diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2016-09-01 17:43:53 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2016-09-04 16:29:29 -0400 |
| commit | 6e1ce3c3451291142a57c4f3f6f999a29fb5b3bc (patch) | |
| tree | 44c5431d3f3ee9b9cffe3415f0b359091f52efff /net/unix/af_unix.c | |
| parent | 38f7bd94a97b542de86a2be9229289717e33a7a4 (diff) | |
af_unix: split 'u->readlock' into two: 'iolock' and 'bindlock'
Right now we use the 'readlock' both for protecting some of the af_unix
IO path and for making the bind be single-threaded.
The two are independent, but using the same lock makes for a nasty
deadlock due to ordering with regards to filesystem locking. The bind
locking would want to nest outside the VSF pathname locking, but the IO
locking wants to nest inside some of those same locks.
We tried to fix this earlier with commit c845acb324aa ("af_unix: Fix
splice-bind deadlock") which moved the readlock inside the vfs locks,
but that caused problems with overlayfs that will then call back into
filesystem routines that take the lock in the wrong order anyway.
Splitting the locks means that we can go back to having the bind lock be
the outermost lock, and we don't have any deadlocks with lock ordering.
Acked-by: Rainer Weikusat <rweikusat@cyberadapt.com>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/unix/af_unix.c')
| -rw-r--r-- | net/unix/af_unix.c | 45 |
1 files changed, 23 insertions, 22 deletions
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index 433ae1bbef97..8309687a56b0 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c | |||
| @@ -661,11 +661,11 @@ static int unix_set_peek_off(struct sock *sk, int val) | |||
| 661 | { | 661 | { |
| 662 | struct unix_sock *u = unix_sk(sk); | 662 | struct unix_sock *u = unix_sk(sk); |
| 663 | 663 | ||
| 664 | if (mutex_lock_interruptible(&u->readlock)) | 664 | if (mutex_lock_interruptible(&u->iolock)) |
| 665 | return -EINTR; | 665 | return -EINTR; |
| 666 | 666 | ||
| 667 | sk->sk_peek_off = val; | 667 | sk->sk_peek_off = val; |
| 668 | mutex_unlock(&u->readlock); | 668 | mutex_unlock(&u->iolock); |
| 669 | 669 | ||
| 670 | return 0; | 670 | return 0; |
| 671 | } | 671 | } |
| @@ -779,7 +779,8 @@ static struct sock *unix_create1(struct net *net, struct socket *sock, int kern) | |||
| 779 | spin_lock_init(&u->lock); | 779 | spin_lock_init(&u->lock); |
| 780 | atomic_long_set(&u->inflight, 0); | 780 | atomic_long_set(&u->inflight, 0); |
| 781 | INIT_LIST_HEAD(&u->link); | 781 | INIT_LIST_HEAD(&u->link); |
| 782 | mutex_init(&u->readlock); /* single task reading lock */ | 782 | mutex_init(&u->iolock); /* single task reading lock */ |
| 783 | mutex_init(&u->bindlock); /* single task binding lock */ | ||
| 783 | init_waitqueue_head(&u->peer_wait); | 784 | init_waitqueue_head(&u->peer_wait); |
| 784 | init_waitqueue_func_entry(&u->peer_wake, unix_dgram_peer_wake_relay); | 785 | init_waitqueue_func_entry(&u->peer_wake, unix_dgram_peer_wake_relay); |
| 785 | unix_insert_socket(unix_sockets_unbound(sk), sk); | 786 | unix_insert_socket(unix_sockets_unbound(sk), sk); |
| @@ -848,7 +849,7 @@ static int unix_autobind(struct socket *sock) | |||
| 848 | int err; | 849 | int err; |
| 849 | unsigned int retries = 0; | 850 | unsigned int retries = 0; |
| 850 | 851 | ||
| 851 | err = mutex_lock_interruptible(&u->readlock); | 852 | err = mutex_lock_interruptible(&u->bindlock); |
| 852 | if (err) | 853 | if (err) |
| 853 | return err; | 854 | return err; |
| 854 | 855 | ||
| @@ -895,7 +896,7 @@ retry: | |||
| 895 | spin_unlock(&unix_table_lock); | 896 | spin_unlock(&unix_table_lock); |
| 896 | err = 0; | 897 | err = 0; |
| 897 | 898 | ||
| 898 | out: mutex_unlock(&u->readlock); | 899 | out: mutex_unlock(&u->bindlock); |
