lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Fri, 26 Aug 2011 17:35:07 +1000
From:	Dave Chinner <>
To:	Theodore Ts'o <>
Cc:	Jiaying Zhang <>,
Subject: Re: [URGENT PATCH] ext4: fix potential deadlock in ext4_evict_inode()

On Thu, Aug 25, 2011 at 11:33:44PM -0400, Theodore Ts'o wrote:
> Note: this will probably need to be sent to Linus as an emergency
> bugfix ASAP, since it was introduced in 3.1-rc1, so it represents a
> regression.

It doesn't appear to be a bug. All of the new ext4 lockdep reports
in 3.1 I've seen (except for the mmap_sem/i_mutex one) are false

> =======================================================
> [ INFO: possible circular locking dependency detected ]
> 3.1.0-rc3-00012-g2a22fc1 #1839
> -------------------------------------------------------
> dd/7677 is trying to acquire lock:
>  (&type->s_umount_key#18){++++..}, at: [<c021ea77>] writeback_inodes_sb_if_idle+0x26/0x3d
> but task is already holding lock:
>  (&sb->s_type->i_mutex_key#3){+.+.+.}, at: [<c01d5956>] generic_file_aio_write+0x52/0xba
> which lock already depends on the new lock.
> the existing dependency chain (in reverse order) is:
> -> #1 (&sb->s_type->i_mutex_key#3){+.+.+.}:
>        [<c018eb02>] lock_acquire+0x99/0xbd
>        [<c06a53b5>] __mutex_lock_common+0x33/0x2fb
>        [<c06a572b>] mutex_lock_nested+0x26/0x2f
>        [<c026c2db>] ext4_evict_inode+0x3e/0x2bd
>        [<c0214bb0>] evict+0x8e/0x131
>        [<c0214de6>] dispose_list+0x36/0x40
>        [<c0215239>] evict_inodes+0xcd/0xd5
>        [<c0204a23>] generic_shutdown_super+0x3d/0xaa
>        [<c0204ab2>] kill_block_super+0x22/0x5e
>        [<c0204cb8>] deactivate_locked_super+0x22/0x4e
>        [<c02055b2>] deactivate_super+0x3d/0x43
>        [<c0218427>] mntput_no_expire+0xda/0xdf
>        [<c0219486>] sys_umount+0x286/0x2ab
>        [<c02194bd>] sys_oldumount+0x12/0x14
>        [<c06a6ac5>] syscall_call+0x7/0xb
> -> #0 (&type->s_umount_key#18){++++..}:
>        [<c018e262>] __lock_acquire+0x967/0xbd2
>        [<c018eb02>] lock_acquire+0x99/0xbd
>        [<c06a5991>] down_read+0x28/0x65
>        [<c021ea77>] writeback_inodes_sb_if_idle+0x26/0x3d
>        [<c0269630>] ext4_nonda_switch+0xd0/0xe1
>        [<c026e953>] ext4_da_write_begin+0x3c/0x1cf
>        [<c01d46ad>] generic_file_buffered_write+0xc0/0x1b4
>        [<c01d58d3>] __generic_file_aio_write+0x254/0x285
>        [<c01d596e>] generic_file_aio_write+0x6a/0xba
>        [<c026732f>] ext4_file_write+0x1d6/0x227
>        [<c0202789>] do_sync_write+0x8f/0xca
>        [<c02030d5>] vfs_write+0x85/0xe3
>        [<c02031d4>] sys_write+0x40/0x65
>        [<c06a6ac5>] syscall_call+0x7/0xb

That's definitely a false positive - sys_write() will have an active
reference to the inode, and evict is only called on inodes without
active references. Hence you can never get a deadlock between an
inode context with an active reference and the same inode in the
evict/dispose path because inode cannot be in both places at once...

This is why XFS changes the lockdep context for the its iolock as
soon as .evict is called on the inode - to stop these false
positives from being emitted whenever memory reclaim or unmount
evicts inodes.


Dave Chinner
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists