From: Łukasz Stelmach Date: Mon, 24 Jan 2022 13:53:39 +0000 (+0100) Subject: logger: fix log->mutex + misc_mtx ab-ba deadlock X-Git-Tag: submit/tizen_6.5/20220125.030137^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=9491086a5c93c4fa3f4a95e0bd448423d159d291;p=platform%2Fkernel%2Flinux-tizen-modules-source.git logger: fix log->mutex + misc_mtx ab-ba deadlock When a forked process reopens a file for stdio logging during the first write(2) after a fork(2), it holds log->mutex when it calls filp_open() which in turn calls misc_open(). misc_open() takes misc_mtx. If at the same time (after acquiring log->mutex and before misc_open() is called) another process (e.g. dlogutil) opens the same logger device for reading (open(2) -> misc_open() -> logger_open() -> mutex_lock(log->mutex)), a race condition and a AB-BA deadlock occurs. To avoid it log->mutex is released before calling make_new_file() and reaquired after. It is safe to do so, because the log structure isn't accessed. Change-Id: Ibaab2947638997dca82c0e47146f77ce0f1bee57 Signed-off-by: Łukasz Stelmach (cherry picked from commit 930977afe0e2ff5dac0b5aa78e6a1f59b9643067) --- diff --git a/kernel/logger.c b/kernel/logger.c index 8b2cda9..cf5dd8a 100644 --- a/kernel/logger.c +++ b/kernel/logger.c @@ -689,11 +689,12 @@ static ssize_t logger_aio_write(struct kiocb *iocb, const struct iovec *iov, if (writer->owner != current->group_leader) { struct file *nfile; + mutex_unlock(&log->mutex); nfile = make_new_file(file); if (IS_ERR(nfile)) { - mutex_unlock(&log->mutex); return PTR_ERR(nfile); } + mutex_lock(&log->mutex); file = nfile; writer = file->private_data; @@ -874,11 +875,12 @@ static ssize_t logger_write_iter(struct kiocb *iocb, struct iov_iter *from) if (writer->owner != current->group_leader) { struct file *nfile; + mutex_unlock(&log->mutex); nfile = make_new_file(file); if (IS_ERR(nfile)) { - mutex_unlock(&log->mutex); return PTR_ERR(nfile); } + mutex_lock(&log->mutex); file = nfile; writer = file->private_data;