[RFC][PATCH 9/7] mm: fix mm_take_all_locks() locking order

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Peter Zijlstra <a.p.zijlstra@chello.nl>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: David Miller <davem@davemloft.net>,
	jeremy@goop.org, hugh@veritas.com, mingo@elte.hu,
	akpm@linux-foundation.org, linux-kernel@vger.kernel.org,
	davej@redhat.com
Subject: [RFC][PATCH 9/7] mm: fix mm_take_all_locks() locking order
Date: Thu, 07 Aug 2008 13:25:49 +0200	[thread overview]
Message-ID: <1218108349.8625.25.camel@twins> (raw)
In-Reply-To: <20080804130317.994042639@chello.nl>

Subject: mm: fix mm_take_all_locks() locking order

Lockdep spotted:

=======================================================
[ INFO: possible circular locking dependency detected ]
2.6.27-rc1 #270
-------------------------------------------------------
qemu-kvm/2033 is trying to acquire lock:
 (&inode->i_data.i_mmap_lock){----}, at: [<ffffffff802996cc>] mm_take_all_locks+0xc2/0xea

but task is already holding lock:
 (&anon_vma->lock){----}, at: [<ffffffff8029967a>] mm_take_all_locks+0x70/0xea

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&anon_vma->lock){----}:
       [<ffffffff8025cd37>] __lock_acquire+0x11be/0x14d2
       [<ffffffff8025d0a9>] lock_acquire+0x5e/0x7a
       [<ffffffff804c655b>] _spin_lock+0x3b/0x47
       [<ffffffff8029a2ef>] vma_adjust+0x200/0x444
       [<ffffffff8029a662>] split_vma+0x12f/0x146
       [<ffffffff8029bc60>] mprotect_fixup+0x13c/0x536
       [<ffffffff8029c203>] sys_mprotect+0x1a9/0x21e
       [<ffffffff8020c0db>] system_call_fastpath+0x16/0x1b
       [<ffffffffffffffff>] 0xffffffffffffffff

-> #0 (&inode->i_data.i_mmap_lock){----}:
       [<ffffffff8025ca54>] __lock_acquire+0xedb/0x14d2
       [<ffffffff8025d397>] lock_release_non_nested+0x1c2/0x219
       [<ffffffff8025d515>] lock_release+0x127/0x14a
       [<ffffffff804c6403>] _spin_unlock+0x1e/0x50
       [<ffffffff802995d9>] mm_drop_all_locks+0x7f/0xb0
       [<ffffffff802a965d>] do_mmu_notifier_register+0xe2/0x112
       [<ffffffff802a96a8>] mmu_notifier_register+0xe/0x10
       [<ffffffffa0043b6b>] kvm_dev_ioctl+0x11e/0x287 [kvm]
       [<ffffffff802bd0ca>] vfs_ioctl+0x2a/0x78
       [<ffffffff802bd36f>] do_vfs_ioctl+0x257/0x274
       [<ffffffff802bd3e1>] sys_ioctl+0x55/0x78
       [<ffffffff8020c0db>] system_call_fastpath+0x16/0x1b
       [<ffffffffffffffff>] 0xffffffffffffffff

other info that might help us debug this:

5 locks held by qemu-kvm/2033:
 #0:  (&mm->mmap_sem){----}, at: [<ffffffff802a95d0>] do_mmu_notifier_register+0x55/0x112
 #1:  (mm_all_locks_mutex){--..}, at: [<ffffffff8029963e>] mm_take_all_locks+0x34/0xea
 #2:  (&anon_vma->lock){----}, at: [<ffffffff8029967a>] mm_take_all_locks+0x70/0xea
 #3:  (&anon_vma->lock){----}, at: [<ffffffff8029967a>] mm_take_all_locks+0x70/0xea
 #4:  (&anon_vma->lock){----}, at: [<ffffffff8029967a>] mm_take_all_locks+0x70/0xea

