lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Feb 2016 11:59:40 -0800 From: "Shi, Yang" <yang.shi@...aro.org> To: Steven Rostedt <rostedt@...dmis.org> Cc: gregkh@...uxfoundation.org, tj@...nel.org, lizefan@...wei.com, tglx@...utronix.de, bigeasy@...utronix.de, linux-kernel@...r.kernel.org, linux-rt-users@...r.kernel.org, linaro-kernel@...ts.linaro.org Subject: Re: [RFC PATCH] kernfs: create raw version kernfs_path_len and kernfs_path On 2/26/2016 11:37 AM, Shi, Yang wrote: > On 2/26/2016 10:56 AM, Steven Rostedt wrote: >> On Fri, 26 Feb 2016 10:15:05 -0800 >> Yang Shi <yang.shi@...aro.org> wrote: >> >>> commit 5634cc2aa9aebc77bc862992e7805469dcf83dac ("writeback: update >>> writeback >>> tracepoints to report cgroup") made writeback tracepoints report cgroup >>> writeback, but it may trigger the below bug on -rt kernel since >>> kernfs_path >>> and kernfs_path_len are called by tracepoints, which acquire sleeping >>> lock. >>> >>> BUG: sleeping function called from invalid context at >>> kernel/locking/rtmutex.c:930 >>> in_atomic(): 1, irqs_disabled(): 0, pid: 625, name: kworker/u16:3 >>> INFO: lockdep is turned off. >>> Preemption disabled at:[<ffffffc000374a5c>] wb_writeback+0xec/0x830 >>> >>> CPU: 7 PID: 625 Comm: kworker/u16:3 Not tainted 4.4.1-rt5 #20 >>> Hardware name: Freescale Layerscape 2085a RDB Board (DT) >>> Workqueue: writeback wb_workfn (flush-7:0) >>> Call trace: >>> [<ffffffc00008d708>] dump_backtrace+0x0/0x200 >>> [<ffffffc00008d92c>] show_stack+0x24/0x30 >>> [<ffffffc0007b0f40>] dump_stack+0x88/0xa8 >>> [<ffffffc000127d74>] ___might_sleep+0x2ec/0x300 >>> [<ffffffc000d5d550>] rt_spin_lock+0x38/0xb8 >>> [<ffffffc0003e0548>] kernfs_path_len+0x30/0x90 >>> [<ffffffc00036b360>] >>> trace_event_raw_event_writeback_work_class+0xe8/0x2e8 >>> [<ffffffc000374f90>] wb_writeback+0x620/0x830 >>> [<ffffffc000376224>] wb_workfn+0x61c/0x950 >>> [<ffffffc000110adc>] process_one_work+0x3ac/0xb30 >>> [<ffffffc0001112fc>] worker_thread+0x9c/0x7a8 >>> [<ffffffc00011a9e8>] kthread+0x190/0x1b0 >>> [<ffffffc000086ca0>] ret_from_fork+0x10/0x30 >>> >>> Since kernfs_* functions are heavily used by cgroup, so it sounds not >>> reasonable to convert kernfs_rename_lock to raw lock. >>> >>> Create raw version kernfs_path, kernfs_path_len and cgroup_path, >>> which don't >>> acquire lock and are used by tracepoints only. >>> >> >> And what prevents name from being freed while the tracepoint is reading >> it? >> >> Perhaps we need this change as well: > > Thanks for pointing this out. Yes, it looks we need this since the > tracepoints are protected by rcu_read_lock_sched. > > Will add this in V2. BTW, it sounds this is not the only point where kernfs_node could be updated, __kernfs_remove should need synchronize_sched too. Thanks, Yang > > Yang > >> >> -- Steve >> >> diff --git a/fs/kernfs/dir.c b/fs/kernfs/dir.c >> index 996b7742c90b..d2ef153145c0 100644 >> --- a/fs/kernfs/dir.c >> +++ b/fs/kernfs/dir.c >> @@ -1397,6 +1397,12 @@ int kernfs_rename_ns(struct kernfs_node *kn, >> struct kernfs_node *new_parent, >> kn->hash = kernfs_name_hash(kn->name, kn->ns); >> kernfs_link_sibling(kn); >> >> + /* >> + * Tracepoints may be reading the old name. They are protected >> + * by rcu_read_lock_sched(). >> + */ >> + synchronize_sched(); >> + >> kernfs_put(old_parent); >> kfree_const(old_name); >> >> >
Powered by blists - more mailing lists