From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932701AbbLRQFE (ORCPT ); Fri, 18 Dec 2015 11:05:04 -0500 Received: from tiger.mobileactivedefense.com ([217.174.251.109]:57924 "EHLO tiger.mobileactivedefense.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932098AbbLRQFC (ORCPT ); Fri, 18 Dec 2015 11:05:02 -0500 From: Rainer Weikusat To: Hannes Frederic Sowa Cc: David Miller , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Al Viro Subject: splice-bind deadlock (was: [PATCH] af_unix: Revert 'lock_interruptible' in stream receive code) In-Reply-To: <871takk674.fsf@doppelsaurus.mobileactivedefense.com> (Rainer Weikusat's message of "Thu, 17 Dec 2015 23:26:23 +0000") References: <877fke6tqi.fsf@doppelsaurus.mobileactivedefense.com> <56727EE9.5020805@stressinduktion.org> <871takk674.fsf@doppelsaurus.mobileactivedefense.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux) Date: Fri, 18 Dec 2015 16:04:09 +0000 Message-ID: <87si2zbv5y.fsf_-_@doppelsaurus.mobileactivedefense.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Rainer Weikusat writes: > Hannes Frederic Sowa writes: > > [...] > >> There is still a deadlock lingering around > > [...] > >> http://lists.openwall.net/netdev/2015/11/10/4 [...] > (a while ago) A: socketpair() > > B: splice() from a pipe to /mnt/regular_file > does sb_start_write() on /mnt > > C: try to freeze /mnt > wait for B to finish with /mnt > > A: bind() try to bind our socket to /mnt/new_socket_name > lock our socket, see it not bound yet > decide that it needs to create something in /mnt > try to do sb_start_write() on /mnt, block (it's > waiting for C). > > D: splice() from the same pipe to our socket > lock the pipe, see that socket is connected > try to lock the socket, block waiting for A > > B: get around to actually feeding a chunk from > pipe to file, try to lock the pipe. [from the page] [...] > Given > a/b - acquire a block b (eg, get read lock on superblock > rwsem) > > b/a - acquire b block a > > c - u->readlock > > d - pipe lock > > [*y] - blocks waiting for y > > > B a/b > > C b/a[*B] > > A c > A a/b[*C] > > D d > D c[*A] > > B d[*D] Some more explanations on this: There two groups of three in the above (X <- Y supposed to mean 'Y waits for X'), B <- C <- A and A <- D <- B. 'B blocking C blocking A' is really the same as if B was holding an abstract mutex m0 A wants. Likewise, A <- D <- B is equivalent to A holding an abstract mutex m1 B wants. Conceptually, there are two threads and two locks here, B: acquires m0 then m1 A: acquires m1 then m0 and because of the conflicting locking orders, the whole shoggoth deadlocks sooner or later (Fhtagn!). The obvious idea to fix this is to reverse either A or B. I think A should be reversed because that's probably easier (unless there's some technical problem with that I don't yet know of) and because this avoids a situation where some other thread which wants the readlock mutex has to wait until some completeld unrelated filesystem operations have completed. But theory only gets one so far and it would be good if someone capable of reproducing the problem tested this.