Received: by 2002:a5d:9c59:0:0:0:0:0 with SMTP id 25csp809597iof; Mon, 6 Jun 2022 12:56:05 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz2BGAHJ68p0bot03qOt3eICiNySJszeaqN6ZS9dmAk3m44hINwtTLnvXh9vhXJwTqAD20W X-Received: by 2002:a63:1c7:0:b0:3fb:cff3:f327 with SMTP id 190-20020a6301c7000000b003fbcff3f327mr22181933pgb.571.1654545364960; Mon, 06 Jun 2022 12:56:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1654545364; cv=none; d=google.com; s=arc-20160816; b=k3L6GguEUdSFoUOhYaXC/sLM+thcBrmA1D3rM+cl3jkdGhCJ1MLfdf2g2kaVZC5bJa tHj/idDmlQBONdQgjgLc0nXQ4EbLR/IlsRAdw71DIFa1ada8k/RDxt3wKXeT75jUM41Z xwmJOufvF7nGUj6GrzB2aCduqbJBF9Xy/EyoSO0mRKLAhBQHnrMHp/qgqgXFYTKN55V3 4++GCT8cxxpkY9PHSE/199vMMGSRYjtztTjb1v1soEJA4xXhAiYO76zvjGa7MD9B7Euy k3yz1X7QblEjkjEcw+xWkliJOjD5AA1dca5Dun5MdSTqAaipDu85Vq0TSoRFV4gfHu6L ajHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=qXYqp07Gt1ZtS5TmqPmPcYjNyQa7EHn+PPqLupxduxE=; b=OHfxsPh1W4+HDr7RBmAvc6mxUoy0KeG9Hav3Y2IeASoOEUJ3A5KtyZtskkRMcV91X0 Q/LzfgmxoaLRVJjQVYCQBYzyiEWxfRVPF6kzS/Ya4Obzj12jCE7LkDlZsSXmWmJr9MNi OV3ALd8vJ4ZMwCTSmHrXpSH0eaKiTpCoRnFKAywh0wyItzq7Oe9upM7QY43w+6lfS2sP RRnZLfhd89oQaklF63quzq89kvCo+4yfaH7Nuy8sI5Zibwl5djYqD/6FctviSPQEpOta iZbWJsWmdKSfzrYivg16Y6x413Oj6sq/Wa7/D1D/1G1oMmcodoIAR4ZULyu1yj8lxowA 3+sQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=e5deP955; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t20-20020a170902d29400b00161a8960004si18078327plc.473.2022.06.06.12.55.52; Mon, 06 Jun 2022 12:56:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=e5deP955; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231760AbiFFS2s (ORCPT + 99 others); Mon, 6 Jun 2022 14:28:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50852 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231782AbiFFS2p (ORCPT ); Mon, 6 Jun 2022 14:28:45 -0400 Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6F04E1AF6EB for ; Mon, 6 Jun 2022 11:28:44 -0700 (PDT) Received: by mail-ej1-x62e.google.com with SMTP id fu3so29099827ejc.7 for ; Mon, 06 Jun 2022 11:28:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qXYqp07Gt1ZtS5TmqPmPcYjNyQa7EHn+PPqLupxduxE=; b=e5deP955cqquSyg6oIIx3CAf8kgiTaqIY9bcnFfEj7ZLflDPPAW86Emcn95M8HZaCC 42qc7J70nZug2SNdJKjJgyCMPhAPg0LD/D4YMTCvWKzcs83etYmdBaLlq/Isztw3LXqz giP1rEm6h5Y0md23q+Lg6Uqv0VYv58smLzap0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qXYqp07Gt1ZtS5TmqPmPcYjNyQa7EHn+PPqLupxduxE=; b=vAoS3DiEJ8FDrEdY0yfVmsD6LOnxQdjNmrzHkvJxKpwWw9ZKv7VHQgEN1Fuh+xopX5 3YZLiFTeDVLA7Qnmjk/grXZkndpZCH39oCFDjW0HFL9nyExKvSTfFjAnJ7s3zk7Ea7ij 5xkXAjnmk5ggGc51s562F9r52qj1bo/gQ3DEaMRmpievOFdBw6U0TyTBRmUD1SanPpgV /gy0zeuZZRuwKApKLl+NpV+3uORhfnEg9s9pilsVXzbwjlOwbv3zbgOvJGUY3aAG4P2R tmcemwnhFJJp5eGuYBtqz0tAzi0EXjLiskHOwNQn+AcprHp/eJumLtlkWIp5qGx2DENP mSJw== X-Gm-Message-State: AOAM5331y3ece+Hn/LBLNUuOXtWBojAQUTNxi5BinWj9nD+BUSmDkzRb vx+eDuL2X2fifR5vr9TckvvXn8XH1GbRspgakjc= X-Received: by 2002:a17:907:96a0:b0:6fe:c2c7:5c66 with SMTP id hd32-20020a17090796a000b006fec2c75c66mr22855675ejc.756.1654540122687; Mon, 06 Jun 2022 11:28:42 -0700 (PDT) Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com. [209.85.221.53]) by smtp.gmail.com with ESMTPSA id q24-20020aa7d458000000b0042aad9edc9bsm9142120edr.71.2022.06.06.11.28.40 