From: Al Viro <viro@zeniv.linux.org.uk>
To: Denis Kirjanov <kda@linux-powerpc.org>
Cc: Christoph Hellwig <hch@infradead.org>,
linux-kernel@vger.kernel.org, Jakub Kicinski <kuba@kernel.org>,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH] fs: export kern_path_locked
Date: Tue, 16 Feb 2021 18:00:34 +0000 [thread overview]
Message-ID: <YCwIQmsxWxuw+dnt@zeniv-ca.linux.org.uk> (raw)
In-Reply-To: <CAOJe8K00srtuD+VAJOFcFepOqgNUm0mC8C=hLq2=qhUFSfhpuw@mail.gmail.com>
On Tue, Feb 16, 2021 at 05:31:33PM +0300, Denis Kirjanov wrote:
> We had a change like that:
> Author: WANG Cong <xiyou.wangcong@gmail.com>
> Date: Mon Jan 23 11:17:35 2017 -0800
>
> af_unix: move unix_mknod() out of bindlock
>
> Dmitry reported a deadlock scenario:
>
> unix_bind() path:
> u->bindlock ==> sb_writer
>
> do_splice() path:
> sb_writer ==> pipe->mutex ==> u->bindlock
>
> In the unix_bind() code path, unix_mknod() does not have to
> be done with u->bindlock held, since it is a pure fs operation,
> so we can just move unix_mknod() out.
*cringe*
I remember now... Process set:
P1: bind() of AF_UNIX socket to /mnt/sock
P2: splice() from pipe to /mnt/foo
P3: freeze /mnt
P4: splice() from pipe to AF_UNIX socket
P1 grabs ->bindlock
P2 sb_start_write() for what's on /mnt
P2 grabs rwsem shared
P3 blocks in sb_wait_write() trying to grab the same rwsem exclusive
P1 sb_start_write() blocks trying to grab the same rwsem shared
P4 calls ->splice_write(), aka generic_splice_sendpage()
P4 grabs pipe->mutex
P4 calls ->sendpage(), aka sock_no_sendpage()
P4 calls ->sendmsg(), aka unix_dgram_sendmsg()
P4 calls unix_autobind()
P4 blocks trying to grab ->bindlock
P2 ->splice_write(), aka iter_file_splice_write()
P2 blocks trying to grab pipe->mutex
DEADLOCK
Sigh... OK, so we want something like
user_path_create()
vfs_mknod()
created = true
grab bindlock
....
drop bindlock
if failed && created
vfs_unlink()
done_path_create()
in unix_bind()... That would push ->bindlock all way down in the hierarchy,
so that should be deadlock-free, but it looks like that'll be fucking ugly ;-/
Let me try and play with that a bit, maybe it can be massaged to something
relatively sane...
next prev parent reply other threads:[~2021-02-16 18:01 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-25 15:49 [PATCH] fs: export kern_path_locked Denis Kirjanov
2021-01-27 17:57 ` Christoph Hellwig
[not found] ` <CAOJe8K0MC-TCURE2Gpci1SLnLXCbUkE7q6SS0fznzBA+Pf-B8Q@mail.gmail.com>
[not found] ` <20210129082524.GA2282796@infradead.org>
[not found] ` <CAOJe8K0iG91tm8YBRmE_rdMMMbc4iRsMGYNxJk0p9vEedNHEkg@mail.gmail.com>
[not found] ` <20210129131855.GA2346744@infradead.org>
2021-02-14 18:17 ` Al Viro
2021-02-16 14:31 ` Denis Kirjanov
2021-02-16 18:00 ` Al Viro [this message]
2021-02-19 4:11 ` Al Viro
2021-02-19 4:19 ` [PATCH 1/8] af_unix: take address assignment/hash insertion into a new helper Al Viro
2021-02-20 19:12 ` Cong Wang
2021-02-20 19:32 ` Al Viro
2021-02-20 20:31 ` Cong Wang
2021-02-20 21:08 ` Al Viro
2021-02-22 19:06 ` [PATCHSET] making unix_bind() undo mknod on failure Al Viro
2021-02-22 19:12 ` [PATCH 1/8] af_unix: take address assignment/hash insertion into a new helper Al Viro
2021-02-22 19:12 ` [PATCH 2/8] unix_bind(): allocate addr earlier Al Viro
2021-02-22 19:12 ` [PATCH 3/8] unix_bind(): separate BSD and abstract cases Al Viro
2021-02-22 19:12 ` [PATCH 4/8] unix_bind(): take BSD and abstract address cases into new helpers Al Viro
2021-02-22 19:12 ` [PATCH 5/8] fold unix_mknod() into unix_bind_bsd() Al Viro
2021-02-22 19:12 ` [PATCH 6/8] unix_bind_bsd(): move done_path_create() call after dealing with ->bindlock Al Viro
2021-02-22 19:12 ` [PATCH 7/8] unix_bind_bsd(): unlink if we fail after successful mknod Al Viro
2021-02-22 19:12 ` [PATCH 8/8] __unix_find_socket_byname(): don't pass hash and type separately Al Viro
2021-02-22 19:12 ` [PATCHSET] making unix_bind() undo mknod on failure Al Viro
2021-02-22 19:24 ` Al Viro
2021-02-24 0:40 ` Jakub Kicinski
2021-02-19 4:20 ` [PATCH 2/8] unix_bind(): allocate addr earlier Al Viro
2021-02-19 4:21 ` [PATCH 3/8] unix_bind(): separate BSD and abstract cases Al Viro
2021-02-19 4:21 ` [PATCH 4/8] unix_bind(): take BSD and abstract address cases into new helpers Al Viro
2021-02-19 4:22 ` [PATCH 5/8] fold unix_mknod() into unix_bind_bsd() Al Viro
2021-02-19 4:22 ` [PATCH 6/8] unix_bind_bsd(): move done_path_create() call after dealing with ->bindlock Al Viro
2021-02-19 4:23 ` [PATCH 7/8] unix_bind_bsd(): unlink if we fail after successful mknod Al Viro
2021-02-19 4:23 ` [PATCH 8/8] __unix_find_socket_byname(): don't pass hash and type separately Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YCwIQmsxWxuw+dnt@zeniv-ca.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=hch@infradead.org \
--cc=kda@linux-powerpc.org \
--cc=kuba@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox