lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20251216142236.GD31492@ziepe.ca>
Date: Tue, 16 Dec 2025 10:22:36 -0400
From: Jason Gunthorpe <jgg@...pe.ca>
To: Michael Gur <michaelgur@...dia.com>
Cc: wujing <realwujing@...com>, leon@...nel.org,
	linux-kernel@...r.kernel.org, linux-rdma@...r.kernel.org,
	yuanql9@...natelecom.cn
Subject: Re: [PATCH] IB/core: Fix ABBA deadlock in rdma_dev_exit_net

On Tue, Dec 16, 2025 at 03:59:32PM +0200, Michael Gur wrote:
> 
> On 12/16/2025 11:59 AM, wujing wrote:
> > Hi Jason,
> > 
> > You're right that the locks aren't nested in rdma_dev_exit_net() - it does release
> > rdma_nets_rwsem before acquiring devices_rwsem. However, this is still an ABBA deadlock,
> > just not the trivial nested kind. The issue is caused by **rwsem writer priority**
> > and lock ordering inconsistency.
> > 
> > Here's the actual deadlock scenario:
> > 
> > **Thread A (rdma_dev_exit_net - cleanup_net workqueue):**
> > ```
> > down_write(&rdma_nets_rwsem);    // Acquired
> > xa_store(&rdma_nets, ...);
> > up_write(&rdma_nets_rwsem);      // Released
> > down_read(&devices_rwsem);       // Waiting here <-- BLOCKED
> > ```
> > 
> > **Thread B (rdma_dev_init_net - stress-ng-clone):**
> > ```
> > down_read(&devices_rwsem);       // Acquired
> > down_read(&rdma_nets_rwsem);     // Waiting here <-- BLOCKED
> > ```
> > 
> > The deadlock happens because:
> > 
> > 1. Thread A releases rdma_nets_rwsem as a **writer**
> > 2. Thread B (and many others) are waiting to acquire rdma_nets_rwsem as **readers**
> > 3. Thread A then tries to acquire devices_rwsem as a reader
> > 4. BUT: rwsem gives priority to pending writers over new readers
> > 5. Since Thread A was a pending writer on rdma_nets_rwsem, Thread B's read request is blocked
> > 6. Thread B holds devices_rwsem, which Thread A needs
> > 7. Thread A holds the "writer priority slot" on rdma_nets_rwsem, which Thread B needs
> > 
> Why would Thread A still hold any writer priority after calling up_write()?

I've never heard of a 'writer priority slot' in linux, a thread does
not block other users of a lock after it has released the lock.

The rwsem priority is done by biasing the atomic counter, not with
some kind of weird per-thread slots.

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