From: Jan Kara <jack@suse.cz>
To: <linux-fsdevel@vger.kernel.org>
Cc: Amir Goldstein <amir73il@gmail.com>,
Lino Sanfilippo <LinoSanfilippo@gmx.de>,
Miklos Szeredi <miklos@szeredi.hu>,
Paul Moore <paul@paul-moore.com>, Jan Kara <jack@suse.cz>
Subject: [PATCH 05/22] audit: Fix sleep in atomic
Date: Thu, 22 Dec 2016 10:15:21 +0100 [thread overview]
Message-ID: <20161222091538.28702-6-jack@suse.cz> (raw)
In-Reply-To: <20161222091538.28702-1-jack@suse.cz>
Audit tree code was happily adding new notification marks while holding
spinlocks. Since fsnotify_add_mark() acquires group->mark_mutex this can
lead to sleeping while holding a spinlock, deadlocks due to lock
inversion, and probably other fun. Fix the problem by acquiring
group->mark_mutex earlier.
CC: Paul Moore <paul@paul-moore.com>
Signed-off-by: Jan Kara <jack@suse.cz>
---
kernel/audit_tree.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c
index f3130eb0a4bd..156b6a93f4fc 100644
--- a/kernel/audit_tree.c
+++ b/kernel/audit_tree.c
@@ -231,6 +231,7 @@ static void untag_chunk(struct node *p)
if (size)
new = alloc_chunk(size);
+ mutex_lock(&entry->group->mark_mutex);
spin_lock(&entry->lock);
if (chunk->dead || !entry->inode) {
spin_unlock(&entry->lock);
@@ -258,7 +259,8 @@ static void untag_chunk(struct node *p)
if (!new)
goto Fallback;
- if (fsnotify_add_mark(&new->mark, entry->group, entry->inode, NULL, 1)) {
+ if (fsnotify_add_mark_locked(&new->mark, entry->group, entry->inode,
+ NULL, 1)) {
fsnotify_put_mark(&new->mark);
goto Fallback;
}
@@ -309,6 +311,7 @@ static void untag_chunk(struct node *p)
spin_unlock(&hash_lock);
spin_unlock(&entry->lock);
out:
+ mutex_unlock(&entry->group->mark_mutex);
fsnotify_put_mark(entry);
spin_lock(&hash_lock);
}
@@ -385,17 +388,21 @@ static int tag_chunk(struct inode *inode, struct audit_tree *tree)
chunk_entry = &chunk->mark;
+ mutex_lock(&old_entry->group->mark_mutex);
spin_lock(&old_entry->lock);
if (!old_entry->inode) {
/* old_entry is being shot, lets just lie */
spin_unlock(&old_entry->lock);
+ mutex_unlock(&old_entry->group->mark_mutex);
fsnotify_put_mark(old_entry);
free_chunk(chunk);
return -ENOENT;
}
- if (fsnotify_add_mark(chunk_entry, old_entry->group, old_entry->inode, NULL, 1)) {
+ if (fsnotify_add_mark_locked(chunk_entry, old_entry->group,
+ old_entry->inode, NULL, 1)) {
spin_unlock(&old_entry->lock);
+ mutex_unlock(&old_entry->group->mark_mutex);
fsnotify_put_mark(chunk_entry);
fsnotify_put_mark(old_entry);
return -ENOSPC;
@@ -411,6 +418,7 @@ static int tag_chunk(struct inode *inode, struct audit_tree *tree)
chunk->dead = 1;
spin_unlock(&chunk_entry->lock);
spin_unlock(&old_entry->lock);
+ mutex_unlock(&old_entry->group->mark_mutex);
fsnotify_destroy_mark(chunk_entry, audit_tree_group);
@@ -443,6 +451,7 @@ static int tag_chunk(struct inode *inode, struct audit_tree *tree)
spin_unlock(&hash_lock);
spin_unlock(&chunk_entry->lock);
spin_unlock(&old_entry->lock);
+ mutex_unlock(&old_entry->group->mark_mutex);
fsnotify_destroy_mark(old_entry, audit_tree_group);
fsnotify_put_mark(chunk_entry); /* drop initial reference */
fsnotify_put_mark(old_entry); /* pair to fsnotify_find mark_entry */
--
2.10.2
next prev parent reply other threads:[~2016-12-22 9:15 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-22 9:15 [PATCH 0/22] fsnotify: Avoid SRCU stalls with fanotify permission events Jan Kara
2016-12-22 9:15 ` [PATCH 01/22] fsnotify: Remove unnecessary tests when showing fdinfo Jan Kara
2016-12-22 12:59 ` Amir Goldstein
2016-12-22 15:16 ` Jan Kara
2016-12-22 15:54 ` Amir Goldstein
2016-12-22 9:15 ` [PATCH 02/22] inotify: Remove inode pointers from debug messages Jan Kara
2016-12-22 15:31 ` Amir Goldstein
2016-12-22 9:15 ` [PATCH 03/22] fanotify: Move recalculation of inode / vfsmount mask under mark_mutex Jan Kara