| 899 | return err; | 900 | return err; |
| 900 | } | 901 | } |
| 901 | 902 | ||
| @@ -1009,7 +1010,7 @@ static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) | |||
| 1009 | goto out; | 1010 | goto out; |
| 1010 | addr_len = err; | 1011 | addr_len = err; |
| 1011 | 1012 | ||
| 1012 | err = mutex_lock_interruptible(&u->readlock); | 1013 | err = mutex_lock_interruptible(&u->bindlock); |
| 1013 | if (err) | 1014 | if (err) |
| 1014 | goto out; | 1015 | goto out; |
| 1015 | 1016 | ||
| @@ -1063,7 +1064,7 @@ static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) | |||
| 1063 | out_unlock: | 1064 | out_unlock: |
| 1064 | spin_unlock(&unix_table_lock); | 1065 | spin_unlock(&unix_table_lock); |
| 1065 | out_up: | 1066 | out_up: |
| 1066 | mutex_unlock(&u->readlock); | 1067 | mutex_unlock(&u->bindlock); |
| 1067 | out: | 1068 | out: |
| 1068 | return err; | 1069 | return err; |
| 1069 | } | 1070 | } |
| @@ -1955,17 +1956,17 @@ static ssize_t unix_stream_sendpage(struct socket *socket, struct page *page, | |||
| 1955 | if (false) { | 1956 | if (false) { |
| 1956 | alloc_skb: | 1957 | alloc_skb: |
| 1957 | unix_state_unlock(other); | 1958 | unix_state_unlock(other); |
| 1958 | mutex_unlock(&unix_sk(other)->readlock); | 1959 | mutex_unlock(&unix_sk(other)->iolock); |
| 1959 | newskb = sock_alloc_send_pskb(sk, 0, 0, flags & MSG_DONTWAIT, | 1960 | newskb = sock_alloc_send_pskb(sk, 0, 0, flags & MSG_DONTWAIT, |
| 1960 | &err, 0); | 1961 | &err, 0); |
| 1961 | if (!newskb) | 1962 | if (!newskb) |
| 1962 | goto err; | 1963 | goto err; |
| 1963 | } | 1964 | } |
| 1964 | 1965 | ||
| 1965 | /* we must acquire readlock as we modify already present | 1966 | /* we must acquire iolock as we modify already present |
| 1966 | * skbs in the sk_receive_queue and mess with skb->len | 1967 | * skbs in the sk_receive_queue and mess with skb->len |
| 1967 | */ | 1968 | */ |
| 1968 | err = mutex_lock_interruptible(&unix_sk(other)->readlock); | 1969 | err = mutex_lock_interruptible(&unix_sk(other)->iolock); |
| 1969 | if (err) { | 1970 | if (err) { |
| 1970 | err = flags & MSG_DONTWAIT ? -EAGAIN : -ERESTARTSYS; | 1971 | err = flags & MSG_DONTWAIT ? -EAGAIN : -ERESTARTSYS; |
| 1971 | goto err; | 1972 | goto err; |
| @@ -2032,7 +2033,7 @@ alloc_skb: | |||
| 2032 | } | 2033 | } |
| 2033 | 2034 | ||
| 2034 | unix_state_unlock(other); | 2035 | unix_state_unlock(other); |
| 2035 | mutex_unlock(&unix_sk(other)->readlock); | 2036 | mutex_unlock(&unix_sk(other)->iolock); |
| 2036 | 2037 | ||
| 2037 | other->sk_data_ready(other); | 2038 | other->sk_data_ready(other); |
| 2038 | scm_destroy(&scm); | 2039 | scm_destroy(&scm); |
| @@ -2041,7 +2042,7 @@ alloc_skb: | |||
| 2041 | err_state_unlock: | 2042 | err_state_unlock: |
| 2042 | unix_state_unlock(other); | 2043 | unix_state_unlock(other); |
| 2043 | err_unlock: | 2044 | err_unlock: |
| 2044 | mutex_unlock(&unix_sk(other)->readlock); | 2045 | mutex_unlock(&unix_sk(other)->iolock); |
| 2045 | err: | 2046 | err: |
| 2046 | kfree_skb(newskb); | 2047 | kfree_skb(newskb); |
| 2047 | if (send_sigpipe && !(flags & MSG_NOSIGNAL)) | 2048 | if (send_sigpipe && !(flags & MSG_NOSIGNAL)) |
| @@ -2109,7 +2110,7 @@ static int unix_dgram_recvmsg(struct socket *sock, struct msghdr *msg, | |||
| 2109 | timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); | 2110 | timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); |
| 2110 | 2111 | ||
| 2111 | do { | 2112 | do { |
| 2112 | mutex_lock(&u->readlock); | 2113 | mutex_lock(&u->iolock); |
| 2113 | 2114 | ||
| 2114 | skip = sk_peek_offset(sk, flags); | 2115 | skip = sk_peek_offset(sk, flags); |
| 2115 | skb = __skb_try_recv_datagram(sk, flags, &peeked, &skip, &err, | 2116 | skb = __skb_try_recv_datagram(sk, flags, &peeked, &skip, &err, |
