lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <E1PfvGx-00086O-IA@pomaz-ex.szeredi.hu>
Date:	Thu, 20 Jan 2011 15:13:59 +0100
From:	Miklos Szeredi <miklos@...redi.hu>
To:	Christoph Hellwig <hch@...radead.org>
CC:	miklos@...redi.hu, akpm@...ux-foundation.org, hughd@...gle.com,
	gurudas.pai@...cle.com, lkml20101129@...ton.leun.net,
	linux-kernel@...r.kernel.org, linux-mm@...ck.org
Subject: Re: [PATCH] mm: prevent concurrent unmap_mapping_range() on the same
 inode

On Thu, 20 Jan 2011, Christoph Hellwig wrote:
> On Thu, Jan 20, 2011 at 01:30:58PM +0100, Miklos Szeredi wrote:
> > From: Miklos Szeredi <mszeredi@...e.cz>
> > 
> > Running a fuse filesystem with multiple open()'s in parallel can
> > trigger a "kernel BUG at mm/truncate.c:475"
> > 
> > The reason is, unmap_mapping_range() is not prepared for more than
> > one concurrent invocation per inode.  For example:
> > 
> >   thread1: going through a big range, stops in the middle of a vma and
> >      stores the restart address in vm_truncate_count.
> > 
> >   thread2: comes in with a small (e.g. single page) unmap request on
> >      the same vma, somewhere before restart_address, finds that the
> >      vma was already unmapped up to the restart address and happily
> >      returns without doing anything.
> > 
> > Another scenario would be two big unmap requests, both having to
> > restart the unmapping and each one setting vm_truncate_count to its
> > own value.  This could go on forever without any of them being able to
> > finish.
> > 
> > Truncate and hole punching already serialize with i_mutex.  Other
> > callers of unmap_mapping_range() do not, and it's difficult to get
> > i_mutex protection for all callers.  In particular ->d_revalidate(),
> > which calls invalidate_inode_pages2_range() in fuse, may be called
> > with or without i_mutex.
> 
> 
> Which I think is mostly a fuse problem.  I really hate bloating the
> generic inode (into which the address_space is embedded) with another
> mutex for deficits in rather special case filesystems. 

As Hugh pointed out unmap_mapping_range() has grown a varied set of
callers, which are difficult to fix up wrt i_mutex.  Fuse was just an
example.

I don't like the bloat either, but this is the best I could come up
with for fixing this problem generally.  If you have a better idea,
please share it.

Thanks,
Miklos
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