Received: by 10.223.176.46 with SMTP id f43csp1075661wra; Fri, 26 Jan 2018 11:26:49 -0800 (PST) X-Google-Smtp-Source: AH8x225bGzmCgepfY87sm/9nvQ27GSBRlSca9Sdf0zaquqn4rLviMADAjF5BMD+jOzn23j+VZ72R X-Received: by 10.99.117.1 with SMTP id q1mr16273060pgc.350.1516994809069; Fri, 26 Jan 2018 11:26:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516994809; cv=none; d=google.com; s=arc-20160816; b=Sq+8teFTdn7Ql5tNidy+NgVTBiQoZiset4JRvumR+VhfGVRo8afBGAUfEIqz/K5eO4 zWf5a6vMphsb4joLJ2DsZfqCsLfBD2YDa7twy/lmlLwn5/X1Mq/eAdhdJiOxxqXOQaNl VtajKYBvRc8m3NA3Ss6hntglLXWqanUAP1T/fpB+yvBWfTIuw4z4SsxCJEX0W0wqRgoW TSeYYZSfeadEN4tdz57fpXMCu9Oeyz6snlz7tC5vmQ5PqQdJBTggAaez6K9clhv2pDJb 3Jn649++V8WUtsD6XITyPS4/rh3CLaFPajUJ7C4hetQAo84z6Wko1kxdwlxrhdbIAunH 6X0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=TmimnvAq5Q0c2I8+28ZRxpSYT27j67zLDOS/5E3F0BI=; b=DHbyFrROHTqrnjPGFyRXwCha01DD7K5XLdEIRgMcT506FoX69uI2nLbxjVKA4P90OO o1teCRcgUsP3EFsHe36X4hSkjR3GYEqJUoiBCl5jjB3VGXYKnZGPxdo4vtNtyc1bq+pI ubbOmru07XvgFL64Ip9ye2sCEcIMVVcfKHlddqvKassRrhd45KXMN3pEx27QLe4j2Iwx K0zYUD76Xno+tzobuYaCIcZ3w5mycVbz/kPeDeT3vZaN6Zk5ZvYDS0OK1Mla9ZUn6dLe NBYb45R58szar4KewtsQiO8h51IGz5gZK9k7oo1QRIT0IXQCsgP4n3JC5HjQVlgyNnAN f4ww== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=OK/id3xS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z20-v6si4133021plo.73.2018.01.26.11.26.34; Fri, 26 Jan 2018 11:26:49 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=OK/id3xS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752981AbeAZTZt (ORCPT + 99 others); Fri, 26 Jan 2018 14:25:49 -0500 Received: from mail-io0-f193.google.com ([209.85.223.193]:43661 "EHLO mail-io0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752488AbeAZTZP (ORCPT ); Fri, 26 Jan 2018 14:25:15 -0500 Received: by mail-io0-f193.google.com with SMTP id 72so1506455iom.10 for ; Fri, 26 Jan 2018 11:25:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=TmimnvAq5Q0c2I8+28ZRxpSYT27j67zLDOS/5E3F0BI=; b=OK/id3xSpt+S3b9IWy/evZwnhRwA3Dy5LjL/q8c4IvAFybbXU6xCe1A98ETGYTzqaN quzE/GRYIpq9UT1f0VkSEv/mXh0VT03GLyuBIZMazQn2hg3QM6Td4GF+KhcQlZBVB2M1 Jcb7Lu0jb2ZRJQVuB+6KBQ72eCBfVzJIEvk2e9iMejdtavHegL4cMjWaIgbtCdBuT4h6 gANS9TYwpY52pOG2ayPuKsI1NXgjUMyojcdEkGPP4UVcOdr2ZrPQ5ZkN7o9SJrJSLaTM QaPnPLaC7Rr7fhnH7d+SvCgMi+mm48zxaXUzCJQ2X5B8kK0pOVI7ae4jl7M7wi7I0w51 5naw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=TmimnvAq5Q0c2I8+28ZRxpSYT27j67zLDOS/5E3F0BI=; b=lxeXJg8UB/EALsBTDbDKT7FgDSJ98pAAfxMETL7R3xbglF5Tn90Ewd/L+lNlx5w0xm mkokU+SAj7T2CV9wAzzkCK3A2jndpBuw1OiA2wdQoxXA6HNbjOd2HfnxgBYY24Et3EpF 84fZHrFjqUCtq0yaEHUtcgJjGYY2oCArY5ElXbC8ECqpGOxA3QqYmnB65ugcmOIFUeJ6 lWhbYCFqmbo1LN/+11OjVhnMr93SRFGZCn1xt5afW7jS8qT9fdjHzocRU08u+FFjhrJo CELSwq92MBBgAFWPSHBKr54je0Xrjo5acpVhHfolCpIXn5bDzbzBCfoDjNVQxE7BSTa6 6OAw== X-Gm-Message-State: