lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+icZUU-dFAzv-jKWt=D_wUN1NU6dGDcSTcB0AdisHkionFwMw@mail.gmail.com>
Date:	Wed, 30 Mar 2016 11:49:57 +0200
From:	Sedat Dilek <sedat.dilek@...il.com>
To:	Peter Zijlstra <peterz@...radead.org>
Cc:	Ingo Molnar <mingo@...nel.org>,
	Alfredo Alvarez Fernandez <alfredoalvarezfernandez@...il.com>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	"Theodore Ts'o" <tytso@....edu>,
	linux-fsdevel <linux-fsdevel@...r.kernel.org>,
	LKML <linux-kernel@...r.kernel.org>
Subject: Re: [Linux-v4.6-rc1] ext4: WARNING: CPU: 2 PID: 2692 at
 kernel/locking/lockdep.c:2017 __lock_acquire+0x180e/0x2260

On Wed, Mar 30, 2016 at 11:36 AM, Peter Zijlstra <peterz@...radead.org> wrote:
> On Tue, Mar 29, 2016 at 10:47:02AM +0200, Ingo Molnar wrote:
>
>> > You are right; this is lockdep running into a hash collision; which is a new
>> > DEBUG_LOCKDEP test. See 9e4e7554e755 ("locking/lockdep: Detect chain_key
>> > collisions").
>>
>> I've Cc:-ed Alfredo Alvarez Fernandez who added that test.
>
> OK, so while the code in check_no_collision() seems sensible, it relies
> on borken bits.
>
> The whole chain_hlocks and /proc/lockdep_chains stuff appears to have
> been buggered from the start.
>
> The below patch should fix this.
>

checkpatch.pl says...

WARNING: Prefer seq_puts to seq_printf
#124: FILE: kernel/locking/lockdep_proc.c:145:
+                       seq_printf(m, "(buggered) ");

Testing your patch right now.

- Sedat -


> Furthermore, our hash function has definite room for improvement.
>
> ---
>  include/linux/lockdep.h       |  8 +++++---
>  kernel/locking/lockdep.c      | 30 ++++++++++++++++++++++++------
>  kernel/locking/lockdep_proc.c |  2 ++
>  3 files changed, 31 insertions(+), 9 deletions(-)
>
> diff --git a/include/linux/lockdep.h b/include/linux/lockdep.h
> index d026b190c530..2568c120513b 100644
> --- a/include/linux/lockdep.h
> +++ b/include/linux/lockdep.h
> @@ -196,9 +196,11 @@ struct lock_list {
>   * We record lock dependency chains, so that we can cache them:
>   */
>  struct lock_chain {
> -       u8                              irq_context;
> -       u8                              depth;
> -       u16                             base;
> +       /* see BUILD_BUG_ON()s in lookup_chain_cache() */
> +       unsigned int                    irq_context :  2,
> +                                       depth       :  6,
> +                                       base        : 24;
> +       /* 4 byte hole */
>         struct hlist_node               entry;
>         u64                             chain_key;
>  };
> diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c
> index 53ab2f85d77e..91a4b7780afb 100644
> --- a/kernel/locking/lockdep.c
> +++ b/kernel/locking/lockdep.c
> @@ -2099,15 +2099,37 @@ static inline int lookup_chain_cache(struct task_struct *curr,
>         chain->irq_context = hlock->irq_context;
>         i = get_first_held_lock(curr, hlock);
>         chain->depth = curr->lockdep_depth + 1 - i;
> +
> +       BUILD_BUG_ON((1UL << 24) <= ARRAY_SIZE(chain_hlocks));
> +       BUILD_BUG_ON((1UL << 6)  <= ARRAY_SIZE(curr->held_locks));
> +       BUILD_BUG_ON((1UL << 8*sizeof(chain_hlocks[0])) <= ARRAY_SIZE(lock_classes));
> +
>         if (likely(nr_chain_hlocks + chain->depth <= MAX_LOCKDEP_CHAIN_HLOCKS)) {
>                 chain->base = nr_chain_hlocks;
> -               nr_chain_hlocks += chain->depth;
>                 for (j = 0; j < chain->depth - 1; j++, i++) {
>                         int lock_id = curr->held_locks[i].class_idx - 1;
>                         chain_hlocks[chain->base + j] = lock_id;
>                 }
>                 chain_hlocks[chain->base + j] = class - lock_classes;
>         }
> +
> +       if (nr_chain_hlocks < MAX_LOCKDEP_CHAIN_HLOCKS)
> +               nr_chain_hlocks += chain->depth;
> +
> +#ifdef CONFIG_DEBUG_LOCKDEP
> +       /*
> +        * Important for check_no_collision().
> +        */
> +       if (unlikely(nr_chain_hlocks > MAX_LOCKDEP_CHAIN_HLOCKS)) {
> +               if (debug_locks_off_graph_unlock())
> +                       return 0;
> +
> +               print_lockdep_off("BUG: MAX_LOCKDEP_CHAIN_HLOCKS too low!");
> +               dump_stack();
> +               return 0;
> +       }
> +#endif
> +
>         hlist_add_head_rcu(&chain->entry, hash_head);
>         debug_atomic_inc(chain_lookup_misses);
>         inc_chains();
> @@ -2860,11 +2882,6 @@ static int separate_irq_context(struct task_struct *curr,
>  {
>         unsigned int depth = curr->lockdep_depth;
>
> -       /*
> -        * Keep track of points where we cross into an interrupt context:
> -        */
> -       hlock->irq_context = 2*(curr->hardirq_context ? 1 : 0) +
> -                               curr->softirq_context;
>         if (depth) {
>                 struct held_lock *prev_hlock;
>
> @@ -3164,6 +3181,7 @@ static int __lock_acquire(struct lockdep_map *lock, unsigned int subclass,
>         hlock->acquire_ip = ip;
>         hlock->instance = lock;
>         hlock->nest_lock = nest_lock;
> +       hlock->irq_context = 2*(!!curr->hardirq_context) + !!curr->softirq_context;
>         hlock->trylock = trylock;
>         hlock->read = read;
>         hlock->check = check;
> diff --git a/kernel/locking/lockdep_proc.c b/kernel/locking/lockdep_proc.c
> index dbb61a302548..a0f61effad25 100644
> --- a/kernel/locking/lockdep_proc.c
> +++ b/kernel/locking/lockdep_proc.c
> @@ -141,6 +141,8 @@ static int lc_show(struct seq_file *m, void *v)
>         int i;
>
>         if (v == SEQ_START_TOKEN) {
> +               if (nr_chain_hlocks > MAX_LOCKDEP_CHAIN_HLOCKS)
> +                       seq_printf(m, "(buggered) ");
>                 seq_printf(m, "all lock chains:\n");
>                 return 0;
>         }

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