efe00e6ef6b Author: Pete Zaitcev Date: Thu Nov 21 17:24:00 2019 -0600 usb: Fix a deadlock in usbmon between mmap and read Signed-off-by: Pete Zaitcev Reported-by: syzbot+56f9673bb4cdcbeb0e92@syzkaller.appspotmail.com diff --git a/drivers/usb/mon/mon_bin.c b/drivers/usb/mon/mon_bin.c index ac2b4fcc265f..f48a23adbc35 100644 --- a/drivers/usb/mon/mon_bin.c +++ b/drivers/usb/mon/mon_bin.c @@ -1039,12 +1039,18 @@ static long mon_bin_ioctl(struct file *file, unsigned int cmd, unsigned long arg mutex_lock(&rp->fetch_lock); spin_lock_irqsave(&rp->b_lock, flags); - mon_free_buff(rp->b_vec, rp->b_size/CHUNK_SIZE); - kfree(rp->b_vec); - rp->b_vec = vec; - rp->b_size = size; - rp->b_read = rp->b_in = rp->b_out = rp->b_cnt = 0; - rp->cnt_lost = 0; + if (rp->mmap_active) { + mon_free_buff(vec, size/CHUNK_SIZE); + kfree(vec); + ret = -EBUSY; + } else { + mon_free_buff(rp->b_vec, rp->b_size/CHUNK_SIZE); + kfree(rp->b_vec); + rp->b_vec = vec; + rp->b_size = size; + rp->b_read = rp->b_in = rp->b_out = rp->b_cnt = 0; + rp->cnt_lost = 0; + } spin_unlock_irqrestore(&rp->b_lock, flags); mutex_unlock(&rp->fetch_lock); } @@ -1216,13 +1222,21 @@ mon_bin_poll(struct file *file, struct poll_table_struct *wait) static void mon_bin_vma_open(struct vm_area_struct *vma) { struct mon_reader_bin *rp = vma->vm_private_data; + unsigned long flags; + + spin_lock_irqsave(&rp->b_lock, flags); rp->mmap_active++; + spin_unlock_irqrestore(&rp->b_lock, flags); } static void mon_bin_vma_close(struct vm_area_struct *vma) { + unsigned long flags; + struct mon_reader_bin *rp = vma->vm_private_data; + spin_lock_irqsave(&rp->b_lock, flags); rp->mmap_active--; + spin_unlock_irqrestore(&rp->b_lock, flags); } /* @@ -1234,16 +1248,12 @@ static vm_fault_t mon_bin_vma_fault(struct vm_fault *vmf) unsigned long offset, chunk_idx; struct page *pageptr; - mutex_lock(&rp->fetch_lock); offset = vmf->pgoff << PAGE_SHIFT; - if (offset >= rp->b_size) { - mutex_unlock(&rp->fetch_lock); + if (offset >= rp->b_size) return VM_FAULT_SIGBUS; - } chunk_idx = offset / CHUNK_SIZE; pageptr = rp->b_vec[chunk_idx].pg; get_page(pageptr); - mutex_unlock(&rp->fetch_lock); vmf->page = pageptr; return 0; }