From: Al Viro <viro@ZenIV.linux.org.uk>
To: Rainer Weikusat <rweikusat@cyberadapt.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
CAI Qian <caiqian@redhat.com>, Miklos Szeredi <miklos@szeredi.hu>,
Hannes Frederic Sowa <hannes@stressinduktion.org>,
Rainer Weikusat <rweikusat@mobileactivedefense.com>,
Eric Sandeen <esandeen@redhat.com>,
Network Development <netdev@vger.kernel.org>
Subject: Re: possible circular locking dependency detected
Date: Fri, 2 Sep 2016 18:02:56 +0100 [thread overview]
Message-ID: <20160902170256.GU2356@ZenIV.linux.org.uk> (raw)
In-Reply-To: <87d1kme10a.fsf@doppelsaurus.mobileactivedefense.com>
On Fri, Sep 02, 2016 at 05:10:13PM +0100, Rainer Weikusat wrote:
> > Bullshit. kern_path_create() *does* mean the same thing in all cases.
> > Namely, find the parent, lock it and leave the final name component for
> > the create-type operation. It sure as hell is not guaranteed to take
> > *all* locks that are going to be taken in process of mknod/mkdir/etc.
> > Never had been.
>
> This isn't about "all locks", it's about the lock in question. No other
> mknod operation (I'm aware of) calls this with another superblock than
> the one already acted upon by kern_path_create. This may be wrong (if
> so, feel free to correct it) but it's not "bullshit" (intentional
> deception in order to sell something to someone).
>
Never had been promised. And it's not just this lock - e.g. ->i_rwsem is
taken on the parent by kern_path_create() and on parent in underlying
filesystem by ecryptfs ->mknod() (as well as overlayfs one). bind/bind
deadlock - one for a path to ecryptfs, another for that on the raw
filesystem behind it (which can be mounted elsewhere/in another namespace/etc.)
with those paths ending in the matching directories (the last components may
be same or different - doesn't matter)
A: lock parent in ecryptfs (via kern_path_create())
B: lock the directory behind it in underlying fs (ditto)
A: grab ->readlock
B: block on ->readlock
A: call ecryptfs_mknod() and block trying to lock the directory held by B
Deadlock. And while we are at it, ecryptfs probably ought to claim transient
write access for the duration of modifications of the underlying one similar
to overlayfs. The point is, it had never been promised that you can stick
random locks just outside of ->mknod()/->mkdir()/etc. The same goes for e.g.
NFS mount of something exported by localhost; knfsd must lock the parent
directory on server before creating anything in it. Suppose you have
/srv/nfs/foo exported and mounted on the same host at /mnt/bar. bind to
/mnt/bar/barf/a vs. bind to /srv/nfs/foo/barf/b:
A: lock /mnt/bar/barf
B: lock /srv/nfs/foo/barf
A: grab ->readlock
B: block on ->readlock
A: call nfs_mknod(), wait for reply
knfsd: block trying to lock /srv/nfs/foo/barf
It's very much _not_ just overlayfs being pathological - that it certainly is,
but the problem is much wider. You could try to argue that kern_path_create()
should've known to lock all relevant directories in case of overlayfs and
ecryptfs, but it has absolutely no chance to do that in case of NFS - the
protocol doesn't allow "lock this directory, one of my next requests will
be to create something in it". Even leases are only for regular files...
next prev parent reply other threads:[~2016-09-02 17:03 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CA+55aFy0cQq569m=0umnqZe6HJp8eQX2ed-yi=Fmntuhd2AM=Q@mail.gmail.com>
[not found] ` <87h99zo4d8.fsf@doppelsaurus.mobileactivedefense.com>
[not found] ` <CA+55aFwcPK_wXS8SE5wPitCXUewZ1+OGqVrWxvvU8tVDuCeHWA@mail.gmail.com>
[not found] ` <CA+55aFxGW8_DpYa6rZAq0s7zzFCB58U=7Kgy1T+7cY2=TasGrw@mail.gmail.com>
[not found] ` <871t13o1n1.fsf@doppelsaurus.mobileactivedefense.com>
[not found] ` <CA+55aFzbCDwOTbHiawpY2xSaR_EBkTDbYeJV3CH09OLLtPW3nw@mail.gmail.com>
[not found] ` <6f7d587b-3933-7c02-a804-db1732ced1cf@stressinduktion.org>
[not found] ` <CA+55aFyNJg_brA4rGF0S2ve0V_2vuhZCFKEMFDNhHKEXoVCRGA@mail.gmail.com>
[not found] ` <20160901204746.GR2356@ZenIV.linux.org.uk>
[not found] ` <CA+55aFxzRnLCev6i_ehw9LFf-dw3s0znF+nP_c86i=219OZhfg@mail.gmail.com>
[not found] ` <20160901210142.GS2356@ZenIV.linux.org.uk>
[not found] ` <CA+55aFzxJM4pbS_jySERnCoOvvPbo+FgM7FZEATLJnCseD0j0g@mail.gmail.com>
2016-09-01 22:04 ` possible circular locking dependency detected Linus Torvalds
2016-09-02 14:43 ` CAI Qian
2016-09-02 15:51 ` CAI Qian
2016-09-02 16:46 ` CAI Qian
2016-09-02 17:10 ` Linus Torvalds
2016-09-02 15:18 ` Rainer Weikusat
2016-09-02 16:00 ` Al Viro
2016-09-02 16:10 ` Rainer Weikusat
2016-09-02 17:02 ` Al Viro [this message]
2016-09-02 17:12 ` Linus Torvalds
2016-09-02 17:40 ` Rainer Weikusat
2016-09-02 17:53 ` Al Viro
2016-09-02 17:52 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160902170256.GU2356@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=caiqian@redhat.com \
--cc=esandeen@redhat.com \
--cc=hannes@stressinduktion.org \
--cc=miklos@szeredi.hu \
--cc=netdev@vger.kernel.org \
--cc=rweikusat@cyberadapt.com \
--cc=rweikusat@mobileactivedefense.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).