From: Josh Boyer <jwboyer@gmail.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>,
linux-mm@kvack.org, mgorman@suse.de,
kamezawa.hiroyu@jp.fujitsu.com, dhillf@gmail.com,
viro@zeniv.linux.org.uk, hughd@google.com,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH -V2] hugetlbfs: Drop taking inode i_mutex lock from hugetlbfs_read
Date: Thu, 1 Mar 2012 17:40:41 -0500 [thread overview]
Message-ID: <CA+5PVA4AcTWHsUskGqxdka2G7JMsDpjtdhw23vSHafgAGg4opQ@mail.gmail.com> (raw)
In-Reply-To: <20120301141007.274ad458.akpm@linux-foundation.org>
On Thu, Mar 1, 2012 at 5:10 PM, Andrew Morton <akpm@linux-foundation.org> wrote:
> On Thu, 1 Mar 2012 14:48:50 +0530
> "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com> wrote:
>
>> Taking i_mutex lock in hugetlbfs_read can result in deadlock with mmap
>> as explained below
>> Thread A:
>> read() on hugetlbfs
>> hugetlbfs_read() called
>> i_mutex grabbed
>> hugetlbfs_read_actor() called
>> __copy_to_user() called
>> page fault is triggered
>> Thread B, sharing address space with A:
>> mmap() the same file
>> ->mmap_sem is grabbed on task_B->mm->mmap_sem
>> hugetlbfs_file_mmap() is called
>> attempt to grab ->i_mutex and block waiting for A to give it up
>> Thread A:
>> pagefault handled blocked on attempt to grab task_A->mm->mmap_sem,
>> which happens to be the same thing as task_B->mm->mmap_sem. Block waiting
>> for B to give it up.
>>
>> AFAIU i_mutex lock got added to hugetlbfs_read as per
>> http://lkml.indiana.edu/hypermail/linux/kernel/0707.2/3066.html
>> to take care of the race between truncate and read. This patch fix
>> this by looking at page->mapping under page_lock (find_lock_page())
>> to ensure; the inode didn't get truncated in the range during a
>> parallel read.
>>
>> Ideally we can extend the patch to make sure we don't increase i_size
>> in mmap. But that will break userspace, because application will now
>> have to use truncate(2) to increase i_size in hugetlbfs.
>
> Looks OK to me.
>
> Given that the bug has been there for four years, I'm assuming that
> we'll be OK merging this fix into 3.4. Or we could merge it into 3.4
> and tag it for backporting into earlier kernels - it depends on whether
> people are hurting from it, which I don't know?
We've gotten a few lockdep reports about it in Fedora on various kernels.
A CC to stable might be nice.
josh
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2012-03-01 22:40 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-01 9:18 [PATCH -V2] hugetlbfs: Drop taking inode i_mutex lock from hugetlbfs_read Aneesh Kumar K.V
2012-03-01 22:10 ` Andrew Morton
2012-03-01 22:40 ` Dave Jones
2012-03-01 22:40 ` Josh Boyer [this message]
2012-03-01 22:44 ` Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CA+5PVA4AcTWHsUskGqxdka2G7JMsDpjtdhw23vSHafgAGg4opQ@mail.gmail.com \
--to=jwboyer@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=aneesh.kumar@linux.vnet.ibm.com \
--cc=dhillf@gmail.com \
--cc=hughd@google.com \
--cc=kamezawa.hiroyu@jp.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mgorman@suse.de \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).