2016-12-22 16:27 ` Amir Goldstein
2016-12-22 17:31 ` Jan Kara
2016-12-22 19:08 ` Amir Goldstein
2016-12-22 9:15 ` [PATCH 04/22] fsnotify: Remove fsnotify_duplicate_mark() Jan Kara
2016-12-22 23:13 ` Paul Moore
2016-12-23 13:22 ` Jan Kara
2016-12-23 14:01 ` Paul Moore
2016-12-22 9:15 ` Jan Kara [this message]
2016-12-22 23:18 ` [PATCH 05/22] audit: Fix sleep in atomic Paul Moore
2016-12-23 13:24 ` Jan Kara
2016-12-23 14:17 ` Paul Moore
2016-12-26 16:33 ` Paul Moore
2017-01-02 18:21 ` Jan Kara
2017-01-03 21:11 ` Paul Moore
2017-01-03 21:11 ` Paul Moore
2017-01-04 8:50 ` Jan Kara
2017-01-05 2:14 ` Paul Moore
2016-12-22 9:15 ` [PATCH 06/22] audit: Abstract hash key handling Jan Kara
2016-12-22 23:27 ` Paul Moore
2016-12-23 13:27 ` Jan Kara
2016-12-23 14:13 ` Paul Moore
2017-01-03 17:34 ` Jan Kara
2017-01-05 2:06 ` Paul Moore
2016-12-22 9:15 ` [PATCH 07/22] fsnotify: Update comments Jan Kara
2016-12-23 4:45 ` Amir Goldstein
2016-12-22 9:15 ` [PATCH 08/22] fsnotify: Attach marks to object via dedicated head structure Jan Kara
2016-12-23 5:48 ` Amir Goldstein
2016-12-23 13:34 ` Jan Kara
2017-01-04 13:38 ` Jan Kara
2017-01-04 15:29 ` Amir Goldstein
2016-12-22 9:15 ` [PATCH 09/22] inotify: Do not drop mark reference under idr_lock Jan Kara
2016-12-23 8:04 ` Amir Goldstein
2016-12-22 9:15 ` [PATCH 10/22] fsnotify: Detach mark from object list when last reference is dropped Jan Kara
2016-12-23 10:51 ` Amir Goldstein
2016-12-23 13:42 ` Jan Kara
2016-12-22 9:15 ` [PATCH 11/22] fsnotify: Remove special handling of mark destruction on group shutdown Jan Kara
2016-12-23 12:12 ` Amir Goldstein
2016-12-23 13:31 ` Jan Kara
2016-12-22 9:15 ` [PATCH 12/22] fsnotify: Move queueing of mark for destruction into fsnotify_put_mark() Jan Kara
2016-12-26 14:15 ` Amir Goldstein
2017-01-04 10:28 ` Jan Kara
2017-01-04 12:22 ` Jan Kara
2016-12-22 9:15 ` [PATCH 13/22] fsnotify: Provide framework for dropping SRCU lock in ->handle_event Jan Kara
2016-12-26 15:01 ` Amir Goldstein
2016-12-26 15:11 ` Amir Goldstein
2017-01-04 9:03 ` Jan Kara
2017-01-04 10:50 ` Amir Goldstein
2017-01-04 11:45 ` Jan Kara
2016-12-26 18:37 ` Amir Goldstein
2016-12-22 9:15 ` [PATCH 14/22] fsnotify: Pass SRCU index into handle_event handler Jan Kara
2016-12-26 15:13 ` Amir Goldstein
2016-12-22 9:15 ` [PATCH 15/22] fanotify: Release SRCU lock when waiting for userspace response Jan Kara
2016-12-26 15:22 ` Amir Goldstein
2017-01-04 9:05 ` Jan Kara
2016-12-22 9:15 ` [PATCH 16/22] fsnotify: Remove fsnotify_set_mark_{,ignored_}mask_locked() Jan Kara
2016-12-26 16:42 ` Amir Goldstein
2016-12-22 9:15 ` [PATCH 17/22] fsnotify: Remove fsnotify_recalc_{inode|vfsmount}_mask() Jan Kara
2016-12-26 16:44 ` Amir Goldstein
2016-12-22 9:15 ` [PATCH 18/22] fsnotify: Inline fsnotify_clear_{inode|vfsmount|_mark_group() Jan Kara
2016-12-26 16:57 ` Amir Goldstein
2017-01-04 9:28 ` Jan Kara
2016-12-22 9:15 ` [PATCH 19/22] fsnotify: Remove fsnotify_find_{inode|vfsmount}_mark() Jan Kara
2016-12-26 17:14 ` Amir Goldstein
2016-12-22 9:15 ` [PATCH 20/22] fsnotify: Drop inode_mark.c Jan Kara
2016-12-26 17:15 ` Amir Goldstein
2016-12-22 9:15 ` [PATCH 21/22] fsnotify: Add group pointer in fsnotify_init_mark() Jan Kara
2016-12-26 17:34 ` Amir Goldstein
2016-12-22 9:15 ` [PATCH 22/22] fsnotify: Move ->free_mark callback to fsnotify_ops Jan Kara
2016-12-26 17:39 ` Amir Goldstein
2016-12-22 20:58 ` [PATCH 0/22] fsnotify: Avoid SRCU stalls with fanotify permission events Paul Moore
2016-12-22 21:05 ` Amir Goldstein
2016-12-22 23:04 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161222091538.28702-6-jack@suse.cz \
--to=jack@suse.cz \
--cc=LinoSanfilippo@gmx.de \
--cc=amir73il@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=paul@paul-moore.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.