On Fri, Feb 16, 2018 at 8:32 AM, Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > On Mon, Feb 12, 2018 at 05:01:25PM -0800, Joel Fernandes wrote: >> ashmem_mutex create a chain of dependencies like so: >> >> (1) >> mmap syscall -> >> mmap_sem -> (acquired) >> ashmem_mmap >> ashmem_mutex (try to acquire) >> (block) >> >> (2) >> llseek syscall -> >> ashmem_llseek -> >> ashmem_mutex -> (acquired) >> inode_lock -> >> inode->i_rwsem (try to acquire) >> (block) >> >> (3) >> getdents -> >> iterate_dir -> >> inode_lock -> >> inode->i_rwsem (acquired) >> copy_to_user -> >> mmap_sem (try to acquire) >> >> There is a lock ordering created between mmap_sem and inode->i_rwsem >> causing a lockdep splat [2] during a syzcaller test, this patch fixes >> the issue by unlocking the mutex earlier. Functionally that's Ok since >> we don't need to protect vfs_llseek. >> >> [1] https://patchwork.kernel.org/patch/10185031/ >> [2] https://lkml.org/lkml/2018/1/10/48 >> >> Cc: Todd Kjos <tkjos@xxxxxxxxxx> >> Cc: Arve Hjonnevag <arve@xxxxxxxxxxx> >> Cc: Greg Hackmann <ghackmann@xxxxxxxxxx> >> Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> >> Cc: stable@xxxxxxxxxxxxxxx >> Reported-by: syzbot+8ec30bb7bf1a981a2012@xxxxxxxxxxxxxxxxxxxxxxxxx >> Signed-off-by: Joel Fernandes <joelaf@xxxxxxxxxx> >> --- >> drivers/staging/android/ashmem.c | 15 +++++++-------- >> 1 file changed, 7 insertions(+), 8 deletions(-) > > Please always properly version your patches, and put what changed below > the --- line, so I have a hint as to which patch to apply. > Documentation/SubmittingPatches has the full details of how to do this. > > Can you resend me the "latest" version of this patch, so I have a chance > of getting it right? :) Sorry about that :) Fixing now, and will resend. This version you're replying to is the latest version which is the second version (v2). - Joel