From: Al Viro <viro@ZenIV.linux.org.uk>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Hugh Dickins <hughd@google.com>,
linux-fsdevel@vger.kernel.org, James Morris <jmorris@namei.org>,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org,
David Safford <safford@linux.vnet.ibm.com>,
Dmitry Kasatkin <dmitry.kasatkin@intel.com>,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
David Miller <davem@davemloft.net>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [RFC] situation with fput() locking (was Re: [PULL REQUEST] : ima-appraisal patches)
Date: Fri, 20 Apr 2012 20:58:33 +0100 [thread overview]
Message-ID: <20120420195833.GM6871@ZenIV.linux.org.uk> (raw)
In-Reply-To: <CA+55aFwVJ7SFbb3ZVxnon-Vv19pbNvUN4oungH479q7DUjBtwQ@mail.gmail.com>
On Fri, Apr 20, 2012 at 12:18:43PM -0700, Linus Torvalds wrote:
> The *bigger* annoyance is actually "do_mmap()", which does a
> do_munmap() as part of it, so it needs the same cleanup too.
So does a bunch of other places. Let me dig out the call graph circa
3.3.0... Here is the relevant part:
do_munmap() -
<- pfm_do_munmap() <- pfm_remove_smpl_mapping() which grabs mmap_sem excl
<- 64_munmap(2) which grabs mmap_sem excl
<- kvm_arch_commit_memory_region() which grabs mmap_sem excl
<- i810_unmap_buffer() which grabs mmap_sem excl
<- aio_free_ring() which grabs mmap_sem excl
<- elf_map() which grabs mmap_sem excl
<- [flat] load_flat_file() --- BUG HERE
<- shmdt(2) which grabs mmap_sem excl
<- brk(2) which grabs mmap_sem excl
<- mmap_region() [see below]
<- munmap(2) which grabs mmap_sem excl
<- do_brk() [see below]
<- move_vma()
<- mremap_to() <- do_mremap() [see below]
<- do_mremap() [see below]
<- mremap_to() <- do_mremap() [see below]
<- do_mremap() [see below]
do_brk() -
<- brk(2) which grabs mmap_sem excl
<- [ia32_aout] set_brk() which grabs mmap_sem excl
<- [ia32_aout] load_aout_binary() which grabs mmap_sem excl
<- [ia32_aout] load_aout_library() which grabs mmap_sem excl
<- [aout] set_brk() which grabs mmap_sem excl
<- [aout] load_aout_binary() which grabs mmap_sem excl
<- [aout] load_aout_library() which grabs mmap_sem excl
<- [elf] set_brk() which grabs mmap_sem excl
<- [elf] load_elf_interp() which grabs mmap_sem excl
<- [elf] load_elf_library() which grabs mmap_sem excl
mmap_region() -
<- remap_file_pages(2) which grabs mmap_sem excl
<- do_mmap_pgoff() [see below]
<- [tile] arch_setup_additional_pages() which grabs mmap_sem excl
(a bit too late, BTW, but not for this one)
do_mmap_pgoff() -
<- do_mmap() [see below]
<- mmap_pgoff(2) which grabs mmap_sem excl
do_mmap() -
<- shmat(2) which grabs mmap_sem excl
<- aio_setup_ring() which grabs mmap_sem excl [NB: only because ctx->mm == current->mm]
<- kvm_arch_prepare_memory_region() which grabs mmap_sem excl
<- drm_mapbufs() which grabs mmap_sem excl
<- exynos_drm_gem_mmap_ioctl() which grabs mmap_sem excl
<- i810_map_buffer() which grabs mmap_sem excl [NB: racy changes of ->f_op]
<- i915_gem_mmap_ioctl() which grabs mmap_sem excl
<- [tile] single_step_once() which grabs mmap_sem excl
<- [elf] elf_map() which grabs mmap_sem excl
<- [elf] load_elf_binary() which grabs mmap_sem excl
<- [elf_fdpic] load_elf_fdpic_binary() which grabs mmap_sem excl
<- [elf_fdpic] elf_fdpic_map_file_constdisp_on_uclinux() which grabs mmap_sem excl
<- [elf_fdpic] elf_fdpic_map_file_by_direct_mmap() which grabs mmap_sem excl
<- [aout] load_aout_binary() which grabs mmap_sem excl
<- [aout] load_aout_library() which grabs mmap_sem excl
<- [ia32_aout] load_aout_binary() which grabs mmap_sem excl
<- [ia32_aout] load_aout_library() which grabs mmap_sem excl
<- [flat] load_flat_file() which grabs mmap_sem excl
<- [som] map_som_binary() which grabs mmap_sem excl
do_mremap() -
<- mremap(2) which grabs mmap_sem excl
(bug mentioned re load_flat_file() is still there, but it's irrelevant
for our purposes - no ->mmap_sem held by caller of do_munmap()). That's
a metric arseload of sites to propagate that thing to...
