| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 6 Mar 2008 01:42:34 +0530 From: "Aneesh Kumar K.V" <aneesh.kumar@...ux.vnet.ibm.com> To: Jan Kara <jack@...e.cz> Cc: Josef Bacik <jbacik@...hat.com>, Theodore Tso <tytso@....edu>, Andreas Dilger <adilger@....com>, Mingming Cao <cmm@...ibm.com>, "linux-ext4@...r.kernel.org" <linux-ext4@...r.kernel.org> Subject: Re: jbd2_handle and i_data_sem circular locking dependency detected On Mon, Feb 04, 2008 at 05:31:56PM +0100, Jan Kara wrote: > Hi, > > On Mon 04-02-08 15:42:28, Aneesh Kumar K.V wrote: > > This is with the new ext3 -> ext4 migrate code added. The recently added > > lockdep for jbd2 helped to find this out. We want to hold the i_data_sem > > on the ext3 inode during migration to prevent walking the ext3 inode > > when it is being converted to ext4 format. Also we want to avoid > > file truncation and new blocks being added while converting to ext4. > > Also we dont want to reserve large number of credits for journal. > > Any idea how to fix this ? > Hmm, while briefly looking at the code - why do you introduce i_data_sem > and not use i_alloc_sem which is already in VFS inode? That is aimed > exactly at the serialization of truncates, writes and similar users. > That doesn't solve problems with lock ordering but I was just wondering... > Another problem - ext4_fallocate() has the same lock ordering problem as > the migration code and maybe there are others... > One (stupid) solution to your problem is to make i_data_sem be > always locked before the transaction is started. It could possibly have > negative performance impact because you'd have to hold the semaphore for > a longer time and thus a writer would block readers for longer time. So one > would have to measure how big difference that would make. > Another possibility is to start a single transaction for migration and > extend it as long as you can (as truncate does it). And when you can't > extend any more, you drop the i_data_sem and start a new transaction and > acquire the semaphore again. This has the disadvantage that after dropping > the semaphore you have to resync your original inode with the temporary > one your are building which probably ends up being ugly as night... Hmm, > but maybe we could get rid of this - hold i_mutex to protect against all > writes (that ranks outside of transaction start so you can hold it for the > whole migration time - maybe you even hold it if you are called from the > write path...). After dropping i_data_sem you let some readers proceed > but writers still wait on i_mutex so the file shouldn't change under you > (but I suggest adding some BUG_ONs to verify that the file really doesn't > change :). > This one came up again when i was doing the mmap ENOSPC patch. Now the current code with migrate is taking i_mutex to protech against all writes. But it seems a write to a mmap area mapping a hole can still go through fine. And that path cannot take i_mutex. So i guess the migrate locking need to be fixed. Any suggestion ? -aneesh -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists