Re: [2.6.33-rc5] tty: possible irq lock inversion dependency in tty_fasync

All of lore.kernel.org
 help / color / mirror / Atom feed

From: ebiederm@xmission.com (Eric W. Biederman)
To: "Américo Wang" <xiyou.wangcong@gmail.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
	gregkh@suse.de, taviso@google.com, viro@ZenIV.linux.org.uk,
	linux-kernel@vger.kernel.org, alan@lxorguk.ukuu.org.uk,
	jdike@addtoit.com, jln@google.com, mpm@selenic.com
Subject: Re: [2.6.33-rc5] tty: possible irq lock inversion dependency in tty_fasync
Date: Sat, 06 Feb 2010 23:00:20 -0800	[thread overview]
Message-ID: <m18wb58r97.fsf@fess.ebiederm.org> (raw)
In-Reply-To: <20100207064643.GA15533@hack> ("Américo Wang"'s message of "Sun\, 7 Feb 2010 14\:46\:56 +0800")

Américo Wang <xiyou.wangcong@gmail.com> writes:

> On Sat, Feb 06, 2010 at 10:31:30PM -0800, Linus Torvalds wrote:
>>
>>
>>On Sun, 7 Feb 2010, Tetsuo Handa wrote:
>>> 
>>> Below problem (which was introduced between 2.6.33-rc4 and 2.6.33-rc5) is
>>> not yet fixed as of 2.6.33-rc7.
>>> "git bisect start v2.6.33-rc5 v2.6.33-rc4" reported that
>>> 703625118069f9f8960d356676662d3db5a9d116 tty: fix race in tty_fasync
>>> is first bad commit.
>>
>>Yeah. I think we need to just revert that commit.
>>
>>Or maybe we could just do the following, rather than revert it outright: 
>>just get a ref to the 'struct pid' while holding the spinlock, and then 
>>releasing it after doing the __f_setown() call.
>
> We already fixed this, a better fix:
>
> http://lkml.org/lkml/2010/1/26/338
>
> I sent a same fix with Greg's.

That fix is present. See below.  Why does lockdep still warn?
Do we have lockdep bug?

Given that there is the only place we take f_owner.lock for write I
don't see how f_owner.lock can be unsafe to be called with irqs
disabled.

commit b04da8bfdfbbd79544cab2fadfdc12e87eb01600
Author: Greg Kroah-Hartman <gregkh@suse.de>
Date:   Tue Jan 26 15:04:02 2010 -0800

    fnctl: f_modown should call write_lock_irqsave/restore
    
    Commit 703625118069f9f8960d356676662d3db5a9d116 exposed that f_modown()
    should call write_lock_irqsave instead of just write_lock_irq so that
    because a caller could have a spinlock held and it would not be good to
    renable interrupts.
    
    Cc: Eric W. Biederman <ebiederm@xmission.com>
    Cc: Al Viro <viro@ZenIV.linux.org.uk>
    Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
    Cc: Tavis Ormandy <taviso@google.com>
    Cc: stable <stable@kernel.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/fs/fcntl.c b/fs/fcntl.c
index 97e01dc..5ef953e 100644
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -199,7 +199,9 @@ static int setfl(int fd, struct file * filp, unsigned long arg)
 static void f_modown(struct file *filp, struct pid *pid, enum pid_type type,
                      int force)
 {
-       write_lock_irq(&filp->f_owner.lock);
+       unsigned long flags;
+
+       write_lock_irqsave(&filp->f_owner.lock, flags);
        if (force || !filp->f_owner.pid) {
                put_pid(filp->f_owner.pid);
                filp->f_owner.pid = get_pid(pid);
@@ -211,7 +213,7 @@ static void f_modown(struct file *filp, struct pid *pid, enum pid_type type,
                        filp->f_owner.euid = cred->euid;
                }
        }
-       write_unlock_irq(&filp->f_owner.lock);
+       write_unlock_irqrestore(&filp->f_owner.lock, flags);
 }
 
 int __f_setown(struct file *filp, struct pid *pid, enum pid_type type,

     prev parent reply	other threads:[~2010-02-07  7:00 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-02-07  5:52 [2.6.33-rc5] tty: possible irq lock inversion dependency in tty_fasync Tetsuo Handa
2010-02-07  6:31 ` Linus Torvalds
2010-02-07  6:46   ` Linus Torvalds
2010-02-07  7:27     ` Greg KH
2010-02-07  8:12       ` [2.6.33-rc5] tty: possible irq lock inversion dependency intty_fasync Tetsuo Handa
2010-02-07  6:46   ` [2.6.33-rc5] tty: possible irq lock inversion dependency in tty_fasync Américo Wang
2010-02-07  6:59     ` Linus Torvalds
2010-02-07 16:06       ` Américo Wang
2010-02-07  7:00     ` Eric W. Biederman [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:97e01dc dfblob:5ef953e )
 OR (
bs:"Re: [2.6.33-rc5] tty: possible irq lock inversion dependency in tty_fasync" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m18wb58r97.fsf@fess.ebiederm.org \
    --to=ebiederm@xmission.com \
    --cc=alan@lxorguk.ukuu.org.uk \
    --cc=gregkh@suse.de \
    --cc=jdike@addtoit.com \
    --cc=jln@google.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mpm@selenic.com \
    --cc=penguin-kernel@I-love.SAKURA.ne.jp \
    --cc=taviso@google.com \
    --cc=torvalds@linux-foundation.org \
    --cc=viro@ZenIV.linux.org.uk \
    --cc=xiyou.wangcong@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.