lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 19 Apr 2010 16:01:36 -0700
From:	"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>
To:	Eric Paris <eparis@...hat.com>
Cc:	Peter Zijlstra <peterz@...radead.org>,
	Eric Paris <eparis@...isplace.org>,
	Miles Lane <miles.lane@...il.com>,
	LKML <linux-kernel@...r.kernel.org>
Subject: Re: INFO: suspicious rcu_dereference_check() usage -
 include/linux/cgroup.h:492 invoked rcu_dereference_check() without
 protection!

On Mon, Apr 19, 2010 at 02:26:52PM -0400, Eric Paris wrote:
> On Wed, 2010-04-14 at 12:47 +0200, Peter Zijlstra wrote:
> > On Mon, 2010-04-12 at 20:47 +0200, Peter Zijlstra wrote:
> > > On Mon, 2010-04-12 at 14:44 -0400, Eric Paris wrote:
> > > > On Wed, Mar 10, 2010 at 11:28 PM, Paul E. McKenney
> > > > <paulmck@...ux.vnet.ibm.com> wrote:
> > > 
> > > > I know you indicated this was fixed in mainline and I see that set of
> > > > commits objects, but I'm seeing the below spew from linux-next today.
> > > > 
> > > > tree: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
> > > > tag: next-20100412
> > > > commit: bbeecf185fe464ccd7ee97ce6d3646ad686995b4
> > > > 
> > > > [    0.035602] ===================================================
> > > > [    0.036003] [ INFO: suspicious rcu_dereference_check() usage. ]
> > > > [    0.037006] ---------------------------------------------------
> > > > [    0.038004] include/linux/cgroup.h:533 invoked
> > > > rcu_dereference_check() without protection!
> > > > [    0.039003]
> > > > [    0.039004] other info that might help us debug this:
> > > > [    0.039004]
> > > > [    0.040003]
> > > > [    0.040004] rcu_scheduler_active = 1, debug_locks = 0
> > > > [    0.041004] no locks held by swapper/0.
> > > > [    0.042003]
> > > > [    0.042004] stack backtrace:
> > > > [    0.043005] Pid: 0, comm: swapper Not tainted 2.6.34-rc3-next-20100412+ #65
> > > > [    0.044003] Call Trace:
> > > > [    0.045015]  [<ffffffff8108584f>] lockdep_rcu_dereference+0xaf/0xc0
> > > > [    0.046010]  [<ffffffff81044812>] set_task_cpu+0x2d2/0x370
> > > 
> > > Oh, right, I still have to sort that out.
> > > 
> > > I need to figure out how all that scheduler and cgroup muck interact to
> > > fix this.
> > 
> > I think the below should cure this..
> > 
> > 
> > Signed-off-by: Peter Zijlstra <a.p.zijlstra@...llo.nl>
> > ---
> >  kernel/sched.c |   10 ++++++++++
> >  1 files changed, 10 insertions(+), 0 deletions(-)
> > 
> > diff --git a/kernel/sched.c b/kernel/sched.c
> > index 3acf694..2e06d87 100644
> > --- a/kernel/sched.c
> > +++ b/kernel/sched.c
> > @@ -323,6 +323,15 @@ static inline struct task_group *task_group(struct task_struct *p)
> >  /* Change a task's cfs_rq and parent entity if it moves across CPUs/groups */
> >  static inline void set_task_rq(struct task_struct *p, unsigned int cpu)
> >  {
> > +	/*
> > +	 * Strictly speaking this rcu_read_lock() is not needed since the
> > +	 * task_group is tied to the cgroup, which in turn can never go away
> > +	 * as long as there are tasks attached to it.
> > +	 *
> > +	 * However since task_group() uses task_subsys_state() which is an
> > +	 * rcu_dereference() user, this quiets CONFIG_PROVE_RCU.
> > +	 */
> > +	rcu_read_lock();
> >  #ifdef CONFIG_FAIR_GROUP_SCHED
> >  	p->se.cfs_rq = task_group(p)->cfs_rq[cpu];
> >  	p->se.parent = task_group(p)->se[cpu];
> > @@ -332,6 +341,7 @@ static inline void set_task_rq(struct task_struct *p, unsigned int cpu)
> >  	p->rt.rt_rq  = task_group(p)->rt_rq[cpu];
> >  	p->rt.parent = task_group(p)->rt_se[cpu];
> >  #endif
> > +	rcu_read_unlock();
> >  }
> >  
> >  #else
> 
> So I'm back with another one even with this patch.  Would people prefer
> another thread?
> 
> [    0.037175] ===================================================
> [    0.038003] [ INFO: suspicious rcu_dereference_check() usage. ]
> [    0.039003] ---------------------------------------------------
> [    0.040004] include/linux/cgroup.h:533 invoked rcu_dereference_check() without protection!
> [    0.041003]
> [    0.041004] other info that might help us debug this:
> [    0.041005]
> [    0.042004]
> [    0.042004] rcu_scheduler_active = 1, debug_locks = 0
> [    0.043004] no locks held by swapper/0.
> [    0.044003]
> [    0.044004] stack backtrace:
> [    0.045005] Pid: 0, comm: swapper Not tainted 2.6.34-rc4-next-20100415+ #94
> [    0.046004] Call Trace:
> [    0.047014]  [<ffffffff8108652f>] lockdep_rcu_dereference+0xaf/0xc0
> [    0.048013]  [<ffffffff810a3453>] freezer_fork+0xb3/0xd0
> [    0.049007]  [<ffffffff8109d61c>] cgroup_fork_callbacks+0x2c/0x40
> [    0.050007]  [<ffffffff81055e4a>] copy_process+0xb6a/0x11e0
> [    0.051006]  [<ffffffff8105657e>] do_fork+0xbe/0x3e0
> [    0.052007]  [<ffffffff81012519>] ? sched_clock+0x9/0x10
> [    0.053008]  [<ffffffff81077d45>] ? sched_clock_local+0x15/0x80
> [    0.054006]  [<ffffffff81077e69>] ? sched_clock_cpu+0xb9/0xf0
> [    0.055006]  [<ffffffff81076cd5>] ? up+0x35/0x50
> [    0.056006]  [<ffffffff81084073>] ? get_lock_stats+0x23/0x70
> [    0.057006]  [<ffffffff810840ce>] ? put_lock_stats+0xe/0x30
> [    0.058010]  [<ffffffff81cade20>] ? kernel_init+0x0/0x2e0
> [    0.059006]  [<ffffffff810136dd>] kernel_thread+0x8d/0xa0
> [    0.060006]  [<ffffffff81cade20>] ? kernel_init+0x0/0x2e0
> [    0.061007]  [<ffffffff8100bc20>] ? kernel_thread_helper+0x0/0x10
> [    0.062006]  [<ffffffff81cad140>] ? early_idt_handler+0x0/0x71
> [    0.063011]  [<ffffffff814e40c1>] rest_init+0x21/0x110
> [    0.064005]  [<ffffffff81cadd3f>] start_kernel+0x3af/0x490
> [    0.065006]  [<ffffffff81cad29c>] x86_64_start_reservations+0x7c/0xd0
> [    0.066005]  [<ffffffff81cad000>] ? early_idt_handlers+0x0/0x140
> [    0.067006]  [<ffffffff81cad3e8>] x86_64_start_kernel+0xf8/0x130

