From: ebiederm@xmission.com (Eric W. Biederman)
To: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Cc: Tejun Heo <tj@kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>,
Borislav Petkov <petkovbb@googlemail.com>,
David Airlie <airlied@linux.ie>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Greg KH <greg@kroah.com>, Al Viro <viro@ZenIV.linux.org.uk>
Subject: Re: drm_vm.c:drm_mmap: possible circular locking dependency detected
Date: Sun, 03 Jan 2010 02:57:15 -0800 [thread overview]
Message-ID: <m1tyv3sbg4.fsf@fess.ebiederm.org> (raw)
In-Reply-To: <20100103074745.GA2314@core.coreip.homeip.net> (Dmitry Torokhov's message of "Sat\, 2 Jan 2010 23\:47\:46 -0800")
Dmitry Torokhov <dmitry.torokhov@gmail.com> writes:
> On Sun, Jan 03, 2010 at 09:32:06AM +0900, Tejun Heo wrote:
>> On 01/03/2010 06:49 AM, Eric W. Biederman wrote:
>>
>> > For the moment I have generated a patch that does the lockdep
>> > annotations, and I have found that a simple:
>> >
>> > find /sys -type f | xargs cat {} > /dev/null
>> >
>> > trivially generates lockdep warnings. In particular:
>>
>> (cc'ing Dmitry, Hi!)
>
> Hi Tejun! ;)
>
>>
>> > [ 165.049042]
>> > [ 165.049044] =======================================================
>> > [ 165.052761] [ INFO: possible circular locking dependency detected ]
>> > [ 165.052761] 2.6.33-rc2x86_64 #3
>> > [ 165.052761] -------------------------------------------------------
>> > [ 165.052761] cat/5026 is trying to acquire lock:
>> > [ 165.052761] (&serio->drv_mutex){+.+.+.}, at: [<ffffffff8132ecaa>] atkbd_attr_show_helper+0x28/0x6e
>> > [ 165.052761]
>> > [ 165.052761] but task is already holding lock:
>> > [ 165.089443] (s_active){++++.+}, at: [<ffffffff810e84dd>] sysfs_get_active_two+0x2c/0x43
>> > [ 165.089443]
>> > [ 165.089443] which lock already depends on the new lock.
>> > [ 165.089443]
>> > [ 165.089443]
>> > [ 165.089443] the existing dependency chain (in reverse order) is:
>> > [ 165.089443]
>> > [ 165.089443] -> #1 (s_active){++++.+}:
>> > [ 165.089443] [<ffffffff81054956>] validate_chain+0xa25/0xd1d
>> > [ 165.089443] [<ffffffff810553d3>] __lock_acquire+0x785/0x7dc
>> > [ 165.089443] [<ffffffff81056112>] lock_acquire+0x5a/0x74
>> > [ 165.089443] [<ffffffff810e8202>] sysfs_addrm_finish+0xba/0x125
>> > [ 165.089443] [<ffffffff810e68b0>] sysfs_hash_and_remove+0x4f/0x6b
>> > [ 165.089443] [<ffffffff810e94cf>] remove_files+0x1f/0x2c
>> > [ 165.089443] [<ffffffff810e9561>] sysfs_remove_group+0x85/0xb4
>> > [ 165.089443] [<ffffffff81331f0f>] psmouse_disconnect+0x33/0x147
>> > [ 165.089443] [<ffffffff8132687b>] serio_disconnect_driver+0x2d/0x3a
>> > [ 165.089443] [<ffffffff81326898>] serio_driver_remove+0x10/0x14
>> > [ 165.089443] [<ffffffff812077f0>] __device_release_driver+0x67/0xb0
>> > [ 165.089443] [<ffffffff81207857>] device_release_driver+0x1e/0x2b
>> > [ 165.089443] [<ffffffff81326e68>] serio_disconnect_port+0x60/0x69