AKwxytfaP1bngrZErIb8u+IXgkzfFJpzXKjm7ot1Sf5bSA0QTO8iqJYR 4avrI1ZzidUKWAcTznRhNRv7s3oFsIZxvHhP8OCZPw== X-Received: by 10.107.142.202 with SMTP id q193mr18254261iod.100.1516994714727; Fri, 26 Jan 2018 11:25:14 -0800 (PST) MIME-Version: 1.0 Received: by 10.107.172.135 with HTTP; Fri, 26 Jan 2018 11:25:14 -0800 (PST) In-Reply-To: References: <20180126024649.200330-1-joelaf@google.com> <20180126031346.GW13338@ZenIV.linux.org.uk> From: Joel Fernandes Date: Fri, 26 Jan 2018 11:25:14 -0800 Message-ID: Subject: Re: [PATCH] ashmem: Fix lockdep issue during llseek To: Al Viro Cc: LKML , Todd Kjos , Arve Hjonnevag , Greg Kroah-Hartman Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jan 26, 2018 at 11:23 AM, Joel Fernandes wrote: > Hi Al, > > On Thu, Jan 25, 2018 at 7:13 PM, Al Viro wrote: >> On Thu, Jan 25, 2018 at 06:46:49PM -0800, Joel Fernandes wrote: >>> ashmem_mutex create a chain of dependencies like so: >>> >>> (1) >>> mmap syscall -> >>> mmap_sem -> (acquired) >>> ashmem_mmap >>> ashmem_mutex (try to acquire) >>> (block) >>> >>> (2) >>> llseek syscall -> >>> ashmem_llseek -> >>> ashmem_mutex -> (acquired) >>> inode_lock -> >>> inode->i_rwsem (try to acquire) >>> (block) >>> >>> (3) >>> getdents -> >>> iterate_dir -> >>> inode_lock -> >>> inode->i_rwsem (acquired) >>> copy_to_user -> >>> mmap_sem (try to acquire) >>> >>> There is a lock ordering created between mmap_sem and inode->i_rwsem >>> during a syzcaller test, this patch fixes the issue by releasing the >>> ashmem_mutex before the call to vfs_llseek, and reacquiring it after. >> >> That looks odd. If this approach works, what the hell do you need >> ashmem_mutex for in ashmem_llseek() in the first place? What is >> it protecting there? > > I was just trying to be careful with the least intrusive solution > since I'm not the original author of the driver. > > But one usecase for the mutex is with concurrent lseeks, you can end > up with a file->f_pos that is different from the latest update to > asma->file->f_pos. A barrier could fix this it too though. Any > thoughts? > > ================================================================= > CPU 1 CPU 2 > > // vfs_llseek updated > // asma->file->f_pos to X > // vfs_llseek updated > // file->f_pos to Y > > asma->file->f_pos updated to Y > asma->file->f_pos updated to X > (lost write) > ================================================================= I screwed up the explanation here, this is what I had in mind: ================================================================= CPU 1 CPU 2 // vfs_llseek updated // asma->file->f_pos to X // vfs_llseek updated // asma->file->f_pos to Y file->f_pos updated to Y file->f_pos updated to X (lost write) ================================================================= Sorry, - Joel