From mboxrd@z Thu Jan 1 00:00:00 1970 From: Al Viro Subject: [WTFoTW] ->quota_on() deadlocks Date: Thu, 1 Jul 2010 19:56:29 +0100 Message-ID: <20100701185629.GJ31073@ZenIV.linux.org.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Jan Kara , Joel Becker , Christoph Hellwig To: linux-fsdevel@vger.kernel.org Return-path: Received: from zeniv.linux.org.uk ([195.92.253.2]:46309 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756021Ab0GAS4b (ORCPT ); Thu, 1 Jul 2010 14:56:31 -0400 Content-Disposition: inline Sender: linux-fsdevel-owner@vger.kernel.org List-ID: All quotactl callbacks are done with s_umount held shared. Fine, but ->quota_on() will do kern_path() and _that_ can try to grab the same thing exclusive - suppose we pass a pathname that walks into autofs and triggers mounting of the same fs (at a different mountpoint, that is). That'll end up calling sget(), finding our superblock and trying to grab s_umount on it. mount(8) sits uninterruptibly sleeping in mount(2), kern_path() waits for it to complete and that's not going to happen until the caller of kern_path() (do_quotactl(), ultimately) finishes. Obvious solution is b0rken - we _can't_ take the call of kern_path() to a point prior to getting (and locking) the superblock. Why? Because ocfs2 ignores the pathname argument, so failing on bogus pathnames will blow the userland API compatibility. Other alternatives are also not particulary pleasant since we need s_umount at some point there - we want some exclusion with remounting. Ideas?