>> > [ 165.089443] [<ffffffff8132757a>] serio_thread+0x170/0x34a
>> > [ 165.089443] [<ffffffff810470e7>] kthread+0x7d/0x85
>> > [ 165.089443] [<ffffffff81002cd4>] kernel_thread_helper+0x4/0x10
>> > [ 165.089443]
>> > [ 165.089443] -> #0 (&serio->drv_mutex){+.+.+.}:
>> > [ 165.089443] [<ffffffff81054642>] validate_chain+0x711/0xd1d
>> > [ 165.089443] [<ffffffff810553d3>] __lock_acquire+0x785/0x7dc
>> > [ 165.089443] [<ffffffff81056112>] lock_acquire+0x5a/0x74
>> > [ 165.089443] [<ffffffff814378ed>] mutex_lock_interruptible_nested+0x4a/0x307
>> > [ 165.089443] [<ffffffff8132ecaa>] atkbd_attr_show_helper+0x28/0x6e
>> > [ 165.089443] [<ffffffff8132ed81>] atkbd_do_show_extra+0x13/0x15
>> > [ 165.089443] [<ffffffff812049b6>] dev_attr_show+0x20/0x43
>> > [ 165.089443] [<ffffffff810e71db>] sysfs_read_file+0xba/0x145
>> > [ 165.089443] [<ffffffff8109f507>] vfs_read+0xab/0x147
>> > [ 165.089443] [<ffffffff8109f85c>] sys_read+0x47/0x70
>> > [ 165.089443] [<ffffffff81001f2b>] system_call_fastpath+0x16/0x1b
>> > [ 165.089443]
>> > [ 165.089443] other info that might help us debug this:
>> > [ 165.089443]
>> > [ 165.089443] 3 locks held by cat/5026:
>> > [ 165.089443] #0: (&buffer->mutex){+.+.+.}, at: [<ffffffff810e715a>] sysfs_read_file+0x39/0x145
>> > [ 165.089443] #1: (s_active){++++.+}, at: [<ffffffff810e84d0>] sysfs_get_active_two+0x1f/0x43
>> > [ 165.089443] #2: (s_active){++++.+}, at: [<ffffffff810e84dd>] sysfs_get_active_two+0x2c/0x43
>> > [ 165.089443]
>> > [ 165.089443] stack backtrace:
>> > [ 165.089443] Pid: 5026, comm: cat Not tainted 2.6.33-rc2x86_64 #3
>> > [ 165.089443] Call Trace:
>> > [ 165.089443] [<ffffffff810538f3>] print_circular_bug+0xb3/0xc1
>> > [ 165.089443] [<ffffffff81054642>] validate_chain+0x711/0xd1d
>> > [ 165.089443] [<ffffffff81052fb6>] ? trace_hardirqs_on_caller+0x10b/0x12f
>> > [ 165.089443] [<ffffffff810553d3>] __lock_acquire+0x785/0x7dc
>> > [ 165.089443] [<ffffffff8132ecaa>] ? atkbd_attr_show_helper+0x28/0x6e
>> > [ 165.089443] [<ffffffff81056112>] lock_acquire+0x5a/0x74
>> > [ 165.089443] [<ffffffff8132ecaa>] ? atkbd_attr_show_helper+0x28/0x6e
>> > [ 165.089443] [<ffffffff814378ed>] mutex_lock_interruptible_nested+0x4a/0x307
>> > [ 165.089443] [<ffffffff8132ecaa>] ? atkbd_attr_show_helper+0x28/0x6e
>> > [ 165.089443] [<ffffffff8132ee41>] ? atkbd_show_extra+0x0/0x28
>> > [ 165.089443] [<ffffffff8132ecaa>] atkbd_attr_show_helper+0x28/0x6e
>> > [ 165.089443] [<ffffffff8132ed81>] atkbd_do_show_extra+0x13/0x15
>> > [ 165.089443] [<ffffffff812049b6>] dev_attr_show+0x20/0x43
>> > [ 165.089443] [<ffffffff810e71db>] sysfs_read_file+0xba/0x145
>> > [ 165.089443] [<ffffffff8109f507>] vfs_read+0xab/0x147
>> > [ 165.089443] [<ffffffff8109f85c>] sys_read+0x47/0x70
>> > [ 165.089443] [<ffffffff81001f2b>] system_call_fastpath+0x16/0x1b
>> >
>> > Suggestions on how to sort out this other set of issues are welcome.
