From: Marko Rauhamaa <marko.rauhamaa@f-secure.com>
To: Jan Kara <jack@suse.cz>
Cc: Amir Goldstein <amir73il@gmail.com>, <linux-fsdevel@vger.kernel.org>
Subject: Re: Reproducible, long-standing fanotify+autofs problem
Date: Fri, 27 Jan 2017 16:21:15 +0200 [thread overview]
Message-ID: <87fuk4r3c4.fsf@drapion.f-secure.com> (raw)
In-Reply-To: <20170127134620.GA16757@quack2.suse.cz> (Jan Kara's message of "Fri, 27 Jan 2017 14:46:20 +0100")
Jan Kara <jack@suse.cz>:
> Yes, so from the backtraces it is pretty clear what is going on:
>
> You have placed OPEN_PERM fanotify mark on a / mountpoint. Once you do
> that, any open attempt anywhere in / must be approved by your process.
> Then you want to place an fanotify mark on /sshome/test. As a part of
> directory lookup of that path automounter triggers and wants to mount
> /sshome. That tries to open something in / (likely the config file in
> /etc) and blocks on approval from your process. Deadlock.
>
> So the kernel behaves as it was asked to, you just have to be *very*
> careful when placing permission marks into the system as it is very
> easy to deadlock it. Another similar type of deadlocks users of
> fanotify permission events hit is that the process responding to
> fanotify permission events does something (perhaps indirectly through
> some library) that generates another fanotify event.
That means it is not possible, in the general case, to use fanotify from
a single thread/process. A worthwhile lesson.
Thanks, Jan, for the clarification. Now we all know that fanotify_mark()
*can* block. The fanotify_mark() man page could benefit from the
addition of EINTR in the ERRORS section.
Marko
next prev parent reply other threads:[~2017-01-27 14:21 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-25 11:48 Reproducible, long-standing fanotify+autofs problem Marko Rauhamaa
2017-01-25 12:03 ` Amir Goldstein
2017-01-25 14:06 ` Marko Rauhamaa
2017-01-25 14:11 ` Amir Goldstein
2017-01-25 14:42 ` Marko Rauhamaa
2017-01-25 14:54 ` Amir Goldstein
2017-01-25 15:15 ` Jan Kara
[not found] ` <87efzrrwec.fsf@drapion.f-secure.com>
[not found] ` <20170127134620.GA16757@quack2.suse.cz>
2017-01-27 14:21 ` Marko Rauhamaa [this message]
2017-01-25 15:20 ` Marko Rauhamaa
2017-01-26 17:47 ` Marko Rauhamaa
2017-01-26 18:05 ` Marko Rauhamaa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87fuk4r3c4.fsf@drapion.f-secure.com \
--to=marko.rauhamaa@f-secure.com \
--cc=amir73il@gmail.com \
--cc=jack@suse.cz \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.