lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 16 Dec 2009 08:16:32 -0500
From:	Trond Myklebust <trond.myklebust@....uio.no>
To:	Al Viro <viro@...IV.linux.org.uk>
Cc:	Andi Kleen <andi@...stfloor.org>,
	KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>,
	linux-kernel@...r.kernel.org
Subject: Re: NFS lockdep lock misordering mmap_sem<->i_mutex_key with
 2.6.32-git1

On Wed, 2009-12-16 at 00:09 +0000, Al Viro wrote: 
> On Tue, Dec 15, 2009 at 06:54:37PM -0500, Trond Myklebust wrote:
> 
> > > nfs_revalidate_mapping takes i_mutex, but mmap already has mmap_sem
> > > hold and taking i_mutex inside mmap_sem is not allowed by the VFS.
> 
> VM, actually...
> 
> > If you want to work around the problem rather than going for something
> > like Peter's split up of the mmap() callback, then I'd suggest changing
> > to using nfs_revalidate_mapping_nolock() instead. The fact that we are
> > seeing these lock misordering warnings is proof that the call to
> > nfs_revalidate_mapping() is not always a no-op.
> > 
> > By not taking the i_mutex your call to invalidate_inode_pages2() can
> > potentially end up racing with another process that is writing to the
> > file, but that should be a rare occurrence. The effect will be that the
> > two processes can end up fighting to alternatively dirty and then clean
> > the pages...
> 
> Um...  The really interesting question is whether it's a false positive;
> *can* we hit the deadlock here?  getdents() is a red herring; write() and
> truncate() are real candidates.
> 
> What happens if we have one thread do mmap() while another (sharing the
> address space with it) does write() or truncate() on the same file?

If the two threads are sharing a VM then it looks to me as if they can
potentially deadlock.

The scenario would be that the writing thread triggers a page fault
(through __get_user()) when holding the i_mutex, while the other thread
is trying to grab the i_mutex within the mmap() call.

Cheers
  Trond

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