Received: by 2002:a05:7412:ba23:b0:fa:4c10:6cad with SMTP id jp35csp288500rdb; Thu, 18 Jan 2024 03:47:34 -0800 (PST) X-Google-Smtp-Source: AGHT+IGaIhqyWyDzPuAeKb/O63jRLF4iynLSNFHEa3fmZSXh2FXT7Vku1pK2+/Mp3LojcGgkFAxg X-Received: by 2002:a05:6a00:439a:b0:6db:9d9a:d238 with SMTP id bt26-20020a056a00439a00b006db9d9ad238mr599685pfb.33.1705578453952; Thu, 18 Jan 2024 03:47:33 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705578453; cv=pass; d=google.com; s=arc-20160816; b=nbMDIZJ301MsbGX+X+5+64ilLOPN3Ff/QekgDRKcl00c/zjJrx8WyfxEClExjw0RIK r8U21r9WtiUrIaGh+W0umO5F5R6N2Su238Lri9MtM6iAN1Y735f7B48UV0Xpb+HsO4ec 6VXXnp7S7Xp4S6bvUIx+0dbes5uUXit5kLCWfO2TYMhFzQBajk0a5MfnDo0XeZx9QgBt fjsa51ob9kYfXClM8nb6qDqwBaaa0BDH/Ihd4ZCxrtlzbp3qXSr1ZoOM7RmaEx+b9Ck1 Hon0TdkSWxVZn1LsisJ4sVYYe0KhrxFX3RSrn3ULXFTw8lzcUqGm/upJMyk9xYhpfqnz /SbA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=qJvwsRKxzZj3GmW7wsBKUurFc7o5/ueXdaITeNdE7wk=; fh=ssImGKugN+A82WkGLfBbmgjn0cJ27Ko2STXvU0uWUW4=; b=e/lJNHRgJyVYCmI6J0BF7nQWus9Zdm++VByfn3EMJ9R2axL9lxYFympufeECdJEq8B P7th4FWMyfYV6hA3zYw/aPSZciHSmncRqn+vyjNKy6o5f34e8O+TFMi1CR9KoOLUasrz eBU3DUTNeqtbVYNEeEsOWlOMuSeaaC1LUX/yzBvbaYmgAjen06ImFj45NKFbFnP5xfLE 9+hWig+T+knatA6Q5QeYXoBq5som9lHP4znxCMLMli5EBLiE4A9xNVOoyYLDcYQTCGfB 7VjPvf4NrPJx69+SeYsL2iGY4YhLh8xTRYA2MszdxtmYkrJ3d0AQ/H5PJjtO48YdyGu5 UEGQ== ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=sina.com); spf=pass (google.com: domain of linux-kernel+bounces-30065-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-30065-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id bw23-20020a056a02049700b005c5e24d4364si1362292pgb.428.2024.01.18.03.47.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jan 2024 03:47:33 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-30065-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=sina.com); spf=pass (google.com: domain of linux-kernel+bounces-30065-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-30065-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 0D9C3284F8D for ; Thu, 18 Jan 2024 11:47:33 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 12B7124206; Thu, 18 Jan 2024 11:47:30 +0000 (UTC) Received: from mail115-79.sinamail.sina.com.cn (mail115-79.sinamail.sina.com.cn [218.30.115.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5A933241E7 for ; Thu, 18 Jan 2024 11:47:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=218.30.115.79 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705578449; cv=none; b=uAeAFhZCw6hziZf9BcKLf6tI9Fn2vGhuq+foaYjWKLjvrdXNgKZjr0/B124Ck1uEn74Mf0pUCjJgFaDx+acEPbiHHk3TPEDCiJ2OLy5H00UQX5LZsXqb7uAhzvhepxO5j9oQRDxsbnYrlkz6xVU0ZYxG6wnQl5Xji/u03I3Yfao= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705578449; c=relaxed/simple; bh=4AZLLLj6En0qd1g7HVU8YDlmftcG2SxF4s3d6xqbXkk=; h=X-SMAIL-HELO:Received:X-Sender:X-Auth-ID:X-SMAIL-MID:X-SMAIL-UIID: From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Transfer-Encoding; b=jvrQp1wQzhxNX/58FcZbLswmXyV+YkiUnvwqLs7fjgwCN3woRZV9fWycOZrWzvFWT3BV/9wh4itXuHkf2njWA488dDGUYccSk5IrpPubw+ziQXCQZo0pPOOJ51Wn9sxBvtC9CusyiuUxVsOjhGHhfzqzbL2YHRDXelgrkQ5nMPk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=sina.com; spf=pass smtp.mailfrom=sina.com; arc=none smtp.client-ip=218.30.115.79 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=sina.