>>
>> Ummm... read of an input sysfs node can trigger
>
> Read? I checked and I do not see where read would cause disconnect.
> Also, disconnect only involves unbinding driver from the port, not the
> destruction of the port itself (children may be destroyed but they have
> different locks).
>
>> serio_disconnect_port() under serio->drv_mutex, which unfortunately
>> would need to wait for completion of in-progress sysfs ops thus
>> creating possibility for AB-BA deadlock.
>
> I think that we are dealing with different drv->mutex instances here.
>
>> Dmitry, is it possible to
>> make serio_disconnect_port() asynchronous from the sysfs ops (ie. put
>> it in a work or something)?
>
> I am not sure it is needed. Also in the trace presented
> serio_disconnect_port() is called from kseriod which certainly does not
> access sysfs...
>
> Overall I am not concerned about lockdep bitching about serio because it
> still bitches if you simply reload psmouse on a box with Synaptics with a
> pass-through port even though there are nested annotations and it is
> silent first time around.
This is a new lockdep annotation, and looking into it this appears to
be a true possible deadlock in the serio/sysfs interactions.
We have serio_pin_driver() called from all of the sysfs attributes
which does:
mutex_lock(&serio->drv_mutex);
We have serio_disconnect_driver() called on an unplug which does:
mutex_lock(&serio->drv_mutex);
The deadlock potential is if someone reads say the psmouse rate
sysfs file while the mouse is being unplugged. There is a race
such that we can have:
sysfs_read_file()
fill_read_buffer()
sysfs_get_active_two()
psmouse_attr_show_helper()
serio_pin_driver()
serio_disconnect_driver()
mutex_lock(&serio->drv_mutex);
<-----------------> mutex_lock(&serio_drv_mutex);
psmouse_disconnect()
sysfs_remove_group(... psmouse_attr_group);
....
sysfs_deactivate();
wait_for_completion();
So it is unlikely but possible to deadlock by accessing a serio
attribute of a serio device that is being removed.
What to do about it is another question. It has just recently come to my
attention that we have more events like this
> Out of curiosity, do yo uknow what caused psmouse disconnect and what
> kind of mouse is in the box?
It is a simple ps2mouse connected through a kvm, and the kvm was not
switched to the machine in question during the run.
I am trying to wrap my head around what to do with this sysfs_deactivate
deadlock scenario, (other drivers also hold unfortunate locks over the
removal of sysfs files, and it just happens that the ps2mouse case was the first
one I reproduced), and it was interesting because I had not seen it before.
