linux/fs
Nick Piggin b31ca3f5df sysfs: fix deadlock
On Thu, Sep 11, 2008 at 10:27:10AM +0200, Ingo Molnar wrote:

> and it's working fine on most boxes. One testbox found this new locking
> scenario:
>
> PM: Adding info for No Bus:vcsa7
> EDAC DEBUG: MC0: i82860_check()
>
> =======================================================
> [ INFO: possible circular locking dependency detected ]
> 2.6.27-rc6-tip #1
> -------------------------------------------------------
> X/4873 is trying to acquire lock:
>  (&bb->mutex){--..}, at: [<c020ba20>] mmap+0x40/0xa0
>
> but task is already holding lock:
>  (&mm->mmap_sem){----}, at: [<c0125a1e>] sys_mmap2+0x8e/0xc0
>
> which lock already depends on the new lock.
>
>
> the existing dependency chain (in reverse order) is:
>
> -> #1 (&mm->mmap_sem){----}:
>        [<c017dc96>] validate_chain+0xa96/0xf50
>        [<c017ef2b>] __lock_acquire+0x2cb/0x5b0
>        [<c017f299>] lock_acquire+0x89/0xc0
>        [<c01aa8fb>] might_fault+0x6b/0x90
>        [<c040b618>] copy_to_user+0x38/0x60
>        [<c020bcfb>] read+0xfb/0x170
>        [<c01c09a5>] vfs_read+0x95/0x110
>        [<c01c1443>] sys_pread64+0x63/0x80
>        [<c012146f>] sysenter_do_call+0x12/0x43
>        [<ffffffff>] 0xffffffff
>
> -> #0 (&bb->mutex){--..}:
>        [<c017d8b7>] validate_chain+0x6b7/0xf50
>        [<c017ef2b>] __lock_acquire+0x2cb/0x5b0
>        [<c017f299>] lock_acquire+0x89/0xc0
>        [<c0d6f2ab>] __mutex_lock_common+0xab/0x3c0
>        [<c0d6f698>] mutex_lock_nested+0x38/0x50
>        [<c020ba20>] mmap+0x40/0xa0
>        [<c01b111e>] mmap_region+0x14e/0x450
>        [<c01b170f>] do_mmap_pgoff+0x2ef/0x310
>        [<c0125a3d>] sys_mmap2+0xad/0xc0
>        [<c012146f>] sysenter_do_call+0x12/0x43
>        [<ffffffff>] 0xffffffff
>
> other info that might help us debug this:
>
> 1 lock held by X/4873:
>  #0:  (&mm->mmap_sem){----}, at: [<c0125a1e>] sys_mmap2+0x8e/0xc0
>
> stack backtrace:
> Pid: 4873, comm: X Not tainted 2.6.27-rc6-tip #1
>  [<c017cd09>] print_circular_bug_tail+0x79/0xc0
>  [<c017d8b7>] validate_chain+0x6b7/0xf50
>  [<c017a5b5>] ? trace_hardirqs_off_caller+0x15/0xb0
>  [<c017ef2b>] __lock_acquire+0x2cb/0x5b0
>  [<c017f299>] lock_acquire+0x89/0xc0
>  [<c020ba20>] ? mmap+0x40/0xa0
>  [<c0d6f2ab>] __mutex_lock_common+0xab/0x3c0
>  [<c020ba20>] ? mmap+0x40/0xa0
>  [<c0d6f698>] mutex_lock_nested+0x38/0x50
>  [<c020ba20>] ? mmap+0x40/0xa0
>  [<c020ba20>] mmap+0x40/0xa0
>  [<c01b111e>] mmap_region+0x14e/0x450
>  [<c01afb88>] ? arch_get_unmapped_area_topdown+0xf8/0x160
>  [<c01b170f>] do_mmap_pgoff+0x2ef/0x310
>  [<c0125a3d>] sys_mmap2+0xad/0xc0
>  [<c012146f>] sysenter_do_call+0x12/0x43
>  [<c0120000>] ? __switch_to+0x130/0x220
>  =======================
> evbug.c: Event. Dev: input3, Type: 20, Code: 0, Value: 500
> warning: `sudo' uses deprecated v2 capabilities in a way that may be insecure.
>
> i've attached the config.
>
> at first sight it looks like a genuine bug in fs/sysfs/bin.c?

Yes, it is a real bug by the looks. bin.c takes bb->mutex under mmap_sem
when it is mmapped, and then does its copy_*_user under bb->mutex too.

Here is a basic fix for the sysfs lor.