stack backtrace:
Pid: 2033, comm: qemu-kvm Not tainted 2.6.27-rc1 #270

Call Trace:
 [<ffffffff8025b7c7>] print_circular_bug_tail+0xb8/0xc3
 [<ffffffff8025ca54>] __lock_acquire+0xedb/0x14d2
 [<ffffffff80259bb1>] ? add_lock_to_list+0x7e/0xad
 [<ffffffff8029967a>] ? mm_take_all_locks+0x70/0xea
 [<ffffffff8029967a>] ? mm_take_all_locks+0x70/0xea
 [<ffffffff8025d397>] lock_release_non_nested+0x1c2/0x219
 [<ffffffff802996cc>] ? mm_take_all_locks+0xc2/0xea
 [<ffffffff802996cc>] ? mm_take_all_locks+0xc2/0xea
 [<ffffffff8025b202>] ? trace_hardirqs_on_caller+0x4d/0x115
 [<ffffffff802995d9>] ? mm_drop_all_locks+0x7f/0xb0
 [<ffffffff8025d515>] lock_release+0x127/0x14a
 [<ffffffff804c6403>] _spin_unlock+0x1e/0x50
 [<ffffffff802995d9>] mm_drop_all_locks+0x7f/0xb0
 [<ffffffff802a965d>] do_mmu_notifier_register+0xe2/0x112
 [<ffffffff802a96a8>] mmu_notifier_register+0xe/0x10
 [<ffffffffa0043b6b>] kvm_dev_ioctl+0x11e/0x287 [kvm]
 [<ffffffff8033f9f2>] ? file_has_perm+0x83/0x8e
 [<ffffffff802bd0ca>] vfs_ioctl+0x2a/0x78
 [<ffffffff802bd36f>] do_vfs_ioctl+0x257/0x274
 [<ffffffff802bd3e1>] sys_ioctl+0x55/0x78
 [<ffffffff8020c0db>] system_call_fastpath+0x16/0x1b

Which the locking hierarchy in mm/rmap.c confirms as 'valid'.

Although I don't think there are any users of these two locks that don't
hold the mmap_sem, therefore the nesting is strictly ok, but since we
already have an established order, we might as well respect it.

Fix this by first taking all the mapping->i_mmap_lock instances and then
take all anon_vma->lock instances.

Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
---
 mm/mmap.c |   10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

Index: linux-2.6/mm/mmap.c
===================================================================
--- linux-2.6.orig/mm/mmap.c
+++ linux-2.6/mm/mmap.c
@@ -2358,11 +2358,17 @@ int mm_take_all_locks(struct mm_struct *
 	for (vma = mm->mmap; vma; vma = vma->vm_next) {
 		if (signal_pending(current))
 			goto out_unlock;
-		if (vma->anon_vma)
-			vm_lock_anon_vma(mm, vma->anon_vma);
 		if (vma->vm_file && vma->vm_file->f_mapping)
 			vm_lock_mapping(mm, vma->vm_file->f_mapping);
 	}
+
+	for (vma = mm->mmap; vma; vma = vma->vm_next) {
+		if (signal_pending(current))
+			goto out_unlock;
+		if (vma->anon_vma)
+			vm_lock_anon_vma(mm, vma->anon_vma);
+	}
+
 	ret = 0;
 
 out_unlock:

next prev parent reply	other threads:[~2008-08-07 12:35 UTC|newest]

