On Thu, Mar 1, 2012 at 5:10 PM, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> wrote: > On Thu, 1 Mar 2012 14:48:50 +0530 > "Aneesh Kumar K.V" <aneesh.kumar@xxxxxxxxxxxxxxxxxx> wrote: > >> Taking i_mutex lock in hugetlbfs_read can result in deadlock with mmap >> as explained below >> Thread A: >> read() on hugetlbfs >> hugetlbfs_read() called >> i_mutex grabbed >> hugetlbfs_read_actor() called >> __copy_to_user() called >> page fault is triggered >> Thread B, sharing address space with A: >> mmap() the same file >> ->mmap_sem is grabbed on task_B->mm->mmap_sem >> hugetlbfs_file_mmap() is called >> attempt to grab ->i_mutex and block waiting for A to give it up >> Thread A: >> pagefault handled blocked on attempt to grab task_A->mm->mmap_sem, >> which happens to be the same thing as task_B->mm->mmap_sem. Block waiting >> for B to give it up. >> >> AFAIU i_mutex lock got added to hugetlbfs_read as per >> http://lkml.indiana.edu/hypermail/linux/kernel/0707.2/3066.html >> to take care of the race between truncate and read. This patch fix >> this by looking at page->mapping under page_lock (find_lock_page()) >> to ensure; the inode didn't get truncated in the range during a >> parallel read. >> >> Ideally we can extend the patch to make sure we don't increase i_size >> in mmap. But that will break userspace, because application will now >> have to use truncate(2) to increase i_size in hugetlbfs. > > Looks OK to me. > > Given that the bug has been there for four years, I'm assuming that > we'll be OK merging this fix into 3.4. Or we could merge it into 3.4 > and tag it for backporting into earlier kernels - it depends on whether > people are hurting from it, which I don't know? We've gotten a few lockdep reports about it in Fedora on various kernels. A CC to stable might be nice. josh -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/ Don't email: <a href