Re: namespace: deadlock in dec_pid_namespaces

[ebiederm@xmission.com (Eric W. Biederman)]

Nikolay Borisov <n.borisov.lkml@gmail.com> writes:

> On 20.01.2017 15:07, Dmitry Vyukov wrote:
>> Hello,
>> 
>> I've got the following deadlock report while running syzkaller fuzzer
>> on eec0d3d065bfcdf9cd5f56dd2a36b94d12d32297 of linux-next (on odroid
>> device if it matters):

I am puzzled I thought we had fixed this with:
  add7c65ca426 ("pid: fix lockdep deadlock warning due to ucount_lock")
But apparently not.  We  just moved it from hardirq to softirq context.  Bah.

Thank you very much for the report.

Nikolay can you make your change use spinlock_irq?  And have put_ucounts
do spin_lock_irqsave?  That way we just don't care where we call this.

I a tired of being clever.

Eric


> From 86565326b382b41cb988a83791eff1c4d600040b Mon Sep 17 00:00:00 2001
> From: Nikolay Borisov <n.borisov.lkml@gmail.com>
> Date: Fri, 20 Jan 2017 15:21:35 +0200
> Subject: [PATCH] userns: Make ucounts lock softirq-safe
>
> The ucounts_lock is being used to protect various ucounts lifecycle
> management functionalities. However, those services can also be invoked
> when a pidns is being freed in an RCU callback (e.g. softirq context).
> This can lead to deadlocks. Fix it by making the spinlock disable softirq
>
> Signed-off-by: Nikolay Borisov <n.borisov.lkml@gmail.com>
> ---
>  kernel/ucount.c | 12 ++++++------
>  1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/kernel/ucount.c b/kernel/ucount.c
> index b4aaee935b3e..23a44ea894cd 100644
> --- a/kernel/ucount.c
> +++ b/kernel/ucount.c
> @@ -132,10 +132,10 @@ static struct ucounts *get_ucounts(struct user_namespace *ns, kuid_t uid)
>  	struct hlist_head *hashent = ucounts_hashentry(ns, uid);
>  	struct ucounts *ucounts, *new;
>  
> -	spin_lock(&ucounts_lock);
> +	spin_lock_bh(&ucounts_lock);
>  	ucounts = find_ucounts(ns, uid, hashent);
>  	if (!ucounts) {
> -		spin_unlock(&ucounts_lock);
> +		spin_unlock_bh(&ucounts_lock);
>  
>  		new = kzalloc(sizeof(*new), GFP_KERNEL);
>  		if (!new)
> @@ -145,7 +145,7 @@ static struct ucounts *get_ucounts(struct user_namespace *ns, kuid_t uid)
>  		new->uid = uid;
>  		atomic_set(&new->count, 0);
>  
> -		spin_lock(&ucounts_lock);
> +		spin_lock_bh(&ucounts_lock);
>  		ucounts = find_ucounts(ns, uid, hashent);
>  		if (ucounts) {
>  			kfree(new);
> @@ -156,16 +156,16 @@ static struct ucounts *get_ucounts(struct user_namespace *ns, kuid_t uid)
>  	}
>  	if (!atomic_add_unless(&ucounts->count, 1, INT_MAX))
>  		ucounts = NULL;
> -	spin_unlock(&ucounts_lock);
> +	spin_unlock_bh(&ucounts_lock);
>  	return ucounts;
>  }
>  
>  static void put_ucounts(struct ucounts *ucounts)
>  {
>  	if (atomic_dec_and_test(&ucounts->count)) {
> -		spin_lock(&ucounts_lock);
> +		spin_lock_bh(&ucounts_lock);
>  		hlist_del_init(&ucounts->node);
> -		spin_unlock(&ucounts_lock);
> +		spin_unlock_bh(&ucounts_lock);
>  
>  		kfree(ucounts);
>  	}