lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 12 Mar 2019 08:59:22 +0100
From:   luca abeni <luca.abeni@...tannapisa.it>
To:     "chengjian (D)" <cj.chengjian@...wei.com>
Cc:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Li Bin <huawei.libin@...wei.com>,
        "Xiexiuqi (Xie XiuQi)" <xiexiuqi@...wei.com>, <mingo@...hat.com>,
        Peter Zijlstra <peterz@...radead.org>
Subject: Re: WARN ON at kernel/sched/deadline.c task_non_contending

Hi all,

On Tue, 12 Mar 2019 10:03:12 +0800
"chengjian (D)" <cj.chengjian@...wei.com> wrote:

> Hi.
> 
> When looking to test SCHED_DEADLINE syzkaller report an warn in
> task_non_contending(). I tested the mainline kernel with the C program
> and captured the same call trace.
[...]
> diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c
> index 31c050a0d0ce..d73cb033a06d 100644
> --- a/kernel/sched/deadline.c
> +++ b/kernel/sched/deadline.c
> @@ -252,7 +252,6 @@ static void task_non_contending(struct
> task_struct *p) if (dl_entity_is_special(dl_se))
>                  return;
> 
> -       WARN_ON(hrtimer_active(&dl_se->inactive_timer));
>          WARN_ON(dl_se->dl_non_contending);
> 
>          zerolag_time = dl_se->deadline -
> @@ -287,7 +286,9 @@ static void task_non_contending(struct
> task_struct *p) }
> 
>          dl_se->dl_non_contending = 1;
> -       get_task_struct(p);
> +
> +       if (!hrtimer_active(&dl_se->inactive_timer));
> +               get_task_struct(p);
>          hrtimer_start(timer, ns_to_ktime(zerolag_time),
> HRTIMER_MODE_REL); }

At a first glance, I think the patch is OK, but I need some more time to
look at the details.

I'll run some experiments with the reproducer, and I'll let you know my
conclusions.


> Did I miss something ?
> 
> I saw it directly remove the hrtimer in hrtime_start() if hrtime is
> queued, it may be unsafe here when the timer handler is running.

This is probably why I added that WARN_ON()... I'll look at a possible
solution.



			Thanks,
				Luca


> 
> Help ?
> 
> I put the syzkaller log and C demo in attachments.
> 
> Thanks.
> 
> 
> 

Powered by blists - more mailing lists