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 06 Jun 2022 11:28:41 -0700 (PDT) Received: by mail-wr1-f53.google.com with SMTP id d14so11968638wra.10 for ; Mon, 06 Jun 2022 11:28:40 -0700 (PDT) X-Received: by 2002:a05:6000:1b0f:b0:210:313a:ef2a with SMTP id f15-20020a0560001b0f00b00210313aef2amr22896573wrz.281.1654540120455; Mon, 06 Jun 2022 11:28:40 -0700 (PDT) MIME-Version: 1.0 References: <226cee6a-6ca1-b603-db08-8500cd8f77b7@gnuweeb.org> <87r1414y5v.fsf@email.froward.int.ebiederm.org> In-Reply-To: <87r1414y5v.fsf@email.froward.int.ebiederm.org> From: Linus Torvalds Date: Mon, 6 Jun 2022 11:28:23 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Linux 5.18-rc4 To: "Eric W. Biederman" Cc: Ammar Faizi , John Johansen , James Morris , LSM List , Linux Kernel Mailing List , Al Viro , Kees Cook , "" , Linux-MM , gwml@vger.gnuweeb.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jun 6, 2022 at 8:19 AM Eric W. Biederman wrote: > Has anyone looked into this lock ordering issues? The deadlock is > >> [78140.503821] CPU0 CPU1 > >> [78140.503823] ---- ---- > >> [78140.503824] lock(&newf->file_lock); > >> [78140.503826] lock(&p->alloc_lock); > >> [78140.503828] lock(&newf->file_lock); > >> [78140.503830] lock(&ctx->lock); and the alloc_lock -> file_lock on CPU1 is trivial - it's seq_show() in fs/proc/fd.c: task_lock(task); files = task->files; if (files) { unsigned int fd = proc_fd(m->private); spin_lock(&files->file_lock); and that looks all normal. But the other chains look painful. I do see the IPC code doing ugly things, in particular I detest this code: task_lock(current); list_add(&shp->shm_clist, ¤t->sysvshm.shm_clist); task_unlock(current); where it is using the task lock to protect the shm_clist list. Nasty. And it's doing that inside the shm_ids.rwsem lock _and_ inside the shp->shm_perm.lock. So the IPC code has newseg() doing shmget -> ipcget(): down_write(ids->rwsem) -> newseg(): ipc_addid gets perm->lock task_lock(current) so you have ids->rwsem -> perm->lock -> alloc_lock there. So now we have that ids->rwsem -> ipcperm->lock -> alloc_lock -> file_lock when you put those sequences together. But I didn't figure out what the security subsystem angle is and how that then apparently mixes things up with execve. Yes, newseg() is doing that error = security_shm_alloc(&shp->shm_perm); while holding rwsem, but I can't see how that matters. From the lockdep output, rwsem doesn't actually seem to be part of the whole sequence. It *looks* like we have apparmour ctx->lock --> radix_tree_preloads.lock --> ipcperm->lock and apparently that's called under the file_lock somewhere, completing the circle. I guess the execve component is that begin_new_exec -> security_bprm_committing_creds -> apparmor_bprm_committing_creds -> aa_inherit_files -> iterate_fd -> *takes file_lock* match_file -> aa_file_perm -> update_file_ctx *takes ctx->lock* so that's how you get file_lock -> ctx->lock. So you have: SHMGET: ipcperm->lock -> alloc_lock /proc: alloc_lock -> file_lock apparmor_bprm_committing_creds: file_lock -> ctx->lock and then all you need is ctx->lock -> ipcperm->lock but I didn't find that part. I suspect that part is that both Apparmor and IPC use the idr local lock. Linus