Yep, different code path to the same location.  Does the following
patch help?

							Thanx, Paul

------------------------------------------------------------------------

commit 2836f18139267ea918ed2cf39023fb0eb38c4361
Author: Paul E. McKenney <paulmck@...ux.vnet.ibm.com>
Date:   Mon Apr 19 15:59:50 2010 -0700

    rcu: fix RCU lockdep splat on freezer_fork path
    
    Add an RCU read-side critical section to suppress this false positive.
    
    Located-by: Eric Paris <eparis@...isplace.org>
    Signed-off-by: Paul E. McKenney <paulmck@...ux.vnet.ibm.com>

diff --git a/kernel/cgroup_freezer.c b/kernel/cgroup_freezer.c
index da5e139..e5c0244 100644
--- a/kernel/cgroup_freezer.c
+++ b/kernel/cgroup_freezer.c
@@ -205,9 +205,12 @@ static void freezer_fork(struct cgroup_subsys *ss, struct task_struct *task)
 	 * No lock is needed, since the task isn't on tasklist yet,
 	 * so it can't be moved to another cgroup, which means the
 	 * freezer won't be removed and will be valid during this
-	 * function call.
+	 * function call.  Nevertheless, apply RCU read-side critical
+	 * section to suppress RCU lockdep false positives.
 	 */
+	rcu_read_lock();
 	freezer = task_freezer(task);
+	rcu_read_unlock();
 
 	/*
 	 * The root cgroup is non-freezable, so we can skip the
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