queue-4.19/loop-set-genhd_fl_no_part_scan-after-blkdev_reread_p.patch

   1 From 0496bd99e887f532ec2e2b41b572d6644c25f311 Mon Sep 17 00:00:00 2001
   2 From: Dongli Zhang <dongli.zhang@oracle.com>
   3 Date: Fri, 22 Feb 2019 22:10:20 +0800
   4 Subject: loop: set GENHD_FL_NO_PART_SCAN after blkdev_reread_part()
   5
   6 [ Upstream commit 758a58d0bc67457f1215321a536226654a830eeb ]
   7
   8 Commit 0da03cab87e6
   9 ("loop: Fix deadlock when calling blkdev_reread_part()") moves
  10 blkdev_reread_part() out of the loop_ctl_mutex. However,
  11 GENHD_FL_NO_PART_SCAN is set before __blkdev_reread_part(). As a result,
  12 __blkdev_reread_part() will fail the check of GENHD_FL_NO_PART_SCAN and
  13 will not rescan the loop device to delete all partitions.
  14
  15 Below are steps to reproduce the issue:
  16
  17 step1 # dd if=/dev/zero of=tmp.raw bs=1M count=100
  18 step2 # losetup -P /dev/loop0 tmp.raw
  19 step3 # parted /dev/loop0 mklabel gpt
  20 step4 # parted -a none -s /dev/loop0 mkpart primary 64s 1
  21 step5 # losetup -d /dev/loop0
  22
  23 Step5 will not be able to delete /dev/loop0p1 (introduced by step4) and
  24 there is below kernel warning message:
  25
  26 [  464.414043] __loop_clr_fd: partition scan of loop0 failed (rc=-22)
  27
  28 This patch sets GENHD_FL_NO_PART_SCAN after blkdev_reread_part().
  29
  30 Fixes: 0da03cab87e6 ("loop: Fix deadlock when calling blkdev_reread_part()")
  31 Signed-off-by: Dongli Zhang <dongli.zhang@oracle.com>
  32 Reviewed-by: Jan Kara <jack@suse.cz>
  33 Signed-off-by: Jens Axboe <axboe@kernel.dk>
  34 Signed-off-by: Sasha Levin <sashal@kernel.org>
  35 ---
  36  drivers/block/loop.c | 21 +++++++++++++++++----
  37  1 file changed, 17 insertions(+), 4 deletions(-)
  38
  39 diff --git a/drivers/block/loop.c b/drivers/block/loop.c
  40 index 0c5aeab4d23a..a63da9e07341 100644
  41 --- a/drivers/block/loop.c
  42 +++ b/drivers/block/loop.c
  43 @@ -1090,16 +1090,12 @@ static int __loop_clr_fd(struct loop_device *lo, bool release)
  44                 kobject_uevent(&disk_to_dev(bdev->bd_disk)->kobj, KOBJ_CHANGE);
  45         }
  46         mapping_set_gfp_mask(filp->f_mapping, gfp);
  47 -       lo->lo_state = Lo_unbound;
  48         /* This is safe: open() is still holding a reference. */
  49         module_put(THIS_MODULE);
  50         blk_mq_unfreeze_queue(lo->lo_queue);
  51
  52         partscan = lo->lo_flags & LO_FLAGS_PARTSCAN && bdev;
  53         lo_number = lo->lo_number;
  54 -       lo->lo_flags = 0;
  55 -       if (!part_shift)
  56 -               lo->lo_disk->flags |= GENHD_FL_NO_PART_SCAN;
  57         loop_unprepare_queue(lo);
  58  out_unlock:
  59         mutex_unlock(&loop_ctl_mutex);
  60 @@ -1121,6 +1117,23 @@ out_unlock:
  61                 /* Device is gone, no point in returning error */
  62                 err = 0;
  63         }
  64 +
  65 +       /*
  66 +        * lo->lo_state is set to Lo_unbound here after above partscan has
  67 +        * finished.
  68 +        *
  69 +        * There cannot be anybody else entering __loop_clr_fd() as
  70 +        * lo->lo_backing_file is already cleared and Lo_rundown state
  71 +        * protects us from all the other places trying to change the 'lo'
  72 +        * device.
  73 +        */
  74 +       mutex_lock(&loop_ctl_mutex);
  75 +       lo->lo_flags = 0;
  76 +       if (!part_shift)
  77 +               lo->lo_disk->flags |= GENHD_FL_NO_PART_SCAN;
  78 +       lo->lo_state = Lo_unbound;
  79 +       mutex_unlock(&loop_ctl_mutex);
  80 +
  81         /*
  82          * Need not hold loop_ctl_mutex to fput backing file.
  83          * Calling fput holding loop_ctl_mutex triggers a circular
  84 --
  85 2.19.1
  86