Deadlock on the mm->mmap_sem

Ulrich Weigand (Ulrich.Weigand@de.ibm.com)
Mon, 17 Sep 2001 22:57:42 +0200


Hello,

we're experiencing deadlocks on the mm->mmap_sem which appear to be
caused by proc_pid_read_maps (on S/390, but I believe this is arch-
independent).

What happens is that proc_pid_read_maps grabs the mmap_sem as a reader,
and *while it holds the lock*, does a copy_to_user. This can of course
page-fault, and the handler will also grab the mmap_sem (if it is the
same task).

Now, normally this just works because both are readers. However, on SMP
it might just so happen that another thread sharing the mm wants to grab
the lock as a writer after proc_pid_read_maps grabbed it as reader, but
before the page fault handler grabs it.

In that situation, that second thread blocks (because there's already a
writer), and then the first thread blocks in the page fault handler
(because a writer is pending). Instant deadlock ...

B.t.w. S/390 uses the generic spinlock based rwsem code, if this is of
relevance.

Any ideas how to fix this? Should proc_pid_read_maps just drop the lock
before copy_to_user?

Mit freundlichen Gruessen / Best Regards

Ulrich Weigand

--
  Dr. Ulrich Weigand
  Linux for S/390 Design & Development
  IBM Deutschland Entwicklung GmbH, Schoenaicher Str. 220, 71032 Boeblingen
  Phone: +49-7031/16-3727   ---   Email: Ulrich.Weigand@de.ibm.com

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/