| @@ -2117,14 +2118,14 @@ static int unix_dgram_recvmsg(struct socket *sock, struct msghdr *msg, | |||
| 2117 | if (skb) | 2118 | if (skb) |
| 2118 | break; | 2119 | break; |
| 2119 | 2120 | ||
| 2120 | mutex_unlock(&u->readlock); | 2121 | mutex_unlock(&u->iolock); |
| 2121 | 2122 | ||
| 2122 | if (err != -EAGAIN) | 2123 | if (err != -EAGAIN) |
| 2123 | break; | 2124 | break; |
| 2124 | } while (timeo && | 2125 | } while (timeo && |
| 2125 | !__skb_wait_for_more_packets(sk, &err, &timeo, last)); | 2126 | !__skb_wait_for_more_packets(sk, &err, &timeo, last)); |
| 2126 | 2127 | ||
| 2127 | if (!skb) { /* implies readlock unlocked */ | 2128 | if (!skb) { /* implies iolock unlocked */ |
| 2128 | unix_state_lock(sk); | 2129 | unix_state_lock(sk); |
| 2129 | /* Signal EOF on disconnected non-blocking SEQPACKET socket. */ | 2130 | /* Signal EOF on disconnected non-blocking SEQPACKET socket. */ |
| 2130 | if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN && | 2131 | if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN && |
| @@ -2189,7 +2190,7 @@ static int unix_dgram_recvmsg(struct socket *sock, struct msghdr *msg, | |||
| 2189 | 2190 | ||
| 2190 | out_free: | 2191 | out_free: |
| 2191 | skb_free_datagram(sk, skb); | 2192 | skb_free_datagram(sk, skb); |
| 2192 | mutex_unlock(&u->readlock); | 2193 | mutex_unlock(&u->iolock); |
| 2193 | out: | 2194 | out: |
| 2194 | return err; | 2195 | return err; |
| 2195 | } | 2196 | } |
| @@ -2284,7 +2285,7 @@ static int unix_stream_read_generic(struct unix_stream_read_state *state) | |||
| 2284 | /* Lock the socket to prevent queue disordering | 2285 | /* Lock the socket to prevent queue disordering |
| 2285 | * while sleeps in memcpy_tomsg | 2286 | * while sleeps in memcpy_tomsg |
| 2286 | */ | 2287 | */ |
| 2287 | mutex_lock(&u->readlock); | 2288 | mutex_lock(&u->iolock); |
| 2288 | 2289 | ||
| 2289 | if (flags & MSG_PEEK) | 2290 | if (flags & MSG_PEEK) |
| 2290 | skip = sk_peek_offset(sk, flags); | 2291 | skip = sk_peek_offset(sk, flags); |
| @@ -2326,7 +2327,7 @@ again: | |||
| 2326 | break; | 2327 | break; |
| 2327 | } | 2328 | } |
| 2328 | 2329 | ||
| 2329 | mutex_unlock(&u->readlock); | 2330 | mutex_unlock(&u->iolock); |
| 2330 | 2331 | ||
| 2331 | timeo = unix_stream_data_wait(sk, timeo, last, | 2332 | timeo = unix_stream_data_wait(sk, timeo, last, |
| 2332 | last_len); | 2333 | last_len); |
| @@ -2337,7 +2338,7 @@ again: | |||
| 2337 | goto out; | 2338 | goto out; |
| 2338 | } | 2339 | } |
| 2339 | 2340 | ||
| 2340 | mutex_lock(&u->readlock); | 2341 | mutex_lock(&u->iolock); |
| 2341 | goto redo; | 2342 | goto redo; |
| 2342 | unlock: | 2343 | unlock: |
| 2343 | unix_state_unlock(sk); | 2344 | unix_state_unlock(sk); |
| @@ -2440,7 +2441,7 @@ unlock: | |||
| 2440 | } | 2441 | } |
| 2441 | } while (size); | 2442 | } while (size); |
| 2442 | 2443 | ||
| 2443 | mutex_unlock(&u->readlock); | 2444 | mutex_unlock(&u->iolock); |
| 2444 | if (state->msg) | 2445 | if (state->msg) |
| 2445 | scm_recv(sock, state->msg, &scm, flags); | 2446 | scm_recv(sock, state->msg, &scm, flags); |
| 2446 | else | 2447 | else |
| @@ -2481,9 +2482,9 @@ static ssize_t skb_unix_socket_splice(struct sock *sk, | |||
| 2481 | int ret; | 2482 | int ret; |
| 2482 | struct unix_sock *u = unix_sk(sk); | 2483 | struct unix_sock *u = unix_sk(sk); |
| 2483 | 2484 | ||
| 2484 | mutex_unlock(&u->readlock); | 2485 | mutex_unlock(&u->iolock); |
| 2485 | ret = splice_to_pipe(pipe, spd); | 2486 | ret = splice_to_pipe(pipe, spd); |
| 2486 | mutex_lock(&u->readlock); | 2487 | mutex_lock(&u->iolock); |
| 2487 | 2488 | ||
| 2488 | return ret; | 2489 | return ret; |
| 2489 | } | 2490 | } |