| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Mar 2016 11:49:57 +0200
From: Sedat Dilek <sedat.dilek@...il.com>
To: Peter Zijlstra <peterz@...radead.org>
Cc: Ingo Molnar <mingo@...nel.org>,
Alfredo Alvarez Fernandez <alfredoalvarezfernandez@...il.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
"Theodore Ts'o" <tytso@....edu>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [Linux-v4.6-rc1] ext4: WARNING: CPU: 2 PID: 2692 at
kernel/locking/lockdep.c:2017 __lock_acquire+0x180e/0x2260
On Wed, Mar 30, 2016 at 11:36 AM, Peter Zijlstra <peterz@...radead.org> wrote:
> On Tue, Mar 29, 2016 at 10:47:02AM +0200, Ingo Molnar wrote:
>
>> > You are right; this is lockdep running into a hash collision; which is a new
>> > DEBUG_LOCKDEP test. See 9e4e7554e755 ("locking/lockdep: Detect chain_key
>> > collisions").
>>
>> I've Cc:-ed Alfredo Alvarez Fernandez who added that test.
>
> OK, so while the code in check_no_collision() seems sensible, it relies
> on borken bits.
>
> The whole chain_hlocks and /proc/lockdep_chains stuff appears to have
> been buggered from the start.
>
> The below patch should fix this.
>
checkpatch.pl says...
WARNING: Prefer seq_puts to seq_printf
#124: FILE: kernel/locking/lockdep_proc.c:145:
+ seq_printf(m, "(buggered) ");
Testing your patch right now.
- Sedat -
> Furthermore, our hash function has definite room for improvement.
>
> ---
> include/linux/lockdep.h | 8 +++++---
> kernel/locking/lockdep.c | 30 ++++++++++++++++++++++++------
> kernel/locking/lockdep_proc.c | 2 ++
> 3 files changed, 31 insertions(+), 9 deletions(-)
>
> diff --git a/include/linux/lockdep.h b/include/linux/lockdep.h
> index d026b190c530..2568c120513b 100644
> --- a/include/linux/lockdep.h
> +++ b/include/linux/lockdep.h
> @@ -196,9 +196,11 @@ struct lock_list {
> * We record lock dependency chains, so that we can cache them:
> */
> struct lock_chain {
> - u8 irq_context;
> - u8 depth;
> - u16 base;
> + /* see BUILD_BUG_ON()s in lookup_chain_cache() */
> + unsigned int irq_context : 2,
> + depth : 6,
> + base : 24;
> + /* 4 byte hole */
> struct hlist_node entry;
> u64 chain_key;
> };
> diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c
> index 53ab2f85d77e..91a4b7780afb 100644
> --- a/kernel/locking/lockdep.c
> +++ b/kernel/locking/lockdep.c
> @@ -2099,15 +2099,37 @@ static inline int lookup_chain_cache(struct task_struct *curr,
> chain->irq_context = hlock->irq_context;
> i = get_first_held_lock(curr, hlock);
> chain->depth = curr->lockdep_depth + 1 - i;
> +
> + BUILD_BUG_ON((1UL << 24) <= ARRAY_SIZE(chain_hlocks));
> + BUILD_BUG_ON((1UL << 6) <= ARRAY_SIZE(curr->held_locks));
> + BUILD_BUG_ON((1UL << 8*sizeof(chain_hlocks[0])) <= ARRAY_SIZE(lock_classes));
> +
> if (likely(nr_chain_hlocks + chain->depth <= MAX_LOCKDEP_CHAIN_HLOCKS)) {
> chain->base = nr_chain_hlocks;
> - nr_chain_hlocks += chain->depth;
> for (j = 0; j < chain->depth - 1; j++, i++) {
> int lock_id = curr->held_locks[i].class_idx - 1;
> chain_hlocks[chain->base + j] = lock_id;
> }
> chain_hlocks[chain->base + j] = class - lock_classes;
> }
> +
> + if (nr_chain_hlocks < MAX_LOCKDEP_CHAIN_HLOCKS)
> + nr_chain_hlocks += chain->depth;
> +
> +#ifdef CONFIG_DEBUG_LOCKDEP
> + /*
> + * Important for check_no_collision().
> + */
> + if (unlikely(nr_chain_hlocks > MAX_LOCKDEP_CHAIN_HLOCKS)) {
> + if (debug_locks_off_graph_unlock())
> + return 0;
> +
> + print_lockdep_off("BUG: MAX_LOCKDEP_CHAIN_HLOCKS too low!");
> + dump_stack();
> + return 0;
> + }
> +#endif
> +
> hlist_add_head_rcu(&chain->entry, hash_head);
> debug_atomic_inc(chain_lookup_misses);
> inc_chains();
> @@ -2860,11 +2882,6 @@ static int separate_irq_context(struct task_struct *curr,
> {
> unsigned int depth = curr->lockdep_depth;
>
> - /*
> - * Keep track of points where we cross into an interrupt context:
> - */
> - hlock->irq_context = 2*(curr->hardirq_context ? 1 : 0) +
> - curr->softirq_context;
> if (depth) {
> struct held_lock *prev_hlock;
>
> @@ -3164,6 +3181,7 @@ static int __lock_acquire(struct lockdep_map *lock, unsigned int subclass,
> hlock->acquire_ip = ip;
> hlock->instance = lock;
> hlock->nest_lock = nest_lock;
> + hlock->irq_context = 2*(!!curr->hardirq_context) + !!curr->softirq_context;
> hlock->trylock = trylock;
> hlock->read = read;
> hlock->check = check;
> diff --git a/kernel/locking/lockdep_proc.c b/kernel/locking/lockdep_proc.c
> index dbb61a302548..a0f61effad25 100644
> --- a/kernel/locking/lockdep_proc.c
> +++ b/kernel/locking/lockdep_proc.c
> @@ -141,6 +141,8 @@ static int lc_show(struct seq_file *m, void *v)
> int i;
>
> if (v == SEQ_START_TOKEN) {
> + if (nr_chain_hlocks > MAX_LOCKDEP_CHAIN_HLOCKS)
> + seq_printf(m, "(buggered) ");
> seq_printf(m, "all lock chains:\n");
> return 0;
> }
Powered by blists - more mailing lists