lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LFD.2.00.0912301348320.11961@localhost.localdomain>
Date:	Wed, 30 Dec 2009 14:03:25 -0800 (PST)
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	"Eric W. Biederman" <ebiederm@...ssion.com>
cc:	KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>,
	Borislav Petkov <petkovbb@...glemail.com>,
	David Airlie <airlied@...ux.ie>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Greg KH <greg@...ah.com>, Al Viro <viro@...IV.linux.org.uk>
Subject: Re: drm_vm.c:drm_mmap: possible circular locking dependency detected
 (was: Re: Linux 2.6.33-rc2 - Merry Christmas ...)



On Wed, 30 Dec 2009, Eric W. Biederman wrote:

> Linus Torvalds <torvalds@...ux-foundation.org> writes:
> 
> > We've seen it several times (yes, mostly with drm, but it's been seen with 
> > others too), and it's very annoying. It can be fixed by having very 
> > careful readdir implementations, but I really would blame sysfs in 
> > particular for having a very annoying lock reversal issue when used 
> > reasonably.
> 
> Maybe.  The mnmap_sem has some interesting issues all of it's own.
> What reasonable thing is the drm doing that is causing problems?

The details are in the original thread on lkml, but it boils down to 
basically (the below may not be the exact sequence, but it's close)

 - drm_mmap (called with mmap_sem) takes 'dev->struct_mutex' to protect 
   it's own device data (very reasonable)

 - drm_release takes 'dev->struct_mutex' again to protect its own data, 
   and calls "mtrr_del_page()" which ends up taking cpu_hotplug.lock.

   Again, that doesn't sound "wrong" in any way.

 - hibernate ends up with the sequence: _cpu_down (cpu_hotplug.lock) ->  ..
   kref_put .. -> sysfs_addrm_start (sysfs_mutex)

   Again, nothing suspicious or "bad", and this part of the dependency 
   chain has nothing to do with the DRM code itself.

 - sysfs_readdir() (and this is the big problem) holds sysfs_mutex in its
   readdir implementation over the call to filldir. And filldir copies the 
   data to user space, so now you have sysfs_mutex -> mmap_sem.

See? None of the chains look bad. Except sysfs_readdir() obviously has 
that sysfs_mutex -> mmap_sem thing, which is _very_ annoying, because now 
you end up with a chain like

   mmap_sem -> dev->struct_mutex -> cpu_hotplug.lock -> sysfs_mutex -> mmap_sem

and I think you'll agree that of all the lock chains, the place to break 
the association is at sysfs_mutex. And the obvious place to break it would 
be that last "sysfs_mutex -> mmap_sem" stage.

> > Added Eric and Greg to the cc, in case the sysfs people want to solve it.
> 
> There are scalability reasons for dropping the sysfs_mutex in sysfs_readdir
> and I have some tenative patches for that.  I will take a look after I
> come back from the holidays, in a couple of days.  I don't understand
> the issue as described.

Ok, hopefully the above chain explains it to you, and also makes it clear 
that it's rather hard to break anywhere else, and it's not somebody else 
doing anything "obviously bogus".

Btw, the scalability issues with readdir() in general is why I'd be open 
to try to change the rules for filldir(), and always make it a kernel 
space copy. I suspect a number of users would like being able to use 
spinlocks over filldir, but it's currently impossible. 

However, we have a lot of filldir implementations (knfsd and several 
different system call interfaces), and while some of them already use 
kernel buffers (eg knfsd) others would need to allocate temporary storage 
and then do a double copy. And I suspect even things like knfsd do things 
like sleep and take locks, so it's possible that actually getting to the 
point where filldir could be spinlock-safe would be infeasible.

			Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