From: ebiederm@xmission.com (Eric W. Biederman)
To: Tejun Heo <tj@kernel.org>
Cc: Alan Stern <stern@rowland.harvard.edu>,
Peter Zijlstra <peterz@infradead.org>,
Kernel development list <linux-kernel@vger.kernel.org>
Subject: Re: Lockdep false positive in sysfs
Date: Thu, 26 Apr 2012 01:16:05 -0700 [thread overview]
Message-ID: <m162cmewmy.fsf@fess.ebiederm.org> (raw)
In-Reply-To: <20120425215936.GC8989@google.com> (Tejun Heo's message of "Wed, 25 Apr 2012 14:59:36 -0700")
Tejun Heo <tj@kernel.org> writes:
> Hello, Alan.
>
> On Wed, Apr 25, 2012 at 02:58:28PM -0400, Alan Stern wrote:
>> Peter and Tejun:
>>
>> Here's my problem, which affects several sysfs attribute methods in the
>> USB subsystem:
>>
>> Sysfs attribute A is attached to a USB device D. When the user writes
>> to A, the corresponding store method unregisters D's children (it does
>> not unregister D, though).
>>
>> Now, some of these children may also be USB devices (i.e., if D is a
>> hub), and therefore may have the same set of sysfs attributes. As a
>> result, A's store method for D will end up removing the A attribute for
>> device E, where E is a child of D.
Before we get too far getting lockdep to shut up let me ask. Is this
really safe? The code looks like it tries to be safe but in the case
of recursion I don't buy it. You should be having this same problem
with other locks and I don't see the use of mutex_lock_nested anywhere.
I looked into this a couple years ago with regards to pci devices, and
my conclusion at the time was that the device core nor the pci
code was multi-thread hotplug safe, and that the easiest fix was
to use a single threaded workqueue.
What I see right now with the device_lock and usb looks better but
I'm not at all certain I believe that if you attempt to remove different
levels of the hierarchy at the same time from different processes
that this code is really safe. Could you explain to me how the
locking works in the usb layer to prevent problems with different
processes removing different layers of the same hierarchy?
Especially having it work without having having to do something
interesting with lockdep.
>> This causes lockdep to complain. When A's method is called, sysfs
>> tells lockdep that it holds a readlock for the s_active "rwsem"
>> associated with the A attribute for D. However the sysfs routine that
>> removes attributes tells lockdep that it is going to get a writelock
>> for the s_active associated with the A attribute for E, which is in the
>> same lockdep class since it belongs to the same attribute.
>
> Hmmm.... This happens because, by default, sysfs_dirents for the same
> attr share the same lockdep key. This happens from
> sysfs_dirent_init_lockdep(). Hmm.... we can,
>
> * Somehow assign different keys to sysfs_dirents for the specific
> attr. Use array of attrs indexed by bus depth?
Possible with sysfs_attr_init but pretty ugly. Especially since it
sounds like this is a situation that does not presuppose a maximum
depth. I do remember that the lockdep keys must be statically allocated
which makes this a challenge.
Or it might be a remote possibility to adapt things a little bit.
What makes this different from most of the recursing lock strategies
that I know of is that we are actually in fact taking the same
"lock" in the same place, and performing the same action.
> * Add a flag / whatever to attr indicating that the files of the
> attribute may be removed recursively (lockdep-wise) and update
> either read or write path to use subclass.
>
> Any better ideas?
I'm not going to worry about it too much until someone explains to me
how usb hotplug is really safe and how of all the locks taken to
make it happen somehow only the sysfs lock triggers a lockdep warning
because we are recursing. We should be seeing the same issue with
the device lock if the device lock actually provides sufficient
protection to be useful.
Eric
next prev parent reply other threads:[~2012-04-26 8:12 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-25 18:58 Lockdep false positive in sysfs Alan Stern
2012-04-25 21:59 ` Tejun Heo
2012-04-26 8:16 ` Eric W. Biederman [this message]
2012-04-26 18:14 ` Alan Stern
2012-04-26 22:17 ` Tejun Heo
2012-04-27 15:57 ` Alan Stern
2012-04-27 16:09 ` Tejun Heo
2012-05-03 21:30 ` Alan Stern
2012-05-04 16:52 ` Tejun Heo
2012-05-04 19:08 ` Alan Stern
2012-05-07 19:46 ` Tejun Heo
2012-05-07 21:51 ` Alan Stern
2012-05-07 21:55 ` Tejun Heo
2012-05-08 18:53 ` Alan Stern
2012-05-09 17:41 ` Tejun Heo
2012-05-09 17:47 ` Alan Stern
2012-05-09 17:48 ` Tejun Heo
2012-04-27 16:27 ` Eric W. Biederman
2012-04-27 18:27 ` Alan Stern
2012-04-27 20:17 ` Tejun Heo
2012-04-27 21:09 ` Eric W. Biederman
2012-04-27 21:16 ` Tejun Heo
2012-04-29 2:00 ` Alan Stern
2012-04-29 2:35 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m162cmewmy.fsf@fess.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=peterz@infradead.org \
--cc=stern@rowland.harvard.edu \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).