| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 15 Dec 2014 09:34:23 +0800 From: Lai Jiangshan <laijs@...fujitsu.com> To: Yasuaki Ishimatsu <isimatu.yasuaki@...fujitsu.com> CC: <linux-kernel@...r.kernel.org>, Tejun Heo <tj@...nel.org>, "Gu, Zheng" <guz.fnst@...fujitsu.com>, tangchen <tangchen@...fujitsu.com>, Hiroyuki KAMEZAWA <kamezawa.hiroyu@...fujitsu.com> Subject: Re: [PATCH 0/5] workqueue: fix bug when numa mapping is changed On 12/13/2014 01:13 AM, Yasuaki Ishimatsu wrote: > Hi Lai, > > Thank you for posting the patches. I tried your patches. > But the following kernel panic occurred. Hi, Yasuaki, Thanks for testing. Would you like to use GDB to print the code of "workqueue_cpu_up_callback+0x510" ? Thanks, Lai > > [ 889.394087] BUG: unable to handle kernel paging request at 000000020000f3f1 > [ 889.395005] IP: [<ffffffff8108fe90>] workqueue_cpu_up_callback+0x510/0x740 > [ 889.395005] PGD 17a83067 PUD 0 > [ 889.395005] Oops: 0000 [#1] SMP > [ 889.395005] Modules linked in: xt_CHECKSUM ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 ipt_REJECT nf_reject_ipv4 nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack cfg80211 rfkill ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables > ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_mangle iptable_security iptable_raw iptable_filter ip_tables sg vfat fat x86_pkg_temp_thermal coretemp kvm_intel kvm crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel aesni_intel iTCO_wdt sb_edac > iTCO_vendor_support i2c_i801 lrw gf128mul lpc_ich edac_core glue_helper mfd_core ablk_helper cryptd pcspkr shpchp ipmi_devintf ipmi_si ipmi_msghandler tpm_infineon nfsd auth_rpcgss nfs_acl lockd grace sunrpc uinput xfs libcrc32c sd_mod mgag200 syscopyarea sysfillrect sysimgblt drm_kms_helper igb ttm > e1000e lpfc drm dca ptp i2c_algo_bit megaraid_sas scsi_transport_fc pps_core i2c_core dm_mirror dm_region_hash dm_log dm_mod > [ 889.395005] CPU: 8 PID: 13595 Comm: udev_dp_bridge. Not tainted 3.18.0Lai+ #26 > [ 889.395005] Hardware name: FUJITSU PRIMEQUEST2800E/SB, BIOS PRIMEQUEST 2000 Series BIOS Version 01.81 12/03/2014 > [ 889.395005] task: ffff8a074a145160 ti: ffff8a077a6ec000 task.ti: ffff8a077a6ec000 > [ 889.395005] RIP: 0010:[<ffffffff8108fe90>] [<ffffffff8108fe90>] workqueue_cpu_up_callback+0x510/0x740 > [ 889.395005] RSP: 0018:ffff8a077a6efca8 EFLAGS: 00010202 > [ 889.395005] RAX: 0000000000000001 RBX: 000000000000edf1 RCX: 000000000000edf1 > [ 889.395005] RDX: 0000000000000100 RSI: 000000020000f3f1 RDI: 0000000000000001 > [ 889.395005] RBP: ffff8a077a6efd08 R08: ffffffff81ac6de0 R09: ffff880874610000 > [ 889.395005] R10: 00000000ffffffff R11: 0000000000000001 R12: 000000000000f3f0 > [ 889.395005] R13: 000000000000001f R14: 00000000ffffffff R15: ffffffff81ac6de0 > [ 889.395005] FS: 00007f6b20c67740(0000) GS:ffff88087fd00000(0000) knlGS:0000000000000000 > [ 889.395005] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 889.395005] CR2: 000000020000f3f1 CR3: 000000004534c000 CR4: 00000000001407e0 > [ 889.395005] Stack: > [ 889.395005] ffffffffffffffff 0000000000000020 fffffffffffffff8 00000004810a192d > [ 889.395005] ffff8a0700000204 0000000052f5b32d ffffffff81994fc0 00000000fffffff6 > [ 889.395005] ffffffff81a13840 0000000000000002 000000000000001f 0000000000000000 > [ 889.395005] Call Trace: > [ 889.395005] [<ffffffff81094f6c>] notifier_call_chain+0x4c/0x70 > [ 889.395005] [<ffffffff8109507e>] __raw_notifier_call_chain+0xe/0x10 > [ 889.395005] [<ffffffff810750b3>] cpu_notify+0x23/0x50 > [ 889.395005] [<ffffffff81075408>] _cpu_up+0x188/0x1a0 > [ 889.395005] [<ffffffff810754a9>] cpu_up+0x89/0xb0 > [ 889.395005] [<ffffffff8164f960>] cpu_subsys_online+0x40/0x90 > [ 889.395005] [<ffffffff8140f10d>] device_online+0x6d/0xa0 > [ 889.395005] [<ffffffff8140f1d5>] online_store+0x95/0xa0 > [ 889.395005] [<ffffffff8140c2e8>] dev_attr_store+0x18/0x30 > [ 889.395005] [<ffffffff8126210d>] sysfs_kf_write+0x3d/0x50 > [ 889.395005] [<ffffffff81261624>] kernfs_fop_write+0xe4/0x160 > [ 889.395005] [<ffffffff811e90d7>] vfs_write+0xb7/0x1f0 > [ 889.395005] [<ffffffff81021dcc>] ? do_audit_syscall_entry+0x6c/0x70 > [ 889.395005] [<ffffffff811e9bc5>] SyS_write+0x55/0xd0 > [ 889.395005] [<ffffffff816646a9>] system_call_fastpath+0x12/0x17 > [ 889.395005] Code: 44 00 00 83 c7 01 48 63 d7 4c 89 ff e8 3a 2a 28 00 8b 15 78 84 a3 00 89 c7 39 d0 7d 70 48 63 cb 4c 89 e6 48 03 34 cd e0 3a ab 81 <8b> 1e 39 5d bc 74 36 41 39 de 74 0c 48 63 f2 eb c7 0f 1f 80 00 > [ 889.395005] RIP [<ffffffff8108fe90>] workqueue_cpu_up_callback+0x510/0x740 > [ 889.395005] RSP <ffff8a077a6efca8> > [ 889.395005] CR2: 000000020000f3f1 > [ 889.785760] ---[ end trace 39abbfc9f93402f2 ]--- > [ 889.790931] Kernel panic - not syncing: Fatal exception > [ 889.791931] Kernel Offset: 0x0 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffff9fffffff) > [ 889.791931] drm_kms_helper: panic occurred, switching back to text console > [ 889.815947] ------------[ cut here ]------------ > [ 889.815947] WARNING: CPU: 8 PID: 64 at arch/x86/kernel/smp.c:124 native_smp_send_reschedule+0x5d/0x60() > [ 889.815947] Modules linked in: xt_CHECKSUM ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 ipt_REJECT nf_reject_ipv4 nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack cfg80211 rfkill ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables > ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_mangle iptable_security iptable_raw iptable_filter ip_tables sg vfat fat x86_pkg_temp_thermal coretemp kvm_intel kvm crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel aesni_intel iTCO_wdt sb_edac > iTCO_vendor_support i2c_i801 lrw gf128mul lpc_ich edac_core glue_helper mfd_core ablk_helper cryptd pcspkr shpchp ipmi_devintf ipmi_si ipmi_msghandler tpm_infineon nfsd auth_rpcgss nfs_acl lockd grace sunrpc uinput xfs libcrc32c sd_mod mgag200 syscopyarea sysfillrect sysimgblt drm_kms_helper igb ttm > e1000e lpfc drm dca ptp i2c_algo_bit megaraid_sas scsi_transport_fc pps_core i2c_core dm_mirror dm_region_hash dm_log dm_mod > [ 889.815947] CPU: 8 PID: 64 Comm: migration/8 Tainted: G D 3.18.0Lai+ #26 > [ 889.815947] Hardware name: FUJITSU PRIMEQUEST2800E/SB, BIOS PRIMEQUEST 2000 Series BIOS Version 01.81 12/03/2014 > [ 889.815947] 0000000000000000 00000000f7f40529 ffff88087fd03d38 ffffffff8165c8d4 > [ 889.815947] 0000000000000000 0000000000000000 ffff88087fd03d78 ffffffff81074eb1 > [ 889.815947] ffff88087fd03d78 0000000000000000 ffff88087fc13840 0000000000000008 > [ 889.815947] Call Trace: > [ 889.815947] <IRQ> [<ffffffff8165c8d4>] dump_stack+0x46/0x58 > [ 889.815947] [<ffffffff81074eb1>] warn_slowpath_common+0x81/0xa0 > [ 889.815947] [<ffffffff81074fca>] warn_slowpath_null+0x1a/0x20 > [ 889.815947] [<ffffffff810489bd>] native_smp_send_reschedule+0x5d/0x60 > [ 889.815947] [<ffffffff810b0ad4>] trigger_load_balance+0x144/0x1b0 > [ 889.815947] [<ffffffff810a009f>] scheduler_tick+0x9f/0xe0 > [ 889.815947] [<ffffffff810daef4>] update_process_times+0x64/0x80 > [ 889.815947] [<ffffffff810eab05>] tick_sched_handle.isra.19+0x25/0x60 > [ 889.815947] [<ffffffff810eab85>] tick_sched_timer+0x45/0x80 > [ 889.815947] [<ffffffff810dbbe7>] __run_hrtimer+0x77/0x1d0 > [ 889.815947] [<ffffffff810eab40>] ? tick_sched_handle.isra.19+0x60/0x60 > [ 889.815947] [<ffffffff810dbfd7>] hrtimer_interrupt+0xf7/0x240 > [ 889.815947] [<ffffffff8104b85b>] local_apic_timer_interrupt+0x3b/0x70 > [ 889.815947] [<ffffffff81667465>] smp_apic_timer_interrupt+0x45/0x60 > [ 889.815947] [<ffffffff8166553d>] apic_timer_interrupt+0x6d/0x80 > [ 889.815947] <EOI> [<ffffffff810a79c7>] ? set_next_entity+0x67/0x80 > [ 889.815947] [<ffffffffa011d1d7>] ? __drm_modeset_lock_all+0x37/0x120 [drm] > [ 889.815947] [<ffffffff8109c727>] ? finish_task_switch+0x57/0x180 > [ 889.815947] [<ffffffff8165fba8>] __schedule+0x2e8/0x7e0 > [ 889.815947] [<ffffffff816600c9>] schedule+0x29/0x70 > [ 889.815947] [<ffffffff81097d43>] smpboot_thread_fn+0xd3/0x1b0 > [ 889.815947] [<ffffffff81097c70>] ? SyS_setgroups+0x1a0/0x1a0 > [ 889.815947] [<ffffffff81093df1>] kthread+0xe1/0x100 > [ 889.815947] [<ffffffff81093d10>] ? kthread_create_on_node+0x1b0/0x1b0 > [ 889.815947] [<ffffffff816645fc>] ret_from_fork+0x7c/0xb0 > [ 889.815947] [<ffffffff81093d10>] ? kthread_create_on_node+0x1b0/0x1b0 > [ 889.815947] ---[ end trace 39abbfc9f93402f3 ]--- > [ 890.156187] ------------[ cut here ]------------ > [ 890.156187] WARNING: CPU: 8 PID: 64 at arch/x86/kernel/smp.c:124 native_smp_send_reschedule+0x5d/0x60() > [ 890.156187] Modules linked in: xt_CHECKSUM ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 ipt_REJECT nf_reject_ipv4 nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack cfg80211 rfkill ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables > ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_mangle iptable_security iptable_raw iptable_filter ip_tables sg vfat fat x86_pkg_temp_thermal coretemp kvm_intel kvm crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel aesni_intel iTCO_wdt sb_edac > iTCO_vendor_support i2c_i801 lrw gf128mul lpc_ich edac_core glue_helper mfd_core ablk_helper cryptd pcspkr shpchp ipmi_devintf ipmi_si ipmi_msghandler tpm_infineon nfsd auth_rpcgss nfs_acl lockd grace sunrpc uinput xfs libcrc32c sd_mod mgag200 syscopyarea sysfillrect sysimgblt drm_kms_helper igb ttm > e1000e lpfc drm dca ptp i2c_algo_bit megaraid_sas scsi_transport_fc pps_core i2c_core dm_mirror dm_region_hash dm_log dm_mod > [ 890.156187] CPU: 8 PID: 64 Comm: migration/8 Tainted: G D W 3.18.0Lai+ #26 > [ 890.156187] Hardware name: FUJITSU PRIMEQUEST2800E/SB, BIOS PRIMEQUEST 2000 Series BIOS Version 01.81 12/03/2014 > [ 890.156187] 0000000000000000 00000000f7f40529 ffff88087366bc08 ffffffff8165c8d4 > [ 890.156187] 0000000000000000 0000000000000000 ffff88087366bc48 ffffffff81074eb1 > [ 890.156187] ffff88087fd142c0 0000000000000044 ffff8a074a145160 ffff8a074a145160 > [ 890.156187] Call Trace: > [ 890.156187] [<ffffffff8165c8d4>] dump_stack+0x46/0x58 > [ 890.156187] [<ffffffff81074eb1>] warn_slowpath_common+0x81/0xa0 > [ 890.156187] [<ffffffff81074fca>] warn_slowpath_null+0x1a/0x20 > [ 890.156187] [<ffffffff810489bd>] native_smp_send_reschedule+0x5d/0x60 > [ 890.156187] [<ffffffff8109ddd8>] resched_curr+0xa8/0xd0 > [ 890.156187] [<ffffffff8109eac0>] check_preempt_curr+0x80/0xa0 > [ 890.156187] [<ffffffff810a78c8>] attach_task+0x48/0x50 > [ 890.156187] [<ffffffff810a7ae5>] active_load_balance_cpu_stop+0x105/0x250 > [ 890.156187] [<ffffffff810a79e0>] ? set_next_entity+0x80/0x80 > [ 890.156187] [<ffffffff8110cab8>] cpu_stopper_thread+0x78/0x150 > [ 890.156187] [<ffffffff8165fba8>] ? __schedule+0x2e8/0x7e0 > [ 890.156187] [<ffffffff81097d6f>] smpboot_thread_fn+0xff/0x1b0 > [ 890.156187] [<ffffffff81097c70>] ? SyS_setgroups+0x1a0/0x1a0 > [ 890.156187] [<ffffffff81093df1>] kthread+0xe1/0x100 > [ 890.156187] [<ffffffff81093d10>] ? kthread_create_on_node+0x1b0/0x1b0 > [ 890.156187] [<ffffffff816645fc>] ret_from_fork+0x7c/0xb0 > [ 890.156187] [<ffffffff81093d10>] ? kthread_create_on_node+0x1b0/0x1b0 > [ 890.156187] ---[ end trace 39abbfc9f93402f4 ]--- > > Thanks, > Yasuaki Ishimatsu > > (2014/12/12 19:19), Lai Jiangshan wrote: >> Workqueue code has an assumption that the numa mapping is stable >> after system booted. It is incorrectly currently. >> >> Yasuaki Ishimatsu hit a allocation failure bug when the numa mapping >> between CPU and node is changed. This was the last scene: >> SLUB: Unable to allocate memory on node 2 (gfp=0x80d0) >> cache: kmalloc-192, object size: 192, buffer size: 192, default order: 1, min order: 0 >> node 0: slabs: 6172, objs: 259224, free: 245741 >> node 1: slabs: 3261, objs: 136962, free: 127656 >> >> Yasuaki Ishimatsu investigated that it happened in the following situation: >> >> 1) System Node/CPU before offline/online: >> | CPU >> ------------------------ >> node 0 | 0-14, 60-74 >> node 1 | 15-29, 75-89 >> node 2 | 30-44, 90-104 >> node 3 | 45-59, 105-119 >> >> 2) A system-board (contains node2 and node3) is offline: >> | CPU >> ------------------------ >> node 0 | 0-14, 60-74 >> node 1 | 15-29, 75-89 >> >> 3) A new system-board is online, two new node IDs are allocated >> for the two node of the SB, but the old CPU IDs are allocated for >> the SB, here the NUMA mapping between node and CPU is changed. >> (the node of CPU#30 is changed from node#2 to node#4, for example) >> | CPU >> ------------------------ >> node 0 | 0-14, 60-74 >> node 1 | 15-29, 75-89 >> node 4 | 30-59 >> node 5 | 90-119 >> >> 4) now, the NUMA mapping is changed, but wq_numa_possible_cpumask >> which is the convenient NUMA mapping cache in workqueue.c is still outdated. >> thus pool->node calculated by get_unbound_pool() is incorrect. >> >> 5) when the create_worker() is called with the incorrect offlined >> pool->node, it is failed and the pool can't make any progress. >> >> To fix this bug, we need to fixup the wq_numa_possible_cpumask and the >> pool->node, it is done in patch2 and patch3. >> >> patch1 fixes memory leak related wq_numa_possible_cpumask. >> patch4 kill another assumption about how the numa mapping changed. >> patch5 reduces the allocation fails when the node is offline or the node >> is lack of memory. >> >> The patchset is untested. It is sent for earlier review. >> >> Thanks, >> Lai. >> >> Reported-by: Yasuaki Ishimatsu <isimatu.yasuaki@...fujitsu.com> >> Cc: Tejun Heo <tj@...nel.org> >> Cc: Yasuaki Ishimatsu <isimatu.yasuaki@...fujitsu.com> >> Cc: "Gu, Zheng" <guz.fnst@...fujitsu.com> >> Cc: tangchen <tangchen@...fujitsu.com> >> Cc: Hiroyuki KAMEZAWA <kamezawa.hiroyu@...fujitsu.com> >> Lai Jiangshan (5): >> workqueue: fix memory leak in wq_numa_init() >> workqueue: update wq_numa_possible_cpumask >> workqueue: fixup existing pool->node >> workqueue: update NUMA affinity for the node lost CPU >> workqueue: retry on NUMA_NO_NODE when create_worker() fails >> >> kernel/workqueue.c | 129 ++++++++++++++++++++++++++++++++++++++++++++-------- >> 1 files changed, 109 insertions(+), 20 deletions(-) >> > > > . > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists