[PATCH] sysfs: fix deadlock

From: Ingo Molnar
Date: Fri Sep 12 2008 - 05:24:51 EST

Next message: KAMEZAWA Hiroyuki: "Re: [RFC] [PATCH 0/9] remove page_cgroup pointer (with someenhancements)"
Previous message: Ingo Molnar: "Re: [Bugme-new] [Bug 11543] New: kernel panic: softlockup intick_periodic() ???"
In reply to: Nick Piggin: "Re: [patch] x86: some lock annotations for user copy paths"
Next in thread: Nick Piggin: "Re: [PATCH] sysfs: fix deadlock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ Greg, please see the sysfs fix further below. ]

* Nick Piggin <npiggin@xxxxxxx> wrote:

> > - moved the might_sleep() check outside the in_atomic() check,
>
> Hmm... but then it has the same failure case again in the is_preempt()
> code, does it not?
>
> I guess we should just convert that guy to either use get_user_atomic,
> (which would mean implementing that for x86), or use
> copy_from_user_inatomic.

i've done the v3 patch below - that seems to have passed all my testing
without any new bugs found. I've reinstated your the clear_user()
might_fault() check, plus i removed it from __[get|put]_user_size, which
the _inatomic() API variants use. That enabled me to utilize the
_inatomic() API in probe_kernel_address().

we still have the checks in put_user()/get_user() and in all the
copy_*_user() APIs, which should be strong enough. [ I havent fully
checked whether __get_user_size() might be used by some less frequent
API - if it is then that API should grow a might_fault() check. ]

> > i've attached the config.
> >
> > at first sight it looks like a genuine bug in fs/sysfs/bin.c?
>
> Yes, it is a real bug by the looks. bin.c takes bb->mutex under
> mmap_sem when it is mmapped, and then does its copy_*_user under
> bb->mutex too.

ok - second patch attached below, Greg, could you please apply? This is
for v2.6.27 too i think.

> > i.e. your patches are working as expected and the extended
> > validation mechanism is finding real bugs :-)
>
> Yeah it's nice. I'm just hoping we don't come across one that is as
> difficult to fix as prepare_write/commit_write were ;)
>
> Here is a basic fix for the sysfs lor.

and that did the trick here - the patch with a tidied up changelog is
attached further below. [ the second patch is standalone and does not
need the first patch which is relative to tip/master ]

thanks Nick, i think this is a great addition to lockdep! It already
found two real locking bugs within a day. If you can think of any other
proactive methods to widen our lock hierarchy knowledge that would be
great to add. I think what we want is to insert knowledge about other
unlikely lock acquire events, for locks that have a historic pattern of
producing regular locking bugs.

Ingo

----------------->

Next message: KAMEZAWA Hiroyuki: "Re: [RFC] [PATCH 0/9] remove page_cgroup pointer (with someenhancements)"
Previous message: Ingo Molnar: "Re: [Bugme-new] [Bug 11543] New: kernel panic: softlockup intick_periodic() ???"
In reply to: Nick Piggin: "Re: [patch] x86: some lock annotations for user copy paths"
Next in thread: Nick Piggin: "Re: [PATCH] sysfs: fix deadlock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]