Eric
next prev parent reply other threads:[~2010-01-03 10:57 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-12-24 22:00 Linux 2.6.33-rc2 - Merry Christmas Linus Torvalds
2009-12-25 10:27 ` -tip: origin tree boot crash Ingo Molnar
2009-12-25 19:49 ` Dmitry Torokhov
2009-12-26 20:19 ` Len Brown
2009-12-26 20:17 ` Len Brown
2009-12-27 4:20 ` Len Brown
2009-12-28 9:44 ` Ingo Molnar
2009-12-28 12:01 ` Ingo Molnar
2009-12-28 15:02 ` Paul Rolland
2009-12-28 16:15 ` Paul Rolland
2009-12-28 16:53 ` Paul Rolland
2009-12-28 20:17 ` Dmitry Torokhov
2009-12-30 6:14 ` Len Brown
2009-12-30 7:13 ` Paul Rolland
2009-12-30 6:19 ` [PATCH] wmi: check find_guid() return value to prevent oops Len Brown
2009-12-30 6:21 ` [PATCH] dell-wmi: sys_init_module: 'dell_wmi'->init suspiciously returned 21, it should follow 0/-E convention Len Brown
2009-12-25 13:10 ` Linux 2.6.33-rc2 - Blank screen for Intel KMS Miguel Calleja
2009-12-29 9:50 ` Miguel Calleja
2009-12-29 14:01 ` Rafael J. Wysocki
2009-12-25 20:00 ` Linux 2.6.33-rc2 - Merry Christmas Borislav Petkov
2009-12-25 21:50 ` Borislav Petkov
2009-12-26 6:00 ` Jesse Barnes
2009-12-26 8:02 ` Borislav Petkov
2009-12-26 9:36 ` EHCI resume sysfs duplicates (was: Re: Linux 2.6.33-rc2 - Merry Christmas ...) Borislav Petkov
2009-12-26 9:45 ` drm_vm.c:drm_mmap: possible circular locking dependency detected " Borislav Petkov
2009-12-28 0:40 ` KOSAKI Motohiro
2009-12-30 21:10 ` Linus Torvalds
2009-12-30 21:34 ` Eric W. Biederman
2009-12-30 22:03 ` Linus Torvalds
2009-12-31 8:40 ` Eric W. Biederman
2009-12-31 19:04 ` Linus Torvalds
2010-01-01 13:58 ` [PATCH] sysfs: Cache the last sysfs_dirent to improve readdir scalability Eric W. Biederman
2010-01-01 15:33 ` Borislav Petkov
2010-01-01 18:56 ` Linus Torvalds
2010-01-01 22:43 ` [PATCH] sysfs: Cache the last sysfs_dirent to improve readdir scalability v2 Eric W. Biederman
2010-01-01 23:10 ` Linus Torvalds
2010-01-02 5:59 ` Greg KH
2010-01-02 15:40 ` Borislav Petkov
2010-01-01 15:16 ` drm_vm.c:drm_mmap: possible circular locking dependency detected (was: Re: Linux 2.6.33-rc2 - Merry Christmas ...) Eric W. Biederman
2010-01-02 2:59 ` drm_vm.c:drm_mmap: possible circular locking dependency detected Tejun Heo
2010-01-02 21:37 ` [PATCH] sysfs: Add lockdep annotations for the sysfs active reference Eric W. Biederman
2010-01-03 0:02 ` Tejun Heo
2010-01-17 16:26 ` Ming Lei
2010-01-17 17:18 ` Eric W. Biederman
2010-01-17 18:03 ` Dominik Brodowski
2010-01-02 21:49 ` drm_vm.c:drm_mmap: possible circular locking dependency detected Eric W. Biederman
2010-01-03 0:32 ` Tejun Heo
2010-01-03 2:06 ` Eric W. Biederman
2010-01-03 5:01 ` Tejun Heo
2010-01-03 5:38 ` Eric W. Biederman
2010-01-03 6:05 ` Tejun Heo
2010-01-03 7:47 ` Dmitry Torokhov
2010-01-03 10:57 ` Eric W. Biederman [this message]
2010-01-03 11:14 ` Eric W. Biederman
2010-01-04 19:16 ` Dmitry Torokhov
2010-01-04 18:57 ` Dmitry Torokhov
2010-01-04 19:43 ` Eric W. Biederman
2010-01-04 21:12 ` Dmitry Torokhov
2010-01-04 23:09 ` Tejun Heo
2009-12-31 8:40 ` drm_vm.c:drm_mmap: possible circular locking dependency detected (was: Re: Linux 2.6.33-rc2 - Merry Christmas ...) Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1tyv3sbg4.fsf@fess.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=airlied@linux.ie \
--cc=dmitry.torokhov@gmail.com \
--cc=greg@kroah.com \
--cc=kosaki.motohiro@jp.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=petkovbb@googlemail.com \
--cc=tj@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.