From mboxrd@z Thu Jan  1 00:00:00 1970
From: Al Viro <viro@ZenIV.linux.org.uk>
Subject: Re: [PATCH 2/9] vfs: export do_splice_direct() to modules
Date: Fri, 22 Mar 2013 18:21:07 +0000
Message-ID: <20130322182107.GQ21522@ZenIV.linux.org.uk>
References: <1363184193-1796-3-git-send-email-miklos@szeredi.hu>
 <1363184193-1796-1-git-send-email-miklos@szeredi.hu>
 <1944.1363525619@warthog.procyon.org.uk>
 <13789.1363973875@jrobl>
 <20130322181111.GP21522@ZenIV.linux.org.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: David Howells <dhowells@redhat.com>,
	Miklos Szeredi <miklos@szeredi.hu>, jack@suse.cz,
	torvalds@linux-foundation.org, linux-fsdevel@vger.kernel.org,
	linux-kernel@vger.kernel.org, hch@infradead.org,
	akpm@linux-foundation.org, apw@canonical.com, nbd@openwrt.org,
	neilb@suse.de, jordipujolp@gmail.com, ezk@fsl.cs.sunysb.edu,
	sedat.dilek@googlemail.com, mszeredi@suse.cz
To: "J. R. Okajima" <hooanon05@yahoo.co.jp>
Return-path: <linux-kernel-owner@vger.kernel.org>
Content-Disposition: inline
In-Reply-To: <20130322181111.GP21522@ZenIV.linux.org.uk>
Sender: linux-kernel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

On Fri, Mar 22, 2013 at 06:11:11PM +0000, Al Viro wrote:
> On Sat, Mar 23, 2013 at 02:37:55AM +0900, J. R. Okajima wrote:
> > 
> > David Howells:
> > > Now, looking at __sb_start_write(), I'm not entirely sure how the deadlock
> > > might operate, so it's possible that this is a false alarm.  Maybe Jan Kara can
> > > illuminate further, so I've added him to the cc list.
> > 
> > It is related to the design of UnionMount, isn't it?
> > UnionMount is not a filesystem and doen't have its own superblock.
> > If it was a fs, then
> > - vfs_truncate() acquires sb_writers for the unioning-fs.
> > - the unioning-fs may call vfs_truncate() again for the underlying fs.
> > - this time, sb_writers is for the underlying fs which is a different
> >   sb_writers object from the already acquired one.
> > So there would be no deadlock.
> 
> Doesn't help the situation with copyup - witness overlayfs stepping into the
> same deadlock on copyup.  It wants ->i_mutex held on directory in upper layer
> and it tries to write to file it has created in there.  The problem is
> with the upper layer superblock getting frozen; having a separate one for
> union is irrelevant.  Let me check how aufs does...  Aha.  Your
> au_do_copy_file() ends up calling vfs_write() on the file opened in
> upper layer.  And AFAICS it's called with ->i_mutex held on the directory
> in upper layer, so you've got the same deadlock, sorry.

The scenario, BTW, looks so:
process A does sb_start_write() (on your upper layer)
process B tries to freeze said upper layer and blocks, waiting for A to finish
process C grabs ->i_mutex in your upper layer
process C does vfs_write(), which blocks, since there's a pending attempt to
freeze
process A tries to grab ->i_mutex held by C and blocks