Re: 2.6.17-rc6-mm1/pktcdvd - BUG: possible circular locking

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Peter Osterlund <petero2@telia.com>
To: Arjan van de Ven <arjan@linux.intel.com>
Cc: Laurent Riffard <laurent.riffard@free.fr>,
	Kernel development list <linux-kernel@vger.kernel.org>,
	axboe@suse.de
Subject: Re: 2.6.17-rc6-mm1/pktcdvd - BUG: possible circular locking
Date: 14 Jul 2006 13:22:57 +0200	[thread overview]
Message-ID: <m3u05kqvla.fsf@telia.com> (raw)
In-Reply-To: <1151000451.3120.56.camel@laptopd505.fenrus.org>

Arjan van de Ven <arjan@linux.intel.com> writes:

> On Thu, 2006-06-22 at 16:50 +0200, Peter Osterlund wrote:
> > Arjan van de Ven <arjan@linux.intel.com> writes:
> > 
> > > Laurent Riffard wrote:
> > > > Hello,
> > > > This BUG happened while pktcdvd service was starting. Basically, the
> > > > 2 following commands were issued:
> > > > - modprobe ptkcdvd
> > > > - pktsetup dvd /dev/dvd
> > > 
> > > This appears to be a real bug:
> > > 
> > > A normal pkt dvd block dev open takes the
> > > bdev_mutex in the regular block device open path, which takes
> > > ctl_mutex in the pkt_open function which gets called then from
> > > the block layer.
> > > 
> > > HOWEVER the IOCTL path does it the other way around:
> > > 
> > >                  mutex_lock(&ctl_mutex);
> > >                  ret = pkt_setup_dev(&ctrl_cmd);
> > >                  mutex_unlock(&ctl_mutex);
> > > 
> > > where pkt_setup_dev in term calls pkt_new_dev which
> > > calls blkdev_get(), which takes the bdev_mutex.
> > > 
> > > Looks very much like a AB-BA deadlock to me...
> > 
> > I don't understand how this could deadlock. If the device is already
> > setup, pkt_new_dev() returns before calling blkdev_get(). If the
> > device is not already setup, the block device doesn't exist yet so
> > there can not be another caller in the pkt_open() path.
> 
> and what locking prevents this? And via multiple opens?

You are right that my reasoning was incorrect. If someone is doing
"pktsetup ; pktsetup -d" quickly in a loop while someone else is
trying to open the device, one thread could be at the start of
pkt_open() at the same time as another thread is in pkt_new_dev().

However, I added a 5s delay in pkt_open() to enlarge the race window.
I still couldn't make the driver lock up though. The explanation is
that pkt_new_dev() calls blkdev_get() with the CD device (eg /dev/hdc)
as bdev parameter, while do_open() locks the bd_mutex for the pktcdvd
device (eg /dev/pktcdvd/0).

Do you still think this could deadlock? If not, how should the code be
annotated to make this warning go away?

-- 
Peter Osterlund - petero2@telia.com
http://web.telia.com/~u89404340

next prev parent reply	other threads:[~2006-07-14 11:23 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-06-08 19:09 2.6.17-rc6-mm1/pktcdvd - BUG: possible circular locking Laurent Riffard
2006-06-12 15:14 ` Arjan van de Ven
2006-06-12 16:41   ` Jens Axboe
2006-06-21 10:21     ` Arjan van de Ven
2006-06-22 14:50   ` Peter Osterlund
2006-06-22 18:20     ` Arjan van de Ven
2006-07-14 11:22       ` Peter Osterlund [this message]
2006-07-14 13:46         ` Arjan van de Ven
2006-07-14 21:06           ` Peter Osterlund
2006-07-14 22:29             ` Arjan van de Ven
2006-07-15  7:04             ` [patch] lockdep: annotate pktcdvd natural device hierarchy Arjan van de Ven
2006-07-15 10:35               ` Laurent Riffard
2006-07-15 10:57                 ` Peter Osterlund
2006-07-16 10:33                   ` Laurent Riffard
2006-07-25  2:27                     ` Andrew Morton
2006-07-25  5:34                       ` Arjan van de Ven
2006-07-25  6:31                         ` Andrew Morton

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m3u05kqvla.fsf@telia.com \
    --to=petero2@telia.com \
    --cc=arjan@linux.intel.com \
    --cc=axboe@suse.de \
    --cc=laurent.riffard@free.fr \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.