From: Al Viro <viro@zeniv.linux.org.uk>
To: Amir Goldstein <amir73il@gmail.com>
Cc: syzbot <syzbot+9a5b0ced8b1bfb238b56@syzkaller.appspotmail.com>,
gregkh@linuxfoundation.org, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com,
tj@kernel.org, valesini@yandex-team.ru,
Christoph Hellwig <hch@lst.de>,
Christian Brauner <brauner@kernel.org>, Jan Kara <jack@suse.cz>,
Miklos Szeredi <miklos@szeredi.hu>
Subject: Re: [syzbot] [kernfs?] possible deadlock in kernfs_fop_llseek
Date: Thu, 4 Apr 2024 09:40:09 +0100 [thread overview]
Message-ID: <20240404084009.GS538574@ZenIV> (raw)
In-Reply-To: <20240404082110.GR538574@ZenIV>
On Thu, Apr 04, 2024 at 09:21:10AM +0100, Al Viro wrote:
> Similar question applies to ovl_write_iter() - why do you
> need to hold the overlayfs inode locked during the call of
> backing_file_write_iter()?
Consider the scenario when unlink() is called on that sucker
during the write() that triggers that pathwalk. We have
unlink: blocked on overlayfs inode of file, while holding the parent directory.
write: holding the overlayfs inode of file and trying to resolve a pathname
that contains .../power/suspend_stats/../../...; blocked on attempt to lock
parent so we could do a lookup in it.
No llseek involved anywhere, kernfs of->mutex held, but not contended,
deadlock purely on ->i_rwsem of overlayfs inodes.
Holding overlayfs inode locked during the call of lookup_bdev() is really
no-go.
next prev parent reply other threads:[~2024-04-04 8:40 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-03 18:23 [syzbot] [kernfs?] possible deadlock in kernfs_fop_llseek syzbot
2024-04-03 23:51 ` syzbot
2024-04-04 6:54 ` Amir Goldstein
2024-04-04 8:11 ` Al Viro
2024-04-04 8:21 ` Al Viro
2024-04-04 8:40 ` Al Viro [this message]
2024-04-04 9:33 ` Amir Goldstein
2024-04-04 22:01 ` Al Viro
2024-04-05 10:34 ` Amir Goldstein
2024-04-05 6:51 ` Christoph Hellwig
2024-04-05 11:19 ` Christian Brauner
2024-04-05 13:48 ` Christian Brauner
2024-04-05 14:52 ` Christoph Hellwig
2024-04-05 15:41 ` Tejun Heo
2024-04-06 3:54 ` Al Viro
2024-04-05 10:47 ` Christian Brauner
2024-04-05 14:48 ` Amir Goldstein
2024-04-06 4:09 ` Al Viro
2024-04-06 5:25 ` Amir Goldstein
2024-04-05 15:08 ` Amir Goldstein
2024-04-05 15:37 ` syzbot
2024-04-05 16:23 ` Al Viro
2024-04-06 5:34 ` Amir Goldstein
2024-04-06 7:05 ` syzbot
2024-04-06 7:11 ` Al Viro
2024-04-06 8:23 ` Hillf Danton
2024-04-07 0:48 ` Al Viro
2024-04-06 8:57 ` Amir Goldstein
2024-04-07 0:50 ` Al Viro
2024-04-07 11:02 ` Amir Goldstein
2024-04-09 9:18 ` Christian Brauner
2024-04-04 0:42 ` Hillf Danton
2024-04-04 1:08 ` syzbot
2024-04-04 2:12 ` Hillf Danton
2024-04-04 2:39 ` syzbot
2024-04-05 23:00 ` Hillf Danton
2024-04-05 23:02 ` syzbot
2024-04-06 0:10 ` Al Viro
2024-04-05 23:02 ` Hillf Danton
2024-04-06 0:34 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240404084009.GS538574@ZenIV \
--to=viro@zeniv.linux.org.uk \
--cc=amir73il@gmail.com \
--cc=brauner@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=hch@lst.de \
--cc=jack@suse.cz \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=syzbot+9a5b0ced8b1bfb238b56@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=tj@kernel.org \
--cc=valesini@yandex-team.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.