From: Nick Piggin <npiggin@suse.de>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-10-16 09:24:50 -07:00
..
9p vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
adfs vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
affs vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
afs vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
autofs vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
autofs4 vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
befs vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
bfs bfs: fix Lockdep warning 2008-09-13 14:41:51 -07:00
cifs [CIFS] cifs: remove pointless lock and unlock of GlobalMid_Lock in header_assemble 2008-10-12 13:34:11 +00:00
coda device create: misc: convert device_create_drvdata to device_create 2008-10-16 09:24:43 -07:00
configfs
cramfs
debugfs integrity: special fs magic 2008-10-13 09:47:43 +11:00
devpts vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
dlm dlm: choose better identifiers 2008-09-05 09:51:30 -05:00
ecryptfs vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
efs EFS: Don't set f_fsid in statfs(). 2008-09-02 23:15:22 +01:00
exportfs
ext2 vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
ext3 vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
ext4 vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
fat vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
freevxfs
fuse vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
gfs2 vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
hfs vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
hfsplus vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
hostfs
hpfs vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
hppfs
hugetlbfs vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
isofs vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
jbd
jbd2 ext4: add an option to control error handling on file data 2008-10-10 22:12:43 -04:00
jffs2
jfs vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
lockd NLM: Remove "proto" argument from lockd_up() 2008-10-04 17:12:27 -04:00
minix
msdos
ncpfs
nfs Merge branch 'for-2.6.28' of git://linux-nfs.org/~bfields/linux 2008-10-14 12:31:14 -07:00
nfs_common
nfsd NLM: Remove unused argument from svc_addsock() function 2008-10-04 17:12:27 -04:00
nls
ntfs NTFS: update homepage 2008-09-02 19:21:37 -07:00
ocfs2 ocfs2: fix build error 2008-10-14 18:31:46 -07:00
omfs vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
openpromfs
partitions Check for device resize when rescanning partitions 2008-10-09 08:56:12 +02:00
proc Merge branch 'for-2.6.28' of git://linux-nfs.org/~bfields/linux 2008-10-14 12:31:14 -07:00
qnx4
ramfs mm: tiny-shmem nommu fix 2008-10-02 15:53:13 -07:00
reiserfs
romfs
smbfs
sysfs sysfs: fix deadlock 2008-10-16 09:24:50 -07:00
sysv
ubifs vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
udf vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
ufs vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
vfat
xfs xfs: fix remount rw with unrecognized options 2008-10-15 10:00:00 -07:00
aio.c
anon_inodes.c
attr.c
bad_inode.c
binfmt_aout.c
binfmt_elf_fdpic.c
binfmt_elf.c
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
binfmt_som.c
bio-integrity.c block: Introduce integrity data ownership flag 2008-10-09 08:56:21 +02:00
bio.c block: mark bio_split_pool static 2008-10-09 08:57:05 +02:00
block_dev.c block_dev: fix kernel-doc in new functions 2008-10-09 10:42:38 +02:00
buffer.c block: submit_bh() inadvertently discards barrier flag on a sync write 2008-08-27 09:50:19 +02:00
char_dev.c
compat_binfmt_elf.c
compat_ioctl.c
compat.c
dcache.c Fix NULL pointer dereference in proc_sys_compare 2008-09-29 07:42:57 -07:00
dcookies.c
direct-io.c
dnotify.c
dquot.c tty: Redo current tty locking 2008-10-13 09:51:41 -07:00
drop_caches.c
eventfd.c
eventpoll.c
exec.c mm owner: fix race between swapoff and exit 2008-09-29 08:41:47 -07:00
fcntl.c
fifo.c
file_table.c
file.c
filesystems.c
fs-writeback.c
generic_acl.c
inode.c
inotify_user.c inotify: fix lock ordering wrt do_page_fault's mmap_sem 2008-10-02 15:53:13 -07:00
inotify.c
internal.h
ioctl.c provide generic_block_fiemap() only with BLOCK=y 2008-10-12 11:44:37 -07:00
ioprio.c
Kconfig Merge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mfasheh/ocfs2 2008-10-14 16:34:11 -07:00
Kconfig.binfmt Introduce HAVE_AOUT symbol to remove hard-coded arch list for BINFMT_AOUT 2008-09-06 19:30:22 +01:00
libfs.c
locks.c
Makefile Merge branch 'for-2.6.28' of git://linux-nfs.org/~bfields/linux 2008-10-14 12:31:14 -07:00
mbcache.c
mpage.c
namei.c
namespace.c
nfsctl.c
no-block.c
open.c tty: the vhangup syscall is racy 2008-10-13 09:51:41 -07:00
pipe.c
pnode.c
pnode.h
posix_acl.c
quota_v1.c
quota_v2.c
quota.c
read_write.c
read_write.h
readdir.c
select.c
seq_file.c
signalfd.c
splice.c Don't allow splice() to files opened with O_APPEND 2008-10-09 14:26:38 -07:00
stack.c
stat.c
super.c
sync.c
timerfd.c
utimes.c
xattr_acl.c
xattr.c