On Fri, May 03, 2024 at 08:31:36AM -0600, Alex Williamson wrote: > Lockdep reports the below circular locking dependency issue. The > mmap_lock acquisition while holding pci_bus_sem is due to the use of > copy_to_user() from within a pci_walk_bus() callback. > > Building the devices array directly into the user buffer is only for > convenience. Instead we can allocate a local buffer for the array, > bounded by the number of devices on the bus/slot, fill the device > information into this local buffer, then copy it into the user buffer > outside the bus walk callback. > Chain exists of: > &vdev->vma_lock --> pci_bus_sem --> &mm->mmap_lock > > Possible unsafe locking scenario: > > block dm-0: the capability attribute has been deprecated. > CPU0 CPU1 > ---- ---- > rlock(&mm->mmap_lock); > lock(pci_bus_sem); > lock(&mm->mmap_lock); > lock(&vdev->vma_lock); > > *** DEADLOCK *** > Signed-off-by: Alex Williamson <alex.williamson@xxxxxxxxxx> > --- > drivers/vfio/pci/vfio_pci_core.c | 78 ++++++++++++++++++++------------ > 1 file changed, 49 insertions(+), 29 deletions(-) I feel like I created this bug... It is sad we have to allocate kernel memory, but can't think of a better option. Reviewed-by: Jason Gunthorpe <jgg@xxxxxxxxxx> Jason