Thread overview: 73+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-08-04 13:03 [RFC][PATCH 0/7] lockdep Peter Zijlstra
2008-08-04 13:03 ` [RFC][PATCH 1/7] lockdep: Fix combinatorial explosion in lock subgraph traversal Peter Zijlstra
2008-08-05  8:34   ` David Miller
2008-08-05  8:46     ` Peter Zijlstra
2008-08-13  3:48       ` Tim Pepper
2008-08-13 10:56         ` Ingo Molnar
2008-08-04 13:03 ` [RFC][PATCH 2/7] lockdep: lock_set_subclass - reset a held locks subclass Peter Zijlstra
2008-08-05  8:35   ` David Miller
2008-08-04 13:03 ` [RFC][PATCH 3/7] lockdep: re-annotate scheduler runqueues Peter Zijlstra
2008-08-05  8:35   ` David Miller
2008-08-04 13:03 ` [RFC][PATCH 4/7] lockdep: shrink held_lock structure Peter Zijlstra
2008-08-05 16:08   ` Peter Zijlstra
2008-08-06  7:17   ` Peter Zijlstra
2008-08-04 13:03 ` [RFC][PATCH 5/7] lockdep: map_acquire Peter Zijlstra
2008-08-04 13:03 ` [RFC][PATCH 6/7] lockdep: lock protection locks Peter Zijlstra
2008-08-04 13:03 ` [RFC][PATCH 7/7] lockdep: spin_lock_nest_lock() Peter Zijlstra
2008-08-04 14:07   ` Roland Dreier
2008-08-04 14:19     ` Peter Zijlstra
2008-08-04 14:26       ` Roland Dreier
2008-08-04 14:32         ` Peter Zijlstra
2008-08-04 14:53           ` Dave Jones
2008-08-04 14:56             ` Peter Zijlstra
2008-08-04 16:26               ` Andrea Arcangeli
2008-08-04 16:38                 ` Peter Zijlstra
2008-08-04 17:27                   ` Andrea Arcangeli
2008-08-04 17:46                     ` Andrea Arcangeli
2008-08-04 17:57                       ` [PATCH] workaround minor lockdep bug triggered by mm_take_all_locks Andrea Arcangeli
2008-08-04 18:48                         ` Peter Zijlstra
2008-08-04 18:56                           ` Roland Dreier
2008-08-04 19:05                             ` Peter Zijlstra
2008-08-04 20:15                           ` Andrea Arcangeli
2008-08-04 20:37                             ` Peter Zijlstra
2008-08-04 21:09                               ` Andrea Arcangeli
2008-08-04 21:14                                 ` Pekka Enberg
2008-08-04 21:30                                   ` Andrea Arcangeli
2008-08-04 21:41                                     ` Andrew Morton
2008-08-04 22:12                                       ` Andrea Arcangeli
2008-08-04 21:42                                     ` Arjan van de Ven
2008-08-04 22:30                                       ` Andrea Arcangeli
2008-08-04 23:38                                         ` Arjan van de Ven
2008-08-05  0:47                                           ` Andrea Arcangeli
2008-08-04 21:27                                 ` Arjan van de Ven
2008-08-04 21:54                                   ` Andrea Arcangeli
2008-08-04 21:57                                 ` David Miller
2008-08-05  2:00                                 ` Roland Dreier
2008-08-05  2:18                                   ` Andrea Arcangeli
2008-08-05 12:02                                     ` Roland Dreier
2008-08-05 12:20                                       ` Andrea Arcangeli
2008-08-04 18:48                     ` [RFC][PATCH 7/7] lockdep: spin_lock_nest_lock() Peter Zijlstra
2008-08-04 21:32                   ` David Miller
2008-08-04 18:06   ` Jeremy Fitzhardinge
2008-08-04 18:54     ` Peter Zijlstra
2008-08-04 19:26       ` Jeremy Fitzhardinge
2008-08-04 19:31         ` Linus Torvalds
2008-08-04 19:39           ` Peter Zijlstra
2008-08-04 20:16           ` Jeremy Fitzhardinge
2008-10-08 15:27           ` Steven Rostedt
2008-10-08 15:43             ` Linus Torvalds
2008-10-08 16:03               ` Steven Rostedt
2008-10-08 16:19                 ` Linus Torvalds
2008-10-08 16:53                   ` Steven Rostedt
2008-10-08 15:52             ` Nick Piggin
2008-10-08 17:18               ` Steven Rostedt
2008-08-07 11:25   ` Peter Zijlstra
2008-08-07 11:25 ` [RFC][PATCH 8/7] lockdep: annotate mm_take_all_locks() Peter Zijlstra
2008-08-07 11:25 ` Peter Zijlstra [this message]
2008-08-07 12:14   ` [RFC][PATCH 9/7] mm: fix mm_take_all_locks() locking order Hugh Dickins
2008-08-07 12:41     ` Peter Zijlstra
2008-08-07 13:27       ` Hugh Dickins
2008-08-07 21:46   ` Andrea Arcangeli
2008-08-08  1:34     ` Andrea Arcangeli
2008-08-08  7:16     ` Peter Zijlstra
2008-08-11 10:08 ` [RFC][PATCH 0/7] lockdep Ingo Molnar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1218108349.8625.25.camel@twins \
    --to=a.p.zijlstra@chello.nl \
    --cc=akpm@linux-foundation.org \
    --cc=davej@redhat.com \
    --cc=davem@davemloft.net \
    --cc=hugh@veritas.com \
    --cc=jeremy@goop.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@elte.hu \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox