block/loop: fix deadlock after loop_set_status

[android-x86/kernel.git] / drivers / block / loop.c

diff --git a/drivers/block/loop.c b/drivers/block/loop.c
index fa1b7a9..ff1c4d7 100644 (file)
--- a/drivers/block/loop.c
+++ b/drivers/block/loop.c
@@ -263,7 +263,7 @@ static int lo_write_bvec(struct file *file, struct bio_vec *bvec, loff_t *ppos)
        struct iov_iter i;
        ssize_t bw;
 
-       iov_iter_bvec(&i, ITER_BVEC, bvec, 1, bvec->bv_len);
+       iov_iter_bvec(&i, ITER_BVEC | WRITE, bvec, 1, bvec->bv_len);
 
        file_start_write(file);
        bw = vfs_iter_write(file, &i, ppos);
@@ -612,6 +612,9 @@ static int loop_switch(struct loop_device *lo, struct file *file)
  */
 static int loop_flush(struct loop_device *lo)
 {
+       /* loop not yet configured, no running thread, nothing to flush */
+       if (lo->lo_state != Lo_bound)
+               return 0;
        return loop_switch(lo, NULL);
 }
 
@@ -1097,29 +1100,38 @@ loop_set_status(struct loop_device *lo, const struct loop_info64 *info)
        if ((unsigned int) info->lo_encrypt_key_size > LO_KEY_SIZE)
                return -EINVAL;
 
+       /* I/O need to be drained during transfer transition */
+       blk_mq_freeze_queue(lo->lo_queue);
+
        err = loop_release_xfer(lo);
        if (err)
-               return err;
+               goto exit;
 
        if (info->lo_encrypt_type) {
                unsigned int type = info->lo_encrypt_type;
 
-               if (type >= MAX_LO_CRYPT)
-                       return -EINVAL;
+               if (type >= MAX_LO_CRYPT) {
+                       err = -EINVAL;
+                       goto exit;
+               }
                xfer = xfer_funcs[type];
-               if (xfer == NULL)
-                       return -EINVAL;
+               if (xfer == NULL) {
+                       err = -EINVAL;
+                       goto exit;
+               }
        } else
                xfer = NULL;
 
        err = loop_init_xfer(lo, xfer, info);
        if (err)
-               return err;
+               goto exit;
 
        if (lo->lo_offset != info->lo_offset ||
            lo->lo_sizelimit != info->lo_sizelimit)
-               if (figure_loop_size(lo, info->lo_offset, info->lo_sizelimit))
-                       return -EFBIG;
+               if (figure_loop_size(lo, info->lo_offset, info->lo_sizelimit)) {
+                       err = -EFBIG;
+                       goto exit;
+               }
 
        loop_config_discard(lo);
 
@@ -1137,13 +1149,6 @@ loop_set_status(struct loop_device *lo, const struct loop_info64 *info)
             (info->lo_flags & LO_FLAGS_AUTOCLEAR))
                lo->lo_flags ^= LO_FLAGS_AUTOCLEAR;
 
-       if ((info->lo_flags & LO_FLAGS_PARTSCAN) &&
-            !(lo->lo_flags & LO_FLAGS_PARTSCAN)) {
-               lo->lo_flags |= LO_FLAGS_PARTSCAN;
-               lo->lo_disk->flags &= ~GENHD_FL_NO_PART_SCAN;
-               loop_reread_partitions(lo, lo->lo_device);
-       }
-
        lo->lo_encrypt_key_size = info->lo_encrypt_key_size;
        lo->lo_init[0] = info->lo_init[0];
        lo->lo_init[1] = info->lo_init[1];
@@ -1156,7 +1161,17 @@ loop_set_status(struct loop_device *lo, const struct loop_info64 *info)
        /* update dio if lo_offset or transfer is changed */
        __loop_update_dio(lo, lo->use_dio);
 
-       return 0;
+ exit:
+       blk_mq_unfreeze_queue(lo->lo_queue);
+
+       if (!err && (info->lo_flags & LO_FLAGS_PARTSCAN) &&
+            !(lo->lo_flags & LO_FLAGS_PARTSCAN)) {
+               lo->lo_flags |= LO_FLAGS_PARTSCAN;
+               lo->lo_disk->flags &= ~GENHD_FL_NO_PART_SCAN;
+               loop_reread_partitions(lo, lo->lo_device);
+       }
+
+       return err;
 }
 
 static int
@@ -1550,9 +1565,8 @@ out:
        return err;
 }
 
-static void lo_release(struct gendisk *disk, fmode_t mode)
+static void __lo_release(struct loop_device *lo)
 {
-       struct loop_device *lo = disk->private_data;
        int err;
 
        if (atomic_dec_return(&lo->lo_refcnt))
@@ -1578,6 +1592,13 @@ static void lo_release(struct gendisk *disk, fmode_t mode)
        mutex_unlock(&lo->lo_ctl_mutex);
 }
 
+static void lo_release(struct gendisk *disk, fmode_t mode)
+{
+       mutex_lock(&loop_index_mutex);
+       __lo_release(disk->private_data);
+       mutex_unlock(&loop_index_mutex);
+}
+
 static const struct block_device_operations lo_fops = {
        .owner =        THIS_MODULE,
        .open =         lo_open,
@@ -1646,7 +1667,7 @@ static int loop_queue_rq(struct blk_mq_hw_ctx *hctx,
        blk_mq_start_request(bd->rq);
 
        if (lo->lo_state != Lo_bound)
-               return -EIO;
+               return BLK_MQ_RQ_QUEUE_ERROR;
 
        switch (req_op(cmd->rq)) {
        case REQ_OP_FLUSH: