lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20120827044052.GA16267@localhost>
Date:	Mon, 27 Aug 2012 12:40:52 +0800
From:	Fengguang Wu <fengguang.wu@...el.com>
To:	"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>
Cc:	Josh Triplett <josh@...htriplett.org>,
	Lai Jiangshan <laijs@...fujitsu.com>,
	linux-kernel@...r.kernel.org
Subject: Re: INFO: suspicious RCU usage in rcu_torture_writer()

On Sat, Aug 25, 2012 at 05:01:49PM -0700, Paul E. McKenney wrote:
> On Sat, Aug 25, 2012 at 11:36:23AM +0800, Fengguang Wu wrote:
> > Greetings,
> > 
> > I got this warning on 3.6.0-rc2. Full dmesg/config attached.
> > 
> > [    3.051375] Initializing RT-Tester: OK
> > [    3.052491] rcu-torture:--- Start of test: nreaders=2 nfakewriters=4 stat_interval=0 verbose=0 test_no_idle_hz=0 shuffle_interval=3 stut
> > ter=5 irqreader=1 fqs_duration=0 fqs_holdoff=0 fqs_stutter=3 test_boost=1/1 test_boost_interval=7 test_boost_duration=4 shutdown_secs=0 onoff_interval=0 onoff_holdoff=0
> > [    3.059084] 
> > [    3.059451] ===============================
> > [    3.060454] [ INFO: suspicious RCU usage. ]
> > [    3.061482] 3.6.0-rc2-00010-g4c58c42 #59 Not tainted
> > [    3.062686] -------------------------------
> > [    3.063744] /c/kernel-tests/src/stable/kernel/rcutorture.c:990 suspicious rcu_dereference_check() usage!
> > 
> >  982         do {
> >  983                 schedule_timeout_uninterruptible(1);
> >  984                 rp = rcu_torture_alloc();
> >  985                 if (rp == NULL)
> >  986                         continue;
> >  987                 rp->rtort_pipe_count = 0;
> >  988                 udelay(rcu_random(&rand) & 0x3ff);
> >  989                 old_rp = rcu_dereference_check(rcu_torture_current,
> > >990                                                current == writer_task);
> >  991                 rp->rtort_mbtest = 1;
> >  992                 rcu_assign_pointer(rcu_torture_current, rp);
> >  993                 smp_wmb(); /* Mods to old_rp must follow rcu_assign_pointer() */
> >  994                 if (old_rp) {
> 
> 
> Does the following clear this up?

Sorry I'm still trying to reproduce this. It must be a rare bug
because it only showed up in several of the tens of thousands of test
boots. To reproduce it, I've done near 1000 boots however still not
caught it yet. Let's run it for more time...

Thanks,
Fengguang

> 							Thanx, Paul
> 
> ------------------------------------------------------------------------
> 
> rcu: Prevent initialization race in rcutorture kthreads
> 
> When you do something like "t = kthread_run(...)", it is possible that
> the kthread will start running before the assignment to "t" happens.
> If the child kthread expects to find a pointer to its task_struct in "t",
> it will then be fatally disappointed.  This commit therefore switches
> such cases to kthread_create() followed by wake_up_process(), guaranteeing
> that the assignment happens before the child kthread starts running.
> 
> Reported-by: Fengguang Wu <fengguang.wu@...el.com>
> Signed-off-by: Paul E. McKenney <paulmck@...ux.vnet.ibm.com>
> 
> diff --git a/kernel/rcutorture.c b/kernel/rcutorture.c
> index 7a97b5b..8ff4fad 100644
> --- a/kernel/rcutorture.c
> +++ b/kernel/rcutorture.c
> @@ -2028,14 +2028,15 @@ rcu_torture_init(void)
>  	/* Start up the kthreads. */
>  
>  	VERBOSE_PRINTK_STRING("Creating rcu_torture_writer task");
> -	writer_task = kthread_run(rcu_torture_writer, NULL,
> -				  "rcu_torture_writer");
> +	writer_task = kthread_create(rcu_torture_writer, NULL,
> +				     "rcu_torture_writer");
>  	if (IS_ERR(writer_task)) {
>  		firsterr = PTR_ERR(writer_task);
>  		VERBOSE_PRINTK_ERRSTRING("Failed to create writer");
>  		writer_task = NULL;
>  		goto unwind;
>  	}
> +	wake_up_process(writer_task);
>  	fakewriter_tasks = kzalloc(nfakewriters * sizeof(fakewriter_tasks[0]),
>  				   GFP_KERNEL);
>  	if (fakewriter_tasks == NULL) {
> @@ -2150,14 +2151,15 @@ rcu_torture_init(void)
>  	}
>  	if (shutdown_secs > 0) {
>  		shutdown_time = jiffies + shutdown_secs * HZ;
> -		shutdown_task = kthread_run(rcu_torture_shutdown, NULL,
> -					    "rcu_torture_shutdown");
> +		shutdown_task = kthread_create(rcu_torture_shutdown, NULL,
> +					       "rcu_torture_shutdown");
>  		if (IS_ERR(shutdown_task)) {
>  			firsterr = PTR_ERR(shutdown_task);
>  			VERBOSE_PRINTK_ERRSTRING("Failed to create shutdown");
>  			shutdown_task = NULL;
>  			goto unwind;
>  		}
> +		wake_up_process(shutdown_task);
>  	}
>  	i = rcu_torture_onoff_init();
>  	if (i != 0) {
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