diff options
| author | J. Bruce Fields <bfields@citi.umich.edu> | 2007-10-30 11:20:02 -0400 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@suse.de> | 2007-11-16 08:12:42 -0800 |
| commit | f153577e808532933e2cbe935e68c51be4c9a4b8 (patch) | |
| tree | abad094e9bc473f31367fe3db63b88a086c848d7 | |
| parent | e354b801daa5649ae32e04b6e83d7f35fbde3490 (diff) | |
locks: fix possible infinite loop in posix deadlock detection
patch 97855b49b6bac0bd25f16b017883634d13591d00 in mainline.
It's currently possible to send posix_locks_deadlock() into an infinite
loop (under the BKL).
For now, fix this just by bailing out after a few iterations. We may
want to fix this in a way that better clarifies the semantics of
deadlock detection. But that will take more time, and this minimal fix
is probably adequate for any realistic scenario, and is simple enough to
be appropriate for applying to stable kernels now.
Thanks to George Davis for reporting the problem.
Cc: "George G. Davis" <gdavis@mvista.com>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Acked-by: Alan Cox <alan@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| -rw-r--r-- | fs/locks.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/fs/locks.c b/fs/locks.c index c795eaaf6c4c..494f2504a487 100644 --- a/fs/locks.c +++ b/fs/locks.c @@ -694,11 +694,20 @@ EXPORT_SYMBOL(posix_test_lock); * Note: the above assumption may not be true when handling lock requests * from a broken NFS client. But broken NFS clients have a lot more to * worry about than proper deadlock detection anyway... --okir + * + * However, the failure of this assumption (also possible in the case of + * multiple tasks sharing the same open file table) also means there's no + * guarantee that the loop below will terminate. As a hack, we give up + * after a few iterations. */ + +#define MAX_DEADLK_ITERATIONS 10 + static int posix_locks_deadlock(struct file_lock *caller_fl, struct file_lock *block_fl) { struct list_head *tmp; + int i = 0; next_task: if (posix_same_owner(caller_fl, block_fl)) @@ -706,6 +715,8 @@ next_task: list_for_each(tmp, &blocked_list) { struct file_lock *fl = list_entry(tmp, struct file_lock, fl_link); if (posix_same_owner(fl, block_fl)) { + if (i++ > MAX_DEADLK_ITERATIONS) + return 0; fl = fl->fl_next; block_fl = fl; goto next_task; |