From: Peter Zijlstra <peterz@infradead.org>
To: "Kirill A. Shutemov" <kirill@shutemov.name>
Cc: "Michael L. Semon" <mlsemon35@gmail.com>,
Ingo Molnar <mingo@kernel.org>,
jason.low2@hp.com, linux-kernel@vger.kernel.org,
dhowells@redhat.com, viro@ZenIV.linux.org.uk
Subject: cred_guard_mutex vs seq_file::lock [was: Re: 3.14.0+/x86: lockdep and mutexes not getting along]
Date: Thu, 10 Apr 2014 16:29:18 +0200 [thread overview]
Message-ID: <20140410142918.GU11096@twins.programming.kicks-ass.net> (raw)
In-Reply-To: <20140409121940.GA12890@node.dhcp.inet.fi>
On Wed, Apr 09, 2014 at 03:19:40PM +0300, Kirill A. Shutemov wrote:
> [ 26.747484] ======================================================
> [ 26.748725] [ INFO: possible circular locking dependency detected ]
> [ 26.748725] 3.13.0-11331-g6f008e72cd11 #1162 Not tainted
> [ 26.748725] -------------------------------------------------------
> [ 26.748725] trinity-c5/848 is trying to acquire lock:
> [ 26.748725] (&p->lock){+.+.+.}, at: [<ffffffff811774a8>] seq_read+0x38/0x3c0
> [ 26.748725]
> [ 26.748725] but task is already holding lock:
> [ 26.748725] (&sig->cred_guard_mutex){+.+.+.}, at: [<ffffffff811579db>] prepare_bprm_creds+0x2b/0x80
> [ 26.748725]
> [ 26.748725] which lock already depends on the new lock.
> [ 26.748725]
> [ 26.748725]
> [ 26.748725] the existing dependency chain (in reverse order) is:
> [ 26.748725] -> #1 (&sig->cred_guard_mutex){+.+.+.}:
> [ 26.748725] [<ffffffff810998d8>] __lock_acquire+0x3a8/0xc20
> [ 26.748725] [<ffffffff8109a1c6>] lock_acquire+0x76/0xc0
> [ 26.748725] [<ffffffff8173634d>] mutex_lock_killable_nested+0x6d/0x460
> [ 26.748725] [<ffffffff81049924>] mm_access+0x24/0xb0
> [ 26.748725] [<ffffffff811b6307>] m_start+0x67/0x1e0
> [ 26.748725] [<ffffffff811775a0>] seq_read+0x130/0x3c0
> [ 26.748725] [<ffffffff8114ffaa>] do_loop_readv_writev+0x5a/0x80
> [ 26.748725] [<ffffffff81150c4d>] compat_do_readv_writev+0x20d/0x220
> [ 26.748725] [<ffffffff81150c92>] compat_readv+0x32/0x70
> [ 26.748725] [<ffffffff81151c07>] compat_SyS_readv+0x47/0xa0
> [ 26.748725] [<ffffffff81742179>] ia32_sysret+0x0/0x5
> [ 26.748725] -> #0 (&p->lock){+.+.+.}:
> [ 26.780481] [<ffffffff81097a4a>] validate_chain.isra.37+0x105a/0x10d0
> [ 26.780481] [<ffffffff810998d8>] __lock_acquire+0x3a8/0xc20
> [ 26.780481] [<ffffffff8109a1c6>] lock_acquire+0x76/0xc0
> [ 26.780481] [<ffffffff81735bad>] mutex_lock_nested+0x6d/0x3d0
> [ 26.780481] [<ffffffff811774a8>] seq_read+0x38/0x3c0
> [ 26.780481] [<ffffffff811b7af8>] proc_reg_read+0x38/0x70
> [ 26.780481] [<ffffffff81150799>] vfs_read+0x99/0x160
> [ 26.780481] [<ffffffff8115635c>] kernel_read+0x3c/0x50
> [ 26.780481] [<ffffffff811565e7>] prepare_binprm+0x137/0x1d0
> [ 26.780481] [<ffffffff81157f82>] do_execve_common.isra.34+0x4d2/0x730
> [ 26.780481] [<ffffffff81158461>] SyS_execve+0x31/0x50
> [ 26.780481] [<ffffffff81741099>] stub_execve+0x69/0xa0
> [ 26.780481]
> [ 26.780481] other info that might help us debug this:
> [ 26.780481]
> [ 26.780481] Possible unsafe locking scenario:
> [ 26.780481]
> [ 26.780481] CPU0 CPU1
> [ 26.780481] ---- ----
> [ 26.780481] lock(&sig->cred_guard_mutex);
> [ 26.780481] lock(&p->lock);
> [ 26.780481] lock(&sig->cred_guard_mutex);
> [ 26.780481] lock(&p->lock);
> [ 26.780481]
> [ 26.780481] *** DEADLOCK ***
> [ 26.780481]
> [ 26.780481] 1 lock held by trinity-c5/848:
> [ 26.780481] #0: (&sig->cred_guard_mutex){+.+.+.}, at: [<ffffffff811579db>] prepare_bprm_creds+0x2b/0x80
> [ 26.780481]
> [ 26.780481] stack backtrace:
> [ 26.780481] CPU: 5 PID: 848 Comm: trinity-c5 Not tainted 3.13.0-11331-g6f008e72cd11 #1162
> [ 26.780481] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS Bochs 01/01/2011
> [ 26.780481] ffffffff824f1130 ffff8803b6973b58 ffffffff8172fc76 ffffffff824f1130
> [ 26.780481] ffff8803b6973b98 ffffffff8172b6de ffff8803b6973bd0 ffff8803b72550e0
> [ 26.780481] ffff8803b72550e0 0000000000000000 ffff8803b72549d0 0000000000000001
> [ 26.780481] Call Trace:
> [ 26.780481] [<ffffffff8172fc76>] dump_stack+0x4d/0x66
> [ 26.780481] [<ffffffff8172b6de>] print_circular_bug+0x201/0x20f
> [ 26.780481] [<ffffffff81097a4a>] validate_chain.isra.37+0x105a/0x10d0
> [ 26.780481] [<ffffffff810998d8>] __lock_acquire+0x3a8/0xc20
> [ 26.780481] [<ffffffff8109a1c6>] lock_acquire+0x76/0xc0
> [ 26.780481] [<ffffffff811774a8>] ? seq_read+0x38/0x3c0
> [ 26.780481] [<ffffffff81735bad>] mutex_lock_nested+0x6d/0x3d0
> [ 26.780481] [<ffffffff811774a8>] ? seq_read+0x38/0x3c0
> [ 26.780481] [<ffffffff811774a8>] ? seq_read+0x38/0x3c0
> [ 26.780481] [<ffffffff81082e18>] ? sched_clock_cpu+0xa8/0xd0
> [ 26.780481] [<ffffffff811774a8>] seq_read+0x38/0x3c0
> [ 26.780481] [<ffffffff811b7af8>] proc_reg_read+0x38/0x70
> [ 26.780481] [<ffffffff81167b9e>] ? dput+0x1e/0x110
> [ 26.780481] [<ffffffff81150799>] vfs_read+0x99/0x160
> [ 26.780481] [<ffffffff8115635c>] kernel_read+0x3c/0x50
> [ 26.780481] [<ffffffff811565e7>] prepare_binprm+0x137/0x1d0
> [ 26.780481] [<ffffffff81157f82>] do_execve_common.isra.34+0x4d2/0x730
> [ 26.780481] [<ffffffff81157ba9>] ? do_execve_common.isra.34+0xf9/0x730
> [ 26.780481] [<ffffffff8115c100>] ? mountpoint_last+0x1a0/0x1b0
> [ 26.780481] [<ffffffff81158461>] SyS_execve+0x31/0x50
> [ 26.780481] [<ffffffff81741099>] stub_execve+0x69/0xa0
So as far as I can tell the bug that led you here only wrecks the lock
state after you hit a lockdep error, so all actual lockdep reports are
still entirely valid.
This means the above is 'interesting'. I talked with David Howells
earlier today, it looks like trinity manages to exec() a /proc file and
create the lock inversion that way.
Now all /proc files that take cred_guard_mutex inside seq_read() aren't
executable, and David also tried to use them as loaders and that didn't
work either.
However, any executable file that uses seq_read() is sufficient, the
file doesn't need to actually take cred_guard_mutex too. We just need
two tasks: one doing a seq_read() exec and the other reading a
seq_read()->cred_guard_mutex file.
Al, David, any bright ideas on how to best fix this?
next prev parent reply other threads:[~2014-04-10 18:58 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-06 5:12 3.14.0+/x86: lockdep and mutexes not getting along Michael L. Semon
2014-04-09 12:19 ` Kirill A. Shutemov
2014-04-10 5:42 ` Jason Low
2014-04-10 8:14 ` Peter Zijlstra
2014-04-10 9:15 ` Kirill A. Shutemov
2014-04-10 11:42 ` Peter Zijlstra
2014-04-10 9:18 ` Peter Zijlstra
2014-04-10 14:15 ` Peter Zijlstra
2014-04-11 13:59 ` Valdis.Kletnieks
2014-04-14 7:22 ` [tip:core/urgent] locking/mutex: Fix debug_mutexes tip-bot for Peter Zijlstra
2014-04-10 17:14 ` 3.14.0+/x86: lockdep and mutexes not getting along Jason Low
2014-04-10 17:28 ` Peter Zijlstra
2014-04-10 19:04 ` Jason Low
2014-04-10 23:26 ` Dave Jones
2014-04-10 23:30 ` Dave Jones
2014-04-11 3:48 ` Paul E. McKenney
2014-04-11 13:41 ` Michael L. Semon
2014-04-10 8:12 ` Peter Zijlstra
2014-04-10 8:13 ` Peter Zijlstra
2014-04-10 14:29 ` Peter Zijlstra [this message]
2014-04-11 14:50 ` cred_guard_mutex vs seq_file::lock [was: Re: 3.14.0+/x86: lockdep and mutexes not getting along] David Howells
2014-04-11 15:07 ` Al Viro
2014-07-30 22:31 ` Kirill A. Shutemov
2014-07-30 23:03 ` Kirill A. Shutemov
2014-07-31 7:26 ` Cyrill Gorcunov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140410142918.GU11096@twins.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=dhowells@redhat.com \
--cc=jason.low2@hp.com \
--cc=kirill@shutemov.name \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=mlsemon35@gmail.com \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.