From: Al Viro <viro@zeniv.linux.org.uk>
To: Denis Kirjanov <kda@linux-powerpc.org>
Cc: Christoph Hellwig <hch@infradead.org>,
linux-kernel@vger.kernel.org, Jakub Kicinski <kuba@kernel.org>,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH] fs: export kern_path_locked
Date: Tue, 16 Feb 2021 18:00:34 +0000 [thread overview]
Message-ID: <YCwIQmsxWxuw+dnt@zeniv-ca.linux.org.uk> (raw)
In-Reply-To: <CAOJe8K00srtuD+VAJOFcFepOqgNUm0mC8C=hLq2=qhUFSfhpuw@mail.gmail.com>
On Tue, Feb 16, 2021 at 05:31:33PM +0300, Denis Kirjanov wrote:
> We had a change like that:
> Author: WANG Cong <xiyou.wangcong@gmail.com>
> Date: Mon Jan 23 11:17:35 2017 -0800
>
> af_unix: move unix_mknod() out of bindlock
>
> Dmitry reported a deadlock scenario:
>
> unix_bind() path:
> u->bindlock ==> sb_writer
>
> do_splice() path:
> sb_writer ==> pipe->mutex ==> u->bindlock
>
> In the unix_bind() code path, unix_mknod() does not have to
> be done with u->bindlock held, since it is a pure fs operation,
> so we can just move unix_mknod() out.
*cringe*
I remember now... Process set:
P1: bind() of AF_UNIX socket to /mnt/sock
P2: splice() from pipe to /mnt/foo
P3: freeze /mnt
P4: splice() from pipe to AF_UNIX socket
P1 grabs ->bindlock
P2 sb_start_write() for what's on /mnt
P2 grabs rwsem shared
P3 blocks in sb_wait_write() trying to grab the same rwsem exclusive
P1 sb_start_write() blocks trying to grab the same rwsem shared
P4 calls ->splice_write(), aka generic_splice_sendpage()
P4 grabs pipe->mutex
P4 calls ->sendpage(), aka sock_no_sendpage()
P4 calls ->sendmsg(), aka unix_dgram_sendmsg()
P4 calls unix_autobind()
P4 blocks trying to grab ->bindlock
P2 ->splice_write(), aka iter_file_splice_write()
P2 blocks trying to grab pipe->mutex
DEADLOCK
Sigh... OK, so we want something like
user_path_create()
vfs_mknod()
created = true
grab bindlock
....
drop bindlock
if failed && created
vfs_unlink()
done_path_create()
in unix_bind()... That would push ->bindlock all way down in the hierarchy,
so that should be deadlock-free, but it looks like that'll be fucking ugly ;-/
Let me try and play with that a bit, maybe it can be massaged to something
relatively sane...
next prev parent reply other threads:[~2021-02-16 18:01 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-25 15:49 [PATCH] fs: export kern_path_locked Denis Kirjanov
2021-01-27 17:57 ` Christoph Hellwig
[not found] ` <CAOJe8K0MC-TCURE2Gpci1SLnLXCbUkE7q6SS0fznzBA+Pf-B8Q@mail.gmail.com>
[not found] ` <20210129082524.GA2282796@infradead.org>
[not found] ` <CAOJe8K0iG91tm8YBRmE_rdMMMbc4iRsMGYNxJk0p9vEedNHEkg@mail.gmail.com>
[not found] ` <20210129131855.GA2346744@infradead.org>
2021-02-14 18:17 ` Al Viro
2021-02-16 14:31 ` Denis Kirjanov
2021-02-16 18:00 ` Al Viro [this message]
2021-02-19 4:11 ` Al Viro
2021-02-19 4:19 ` [PATCH 1/8] af_unix: take address assignment/hash insertion into a new helper Al Viro
2021-02-20 19:12 ` Cong Wang
2021-02-20 19:32 ` Al Viro
2021-02-20 20:31 ` Cong Wang
2021-02-20 21:08 ` Al Viro
2021-02-22 19:06 ` [PATCHSET] making unix_bind() undo mknod on failure Al Viro
2021-02-22 19:12 ` [PATCH 1/8] af_unix: take address assignment/hash insertion into a new helper Al Viro
2021-02-22 19:12 ` [PATCH 2/8] unix_bind(): allocate addr earlier Al Viro
2021-02-22 19:12 ` [PATCH 3/8] unix_bind(): separate BSD and abstract cases Al Viro
2021-02-22 19:12 ` [PATCH 4/8] unix_bind(): take BSD and abstract address cases into new helpers Al Viro
2021-02-22 19:12 ` [PATCH 5/8] fold unix_mknod() into unix_bind_bsd() Al Viro
2021-02-22 19:12 ` [PATCH 6/8] unix_bind_bsd(): move done_path_create() call after dealing with ->bindlock Al Viro
2021-02-22 19:12 ` [PATCH 7/8] unix_bind_bsd(): unlink if we fail after successful mknod Al Viro
2021-02-22 19:12 ` [PATCH 8/8] __unix_find_socket_byname(): don't pass hash and type separately Al Viro
2021-02-22 19:12 ` [PATCHSET] making unix_bind() undo mknod on failure Al Viro
2021-02-22 19:24 ` Al Viro
2021-02-24 0:40 ` Jakub Kicinski
2021-02-19 4:20 ` [PATCH 2/8] unix_bind(): allocate addr earlier Al Viro
2021-02-19 4:21 ` [PATCH 3/8] unix_bind(): separate BSD and abstract cases Al Viro
2021-02-19 4:21 ` [PATCH 4/8] unix_bind(): take BSD and abstract address cases into new helpers Al Viro
2021-02-19 4:22 ` [PATCH 5/8] fold unix_mknod() into unix_bind_bsd() Al Viro
2021-02-19 4:22 ` [PATCH 6/8] unix_bind_bsd(): move done_path_create() call after dealing with ->bindlock Al Viro
2021-02-19 4:23 ` [PATCH 7/8] unix_bind_bsd(): unlink if we fail after successful mknod Al Viro
2021-02-19 4:23 ` [PATCH 8/8] __unix_find_socket_byname(): don't pass hash and type separately Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YCwIQmsxWxuw+dnt@zeniv-ca.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=hch@infradead.org \
--cc=kda@linux-powerpc.org \
--cc=kuba@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.