From: Mateusz Guzik <mguzik@redhat.com>
To: Cong Wang <xiyou.wangcong@gmail.com>
Cc: Dmitry Vyukov <dvyukov@google.com>,
Al Viro <viro@zeniv.linux.org.uk>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
David Miller <davem@davemloft.net>,
Rainer Weikusat <rweikusat@mobileactivedefense.com>,
Hannes Frederic Sowa <hannes@stressinduktion.org>,
netdev <netdev@vger.kernel.org>,
Eric Dumazet <edumazet@google.com>,
syzkaller <syzkaller@googlegroups.com>
Subject: Re: fs, net: deadlock between bind/splice on af_unix
Date: Fri, 27 Jan 2017 07:41:43 +0100 [thread overview]
Message-ID: <20170127064143.ddyt43iglu2odlld@dhcp-1-212.brq.redhat.com> (raw)
In-Reply-To: <CAM_iQpXqqmAGPbo6jNJV4bOco9sfvXukNAxYPp4tfL=CNwF-RA@mail.gmail.com>
On Thu, Jan 26, 2017 at 09:11:07PM -0800, Cong Wang wrote:
> On Thu, Jan 26, 2017 at 3:29 PM, Mateusz Guzik <mguzik@redhat.com> wrote:
> > On Tue, Jan 17, 2017 at 01:21:48PM -0800, Cong Wang wrote:
> >> On Mon, Jan 16, 2017 at 1:32 AM, Dmitry Vyukov <dvyukov@google.com> wrote:
> >> > On Fri, Dec 9, 2016 at 7:41 AM, Al Viro <viro@zeniv.linux.org.uk> wrote:
> >> >> On Thu, Dec 08, 2016 at 10:32:00PM -0800, Cong Wang wrote:
> >> >>
> >> >>> > Why do we do autobind there, anyway, and why is it conditional on
> >> >>> > SOCK_PASSCRED? Note that e.g. for SOCK_STREAM we can bloody well get
> >> >>> > to sending stuff without autobind ever done - just use socketpair()
> >> >>> > to create that sucker and we won't be going through the connect()
> >> >>> > at all.
> >> >>>
> >> >>> In the case Dmitry reported, unix_dgram_sendmsg() calls unix_autobind(),
> >> >>> not SOCK_STREAM.
> >> >>
> >> >> Yes, I've noticed. What I'm asking is what in there needs autobind triggered
> >> >> on sendmsg and why doesn't the same need affect the SOCK_STREAM case?
> >> >>
> >> >>> I guess some lock, perhaps the u->bindlock could be dropped before
> >> >>> acquiring the next one (sb_writer), but I need to double check.
> >> >>
> >> >> Bad idea, IMO - do you *want* autobind being able to come through while
> >> >> bind(2) is busy with mknod?
> >> >
> >> >
> >> > Ping. This is still happening on HEAD.
> >> >
> >>
> >> Thanks for your reminder. Mind to give the attached patch (compile only)
> >> a try? I take another approach to fix this deadlock, which moves the
> >> unix_mknod() out of unix->bindlock. Not sure if there is any unexpected
> >> impact with this way.
> >>
> >
> > I don't think this is the right approach.
> >
> > Currently the file creation is potponed until unix_bind can no longer
> > fail otherwise. With it reordered, it may be someone races you with a
> > different path and now you are left with a file to clean up. Except it
> > is quite unclear for me if you can unlink it.
>
> What races do you mean here? If you mean someone could get a
> refcount of that file, it could happen no matter we have bindlock or not
> since it is visible once created. The filesystem layer should take care of
> the file refcount so all we need to do here is calling path_put() as in my
> patch. Or if you mean two threads calling unix_bind() could race without
> binlock, only one of them should succeed the other one just fails out.
Two threads can race and one fails with EINVAL.
With your patch there is a new file created and it is unclear what to
do with it - leaving it as it is sounds like the last resort and
unlinking it sounds extremely fishy as it opens you to games played by
the user.
next prev parent reply other threads:[~2017-01-27 6:44 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-08 14:47 fs, net: deadlock between bind/splice on af_unix Dmitry Vyukov
2016-12-08 16:30 ` Dmitry Vyukov
2016-12-09 0:08 ` Cong Wang
2016-12-09 1:32 ` Al Viro
2016-12-09 6:32 ` Cong Wang
2016-12-09 6:41 ` Al Viro
2017-01-16 9:32 ` Dmitry Vyukov
2017-01-17 21:21 ` Cong Wang
2017-01-18 9:17 ` Dmitry Vyukov
2017-01-20 4:57 ` Cong Wang
2017-01-20 22:52 ` Dmitry Vyukov
2017-01-23 19:00 ` Cong Wang
2017-01-26 23:29 ` Mateusz Guzik
2017-01-27 5:11 ` Cong Wang
2017-01-27 6:41 ` Mateusz Guzik [this message]
2017-01-31 6:44 ` Cong Wang
2017-01-31 18:14 ` Mateusz Guzik
2017-02-06 7:22 ` Cong Wang
2017-02-07 14:20 ` Mateusz Guzik
2017-02-10 1:37 ` Cong Wang
2017-01-17 8:07 ` Eric W. Biederman
[not found] ` <065031f0-27c5-443d-82f9-2f475fcef8c3@googlegroups.com>
2017-06-23 16:30 ` Cong Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170127064143.ddyt43iglu2odlld@dhcp-1-212.brq.redhat.com \
--to=mguzik@redhat.com \
--cc=davem@davemloft.net \
--cc=dvyukov@google.com \
--cc=edumazet@google.com \
--cc=hannes@stressinduktion.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=rweikusat@mobileactivedefense.com \
--cc=syzkaller@googlegroups.com \
--cc=viro@zeniv.linux.org.uk \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).