Re: tty: deadlock between n_tracerouter_receivebuf and flush_to_ldisc
From: Peter Zijlstra
Date: Wed Jan 20 2016 - 07:08:18 EST
On Wed, Jan 20, 2016 at 12:54:55PM +0100, Dmitry Vyukov wrote:
> On Wed, Jan 20, 2016 at 12:44 PM, Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
> > On Wed, Jan 20, 2016 at 10:36:01AM +0100, Dmitry Vyukov wrote:
> >
> >> +Peter, Ingo, can you please suggest a way to annotate this locking
> >> pattern to avoid lockdep false positive?
> >
> > No, because I haven't a clue what the actual problem is.
> >
> > The report is fairly clear on how:
> >
> > routelock
> > &port->buf.lock/1
> > &o_tty->termios_rwsem/1
> > &buf->lock
> >
> > gets established, and shows where we try:
> >
> > &buf->lock
> > routelock
> >
> > Which gives a circle, ergo deadlock.
> >
> > Show which link is wrong and why, and I can suggest ways of annotating
> > that.
>
>
> Alan provided an explanation calling this "false report":
> https://groups.google.com/d/msg/syzkaller/YrV0bzdfa-g/cCVoUf1OFQAJ
I read that, I didn't understand it. Which link is wrong and why?
> And I don't understand how the following is a deadlock, since there is
> no cycle...
>
> Possible unsafe locking scenario:
> CPU0 CPU1
> ---- ----
> lock(&buf->lock);
> lock(&o_tty->termios_rwsem/1);
> lock(&buf->lock);
> lock(routelock);
Ignore the stupid picture, it only really works for simple cases.