lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200717163434.GA119309@roeck-us.net>
Date:   Fri, 17 Jul 2020 09:34:34 -0700
From:   Guenter Roeck <linux@...ck-us.net>
To:     Marek Szyprowski <m.szyprowski@...sung.com>
Cc:     Saravana Kannan <saravanak@...gle.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        "Rafael J. Wysocki" <rafael@...nel.org>, kernel-team@...roid.com,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] driver core: Fix sleeping in invalid context during
 device link deletion

On Fri, Jul 17, 2020 at 12:13:04AM +0200, Marek Szyprowski wrote:
> Hi Saravana,
> 
> On 16.07.2020 23:45, Saravana Kannan wrote:
> > Marek and Guenter reported that commit 287905e68dd2 ("driver core:
> > Expose device link details in sysfs") caused sleeping/scheduling while
> > atomic warnings.
> >
> > BUG: sleeping function called from invalid context at kernel/locking/mutex.c:935
> > in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 12, name: kworker/0:1
> > 2 locks held by kworker/0:1/12:
> >    #0: ee8074a8 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x174/0x7dc
> >    #1: ee921f20 ((work_completion)(&sdp->work)){+.+.}-{0:0}, at: process_one_work+0x174/0x7dc
> > Preemption disabled at:
> > [<c01b10f0>] srcu_invoke_callbacks+0xc0/0x154
> > ----- 8< ----- SNIP
> > [<c064590c>] (device_del) from [<c0645c9c>] (device_unregister+0x24/0x64)
> > [<c0645c9c>] (device_unregister) from [<c01b10fc>] (srcu_invoke_callbacks+0xcc/0x154)
> > [<c01b10fc>] (srcu_invoke_callbacks) from [<c01493c4>] (process_one_work+0x234/0x7dc)
> > [<c01493c4>] (process_one_work) from [<c01499b0>] (worker_thread+0x44/0x51c)
> > [<c01499b0>] (worker_thread) from [<c0150bf4>] (kthread+0x158/0x1a0)
> > [<c0150bf4>] (kthread) from [<c0100114>] (ret_from_fork+0x14/0x20)
> > Exception stack(0xee921fb0 to 0xee921ff8)
> >
> > This was caused by the device link device being released in the context
> > of srcu_invoke_callbacks().  There is no need to wait till the RCU
> > callback to release the device link device.  So release the device
> > earlier and move the call_srcu() into the device release code. That way,
> > the memory will get freed only after the device is released AND the RCU
> > callback is called.
> >
> > Fixes: 287905e68dd2 ("driver core: Expose device link details in sysfs")
> > Reported-by: Marek Szyprowski <m.szyprowski@...sung.com>
> > Reported-by: Guenter Roeck <linux@...ck-us.net>
> > Signed-off-by: Saravana Kannan <saravanak@...gle.com>
> > ---
> >
> > v1->v2:
> > - Better fix
> > - Changed subject
> > - v1 is this patch https://lore.kernel.org/lkml/20200716050846.2047110-1-saravanak@google.com/
> >
> > Marek and Guenter,
> >
> > I reproduced the original issue and tested this fix. Seems to work for
> > me. Can you confirm?
> 
> Confirmed, this one fixes the issue! :)
> 
Same here.

Tested-by: Guenter Roeck <linux@...ck-us.net>

Guenter

> Tested-by: Marek Szyprowski <m.szyprowski@...sung.com>
> 
> > Thanks,
> > Saravana
> >
> >   drivers/base/core.c | 45 +++++++++++++++++++++++++++------------------
> >   1 file changed, 27 insertions(+), 18 deletions(-)
> >
> > diff --git a/drivers/base/core.c b/drivers/base/core.c
> > index 5373ddd029f6..ec16b97d45ed 100644
> > --- a/drivers/base/core.c
> > +++ b/drivers/base/core.c
> > @@ -306,10 +306,34 @@ static struct attribute *devlink_attrs[] = {
> >   };
> >   ATTRIBUTE_GROUPS(devlink);
> >   
> > +static void device_link_free(struct device_link *link)
> > +{
> > +	while (refcount_dec_not_one(&link->rpm_active))
> > +		pm_runtime_put(link->supplier);
> > +
> > +	put_device(link->consumer);
> > +	put_device(link->supplier);
> > +	kfree(link);
> > +}
> > +
> > +#ifdef CONFIG_SRCU
> > +static void __device_link_free_srcu(struct rcu_head *rhead)
> > +{
> > +	device_link_free(container_of(rhead, struct device_link, rcu_head));
> > +}
> > +
> >   static void devlink_dev_release(struct device *dev)
> >   {
> > -	kfree(to_devlink(dev));
> > +	struct device_link *link = to_devlink(dev);
> > +
> > +	call_srcu(&device_links_srcu, &link->rcu_head, __device_link_free_srcu);
> >   }
> > +#else
> > +static void devlink_dev_release(struct device *dev)
> > +{
> > +	device_link_free(to_devlink(dev));
> > +}
> > +#endif
> >   
> >   static struct class devlink_class = {
> >   	.name = "devlink",
> > @@ -730,22 +754,7 @@ static void device_link_add_missing_supplier_links(void)
> >   	mutex_unlock(&wfs_lock);
> >   }
> >   
> > -static void device_link_free(struct device_link *link)
> > -{
> > -	while (refcount_dec_not_one(&link->rpm_active))
> > -		pm_runtime_put(link->supplier);
> > -
> > -	put_device(link->consumer);
> > -	put_device(link->supplier);
> > -	device_unregister(&link->link_dev);
> > -}
> > -
> >   #ifdef CONFIG_SRCU
> > -static void __device_link_free_srcu(struct rcu_head *rhead)
> > -{
> > -	device_link_free(container_of(rhead, struct device_link, rcu_head));
> > -}
> > -
> >   static void __device_link_del(struct kref *kref)
> >   {
> >   	struct device_link *link = container_of(kref, struct device_link, kref);
> > @@ -758,7 +767,7 @@ static void __device_link_del(struct kref *kref)
> >   
> >   	list_del_rcu(&link->s_node);
> >   	list_del_rcu(&link->c_node);
> > -	call_srcu(&device_links_srcu, &link->rcu_head, __device_link_free_srcu);
> > +	device_unregister(&link->link_dev);
> >   }
> >   #else /* !CONFIG_SRCU */
> >   static void __device_link_del(struct kref *kref)
> > @@ -773,7 +782,7 @@ static void __device_link_del(struct kref *kref)
> >   
> >   	list_del(&link->s_node);
> >   	list_del(&link->c_node);
> > -	device_link_free(link);
> > +	device_unregister(&link->link_dev);
> >   }
> >   #endif /* !CONFIG_SRCU */
> >   
> 
> Best regards
> -- 
> Marek Szyprowski, PhD
> Samsung R&D Institute Poland
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