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=sina.com X-SMAIL-HELO: localhost.localdomain Received: from unknown (HELO localhost.localdomain)([116.25.116.10]) by sina.com (10.75.12.45) with ESMTP id 65A90FA1000003BF; Thu, 18 Jan 2024 19:46:44 +0800 (CST) X-Sender: hdanton@sina.com X-Auth-ID: hdanton@sina.com Authentication-Results: sina.com; spf=none smtp.mailfrom=hdanton@sina.com; dkim=none header.i=none; dmarc=none action=none header.from=hdanton@sina.com X-SMAIL-MID: 28741731457794 X-SMAIL-UIID: 9A0FB41A7E02475087B772CEB43C0DD1-20240118-194644-1 From: Hillf Danton To: shaozhengchao Cc: linux-kernel@vger.kernel.org, netdev@vger.kernel.org, Davidlohr Bueso , Manfred Spraul , jack@suse.cz Subject: Re: [PATCH v2] ipc/mqueue: fix potential sleeping issue in mqueue_flush_file Date: Thu, 18 Jan 2024 19:46:31 +0800 Message-Id: <20240118114631.1490-1-hdanton@sina.com> In-Reply-To: References: <20231220021208.2634523-1-shaozhengchao@huawei.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit On 2023/12/20 10:12, Zhengchao Shao wrote: > I analyze the potential sleeping issue of the following processes: > Thread A Thread B > ... netlink_create //ref = 1 > do_mq_notify ... > sock = netlink_getsockbyfilp ... //ref = 2 > info->notify_sock = sock; ... > ... netlink_sendmsg > ... skb = netlink_alloc_large_skb //skb->head is vmalloced > ... netlink_unicast > ... sk = netlink_getsockbyportid //ref = 3 > ... netlink_sendskb > ... __netlink_sendskb > ... skb_queue_tail //put skb to sk_receive_queue > ... sock_put //ref = 2 > ... ... > ... netlink_release > ... deferred_put_nlk_sk //ref = 1 > mqueue_flush_file > spin_lock > remove_notification > netlink_sendskb > sock_put //ref = 0 > sk_free > ... > __sk_destruct > netlink_sock_destruct > skb_queue_purge //get skb from sk_receive_queue > ... > __skb_queue_purge_reason > kfree_skb_reason > __kfree_skb > ... > skb_release_all > skb_release_head_state > netlink_skb_destructor > vfree(skb->head) //sleeping while holding spinlock > > In netlink_sendmsg, if the memory pointed to by skb->head is allocated by > vmalloc, and is put to sk_receive_queue queue, also the skb is not freed. > When the mqueue executes flush, the sleeping bug will occur. Use mutex > lock instead of spin lock in mqueue_flush_file. It makes no sense to replace spinlock with mutex just for putting sock. Only for thoughts. --- x/ipc/mqueue.c +++ y/ipc/mqueue.c @@ -663,12 +663,17 @@ static ssize_t mqueue_read_file(struct f static int mqueue_flush_file(struct file *filp, fl_owner_t id) { struct mqueue_inode_info *info = MQUEUE_I(file_inode(filp)); + struct sock *sk = NULL; spin_lock(&info->lock); - if (task_tgid(current) == info->notify_owner) + if (task_tgid(current) == info->notify_owner) { + sk = info->notify_sock; + sock_hold(sk); remove_notification(info); - + } spin_unlock(&info->lock); + if (sk) + sock_put(sk); return 0; }