next prev parent reply other threads:[~2012-04-20 19:58 UTC|newest]
Thread overview: 103+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-18 13:04 [PULL REQUEST] : ima-appraisal patches Mimi Zohar
2012-04-18 15:02 ` James Morris
2012-04-18 18:07 ` Mimi Zohar
2012-04-18 18:39 ` Al Viro
2012-04-18 20:56 ` Mimi Zohar
2012-04-19 19:57 ` Mimi Zohar
2012-04-20 0:43 ` [RFC] situation with fput() locking (was Re: [PULL REQUEST] : ima-appraisal patches) Al Viro
2012-04-20 2:31 ` Linus Torvalds
2012-04-20 2:31 ` Linus Torvalds
2012-04-20 2:54 ` Al Viro
2012-04-20 2:58 ` Linus Torvalds
2012-04-20 2:58 ` Linus Torvalds
2012-04-20 8:09 ` Al Viro
2012-04-20 15:56 ` Linus Torvalds
2012-04-20 15:56 ` Linus Torvalds
2012-04-20 16:08 ` Al Viro
2012-04-20 16:42 ` Al Viro
2012-04-20 17:21 ` Linus Torvalds
2012-04-20 17:21 ` Linus Torvalds
2012-04-20 18:07 ` Al Viro
2012-04-23 18:01 ` [RFC] TIF_NOTIFY_RESUME, arch/*/*/*signal*.c and all such Al Viro
2012-04-23 18:37 ` Oleg Nesterov
2012-04-24 7:26 ` Al Viro
2012-04-25 3:06 ` Al Viro
2012-04-25 12:37 ` Oleg Nesterov
2012-04-25 12:50 ` Al Viro
2012-04-25 13:03 ` Oleg Nesterov
2012-04-25 13:32 ` Oleg Nesterov
2012-04-25 13:32 ` Al Viro
2012-04-25 14:52 ` Oleg Nesterov
2012-04-25 15:46 ` Oleg Nesterov
2012-04-25 16:10 ` Al Viro
2012-04-25 17:02 ` Oleg Nesterov
2012-04-25 17:51 ` Al Viro
2012-04-26 7:15 ` Martin Schwidefsky
2012-04-26 7:25 ` David Miller
2012-04-26 13:52 ` Oleg Nesterov
2012-04-26 14:31 ` Martin Schwidefsky
2012-04-26 13:22 ` Oleg Nesterov
2012-04-26 18:37 ` Oleg Nesterov
2012-04-26 23:19 ` Al Viro
2012-04-27 17:24 ` Oleg Nesterov
2012-04-27 17:54 ` Oleg Nesterov
2012-05-02 10:37 ` Matt Fleming
2012-05-02 14:14 ` Al Viro
2012-04-27 18:45 ` Al Viro
2012-04-27 19:14 ` Geert Uytterhoeven
2012-04-27 19:34 ` Al Viro
2012-04-29 22:51 ` Al Viro
2012-04-30 6:39 ` Greg Ungerer
2012-04-30 6:39 ` Greg Ungerer
2012-04-27 19:42 ` Al Viro
2012-04-27 20:20 ` Roland McGrath
2012-04-27 21:12 ` Al Viro
2012-04-27 21:27 ` Roland McGrath
2012-04-27 23:15 ` Al Viro
2012-04-27 23:32 ` Al Viro
2012-04-29 4:12 ` Al Viro
2012-04-30 8:06 ` Martin Schwidefsky
2012-04-27 23:50 ` Al Viro
2012-04-28 18:51 ` [PATCH] arch/tile: avoid calling do_signal() after fork from a kernel thread Chris Metcalf
2012-04-28 18:51 ` Chris Metcalf
2012-04-28 20:55 ` Al Viro
2012-04-28 21:46 ` Chris Metcalf
2012-04-28 21:46 ` Chris Metcalf
2012-04-29 0:55 ` Al Viro
2012-04-28 18:51 ` [PATCH v2] arch/tile: fix up some issues in calling do_work_pending() Chris Metcalf
2012-04-28 18:51 ` Chris Metcalf
2012-04-29 3:49 ` [PATCH] arch/tile: avoid calling do_signal() after fork from a kernel thread Chris Metcalf
2012-04-29 3:49 ` Chris Metcalf
2012-04-28 2:42 ` [RFC] TIF_NOTIFY_RESUME, arch/*/*/*signal*.c and all such Al Viro
2012-04-28 3:32 ` Al Viro
2012-04-28 3:36 ` Al Viro
2012-04-29 16:33 ` Oleg Nesterov
2012-04-29 16:18 ` Oleg Nesterov
2012-04-29 18:05 ` Al Viro
2012-05-01 4:31 ` Al Viro
2012-05-01 5:06 ` Mike Frysinger
2012-05-01 5:52 ` Al Viro
2012-05-02 17:24 ` Al Viro
2012-05-02 18:30 ` Oleg Nesterov
2012-04-29 16:41 ` Oleg Nesterov
2012-04-29 18:09 ` Al Viro
2012-04-29 18:25 ` Oleg Nesterov
2012-04-20 3:15 ` [RFC] situation with fput() locking (was Re: [PULL REQUEST] : ima-appraisal patches) Al Viro
2012-04-20 18:54 ` Hugh Dickins
2012-04-20 19:04 ` Al Viro
2012-04-20 19:18 ` Linus Torvalds
2012-04-20 19:32 ` Hugh Dickins
2012-04-20 19:58 ` Al Viro [this message]
2012-04-20 21:12 ` Linus Torvalds
2012-04-20 21:12 ` Linus Torvalds
2012-04-20 22:13 ` Al Viro
2012-04-20 22:35 ` Linus Torvalds
2012-04-20 22:35 ` Linus Torvalds
2012-04-27 7:35 ` Kasatkin, Dmitry
2012-04-27 17:34 ` Al Viro
2012-04-27 18:52 ` Kasatkin, Dmitry
2012-04-27 18:52 ` Kasatkin, Dmitry
2012-04-27 19:15 ` Kasatkin, Dmitry
2012-04-30 14:32 ` Mimi Zohar
2012-05-03 4:23 ` James Morris
2012-04-20 19:37 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120420195833.GM6871@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=akpm@linux-foundation.org \
--cc=davem@davemloft.net \
--cc=dmitry.kasatkin@intel.com \
--cc=hughd@google.com \
--cc=jmorris@namei.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=safford@linux.vnet.ibm.com \
--cc=torvalds@linux-foundation.org \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.