| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.44L0.1204271410470.1690-100000@iolanthe.rowland.org> Date: Fri, 27 Apr 2012 14:27:26 -0400 (EDT) From: Alan Stern <stern@...land.harvard.edu> To: "Eric W. Biederman" <ebiederm@...ssion.com> cc: Tejun Heo <tj@...nel.org>, Peter Zijlstra <peterz@...radead.org>, Kernel development list <linux-kernel@...r.kernel.org> Subject: Re: Lockdep false positive in sysfs On Fri, 27 Apr 2012, Eric W. Biederman wrote: > >> > Another idea is to have A's method temporarily drop the sysfs readlock. > >> > Of course that would put the onus on the USB core of guaranteeing that > >> > A cannot be removed while this happens, but we can handle that. > >> > >> Yeah, that's an easier way out. Please make it a proper sysfs API > >> call tho so that people working on sysfs later can know of the special > >> case. > > > > I will. > > > > Would it be better to release just the lockdep annotation while > > continuing to hold the actual lock, or to really drop the lock? > > We can't really drop the ``lock''. That would imply not waiting for > all of the methods using a sysfs attributes not to finish before we > remove a sysfs attribute. Kaboom! That's why I wrote above "... would put the onus on the USB core of guaranteeing that A cannot be removed while this happens". But regardless, we can keep the lock while dropping the annotation. > Probably what would be better would figure out how to sneak in something > that for this file we tell lockdep to ignore it like you do the device > locks. As you do for the device layer locking. Dropping the annotation has pretty much that effect, right? I don't want lockdep to ignore the locks entirely, because we still want to catch attributes that unregister themselves (as opposed to unregistering their counterparts in child devices). > I don't like the choices available at this junction. I have seen some > nasty ABBA deadlocks with sysfs, and anything that makes those easier to > see. > > One thing that looks promising after reading lwn yesterday is what Al > and Oleg are doing with fput and a per task work queue that runs before > we return to user space. If you could use that we could have our > cake and eat it too. You could schedule the work in a work queue but > you could also be guaranteed that there are not any locking problems. > > Do you think you could investigate that possibility? Yes, I think that would work. It would require a little more code and some errors would not get reported correctly (those that occur during the callback). (Incidentally, the sysfs_workqueue used in sysfs_schedule_callback() could also be replaced by the per-task work queue.) Which do you prefer: temporarily dropping the lockdep annotation, or deferring the work to the per-task work queue? Note that these "flush before returning to userspace" things aren't in the kernel yet. Alan Stern -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists