| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 19 Apr 2010 14:26:52 -0400
From: Eric Paris <eparis@...hat.com>
To: Peter Zijlstra <peterz@...radead.org>
Cc: Eric Paris <eparis@...isplace.org>, paulmck@...ux.vnet.ibm.com,
Miles Lane <miles.lane@...il.com>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: INFO: suspicious rcu_dereference_check() usage -
include/linux/cgroup.h:492 invoked rcu_dereference_check() without
protection!
On Wed, 2010-04-14 at 12:47 +0200, Peter Zijlstra wrote:
> On Mon, 2010-04-12 at 20:47 +0200, Peter Zijlstra wrote:
> > On Mon, 2010-04-12 at 14:44 -0400, Eric Paris wrote:
> > > On Wed, Mar 10, 2010 at 11:28 PM, Paul E. McKenney
> > > <paulmck@...ux.vnet.ibm.com> wrote:
> >
> > > I know you indicated this was fixed in mainline and I see that set of
> > > commits objects, but I'm seeing the below spew from linux-next today.
> > >
> > > tree: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
> > > tag: next-20100412
> > > commit: bbeecf185fe464ccd7ee97ce6d3646ad686995b4
> > >
> > > [ 0.035602] ===================================================
> > > [ 0.036003] [ INFO: suspicious rcu_dereference_check() usage. ]
> > > [ 0.037006] ---------------------------------------------------
> > > [ 0.038004] include/linux/cgroup.h:533 invoked
> > > rcu_dereference_check() without protection!
> > > [ 0.039003]
> > > [ 0.039004] other info that might help us debug this:
> > > [ 0.039004]
> > > [ 0.040003]
> > > [ 0.040004] rcu_scheduler_active = 1, debug_locks = 0
> > > [ 0.041004] no locks held by swapper/0.
> > > [ 0.042003]
> > > [ 0.042004] stack backtrace:
> > > [ 0.043005] Pid: 0, comm: swapper Not tainted 2.6.34-rc3-next-20100412+ #65
> > > [ 0.044003] Call Trace:
> > > [ 0.045015] [<ffffffff8108584f>] lockdep_rcu_dereference+0xaf/0xc0
> > > [ 0.046010] [<ffffffff81044812>] set_task_cpu+0x2d2/0x370
> >
> > Oh, right, I still have to sort that out.
> >
> > I need to figure out how all that scheduler and cgroup muck interact to
> > fix this.
>
> I think the below should cure this..
>
>
> Signed-off-by: Peter Zijlstra <a.p.zijlstra@...llo.nl>
> ---
> kernel/sched.c | 10 ++++++++++
> 1 files changed, 10 insertions(+), 0 deletions(-)
>
> diff --git a/kernel/sched.c b/kernel/sched.c
> index 3acf694..2e06d87 100644
> --- a/kernel/sched.c
> +++ b/kernel/sched.c
> @@ -323,6 +323,15 @@ static inline struct task_group *task_group(struct task_struct *p)
> /* Change a task's cfs_rq and parent entity if it moves across CPUs/groups */
> static inline void set_task_rq(struct task_struct *p, unsigned int cpu)
> {
> + /*
> + * Strictly speaking this rcu_read_lock() is not needed since the
> + * task_group is tied to the cgroup, which in turn can never go away
> + * as long as there are tasks attached to it.
> + *
> + * However since task_group() uses task_subsys_state() which is an
> + * rcu_dereference() user, this quiets CONFIG_PROVE_RCU.
> + */
> + rcu_read_lock();
> #ifdef CONFIG_FAIR_GROUP_SCHED
> p->se.cfs_rq = task_group(p)->cfs_rq[cpu];
> p->se.parent = task_group(p)->se[cpu];
> @@ -332,6 +341,7 @@ static inline void set_task_rq(struct task_struct *p, unsigned int cpu)
> p->rt.rt_rq = task_group(p)->rt_rq[cpu];
> p->rt.parent = task_group(p)->rt_se[cpu];
> #endif
> + rcu_read_unlock();
> }
>
> #else
So I'm back with another one even with this patch. Would people prefer
another thread?
[ 0.037175] ===================================================
[ 0.038003] [ INFO: suspicious rcu_dereference_check() usage. ]
[ 0.039003] ---------------------------------------------------
[ 0.040004] include/linux/cgroup.h:533 invoked rcu_dereference_check() without protection!
[ 0.041003]
[ 0.041004] other info that might help us debug this:
[ 0.041005]
[ 0.042004]
[ 0.042004] rcu_scheduler_active = 1, debug_locks = 0
[ 0.043004] no locks held by swapper/0.
[ 0.044003]
[ 0.044004] stack backtrace:
[ 0.045005] Pid: 0, comm: swapper Not tainted 2.6.34-rc4-next-20100415+ #94
[ 0.046004] Call Trace:
[ 0.047014] [<ffffffff8108652f>] lockdep_rcu_dereference+0xaf/0xc0
[ 0.048013] [<ffffffff810a3453>] freezer_fork+0xb3/0xd0
[ 0.049007] [<ffffffff8109d61c>] cgroup_fork_callbacks+0x2c/0x40
[ 0.050007] [<ffffffff81055e4a>] copy_process+0xb6a/0x11e0
[ 0.051006] [<ffffffff8105657e>] do_fork+0xbe/0x3e0
[ 0.052007] [<ffffffff81012519>] ? sched_clock+0x9/0x10
[ 0.053008] [<ffffffff81077d45>] ? sched_clock_local+0x15/0x80
[ 0.054006] [<ffffffff81077e69>] ? sched_clock_cpu+0xb9/0xf0
[ 0.055006] [<ffffffff81076cd5>] ? up+0x35/0x50
[ 0.056006] [<ffffffff81084073>] ? get_lock_stats+0x23/0x70
[ 0.057006] [<ffffffff810840ce>] ? put_lock_stats+0xe/0x30
[ 0.058010] [<ffffffff81cade20>] ? kernel_init+0x0/0x2e0
[ 0.059006] [<ffffffff810136dd>] kernel_thread+0x8d/0xa0
[ 0.060006] [<ffffffff81cade20>] ? kernel_init+0x0/0x2e0
[ 0.061007] [<ffffffff8100bc20>] ? kernel_thread_helper+0x0/0x10
[ 0.062006] [<ffffffff81cad140>] ? early_idt_handler+0x0/0x71
[ 0.063011] [<ffffffff814e40c1>] rest_init+0x21/0x110
[ 0.064005] [<ffffffff81cadd3f>] start_kernel+0x3af/0x490
[ 0.065006] [<ffffffff81cad29c>] x86_64_start_reservations+0x7c/0xd0
[ 0.066005] [<ffffffff81cad000>] ? early_idt_handlers+0x0/0x140
[ 0.067006] [<ffffffff81cad3e8>] x86_64_start_kernel+0xf8/0x130
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists