syzbot is reporting that mmput() from shrinker function has a risk of deadlock [1], for delayed_uprobe_add() from update_ref_ctr() calls kzalloc(GFP_KERNEL) with delayed_uprobe_lock held, and uprobe_clear_state() from __mmput() also holds delayed_uprobe_lock. However, it took 18 months to hit this race for the third time, for mmput() invokes __mmput() only when ->mm_users dropped to 0. If we always warn like might_sleep(), we can detect the possibility of deadlock more easier. For now, I inlined the check under CONFIG_PROVE_LOCKING. If we find more locations, we could introduce a macro like might_sleep(). [1] https://syzkaller.appspot.com/bug?id=bc9e7303f537c41b2b0cc2dfcea3fc42964c2d45 Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> --- kernel/fork.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/kernel/fork.c b/kernel/fork.c index efc5493203ae..8717ce50ff0d 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -1109,6 +1109,10 @@ static inline void __mmput(struct mm_struct *mm) void mmput(struct mm_struct *mm) { might_sleep(); +#ifdef CONFIG_PROVE_LOCKING + /* Calling mmput() from shrinker context can deadlock. */ + WARN_ON(current->flags & PF_MEMALLOC); +#endif if (atomic_dec_and_test(&mm->mm_users)) __mmput(mm); -- 2.18.4
