lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 11 Nov 2020 00:23:14 +0100
From:   Anders Roxell <anders.roxell@...aro.org>
To:     Marco Elver <elver@...gle.com>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        Alexander Potapenko <glider@...gle.com>,
        Dmitry Vyukov <dvyukov@...gle.com>,
        Jann Horn <jannh@...gle.com>,
        Mark Rutland <mark.rutland@....com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Linux-MM <linux-mm@...ck.org>,
        kasan-dev <kasan-dev@...glegroups.com>
Subject: Re: [PATCH] kfence: Avoid stalling work queue task without allocations

On Tue, 10 Nov 2020 at 14:53, Marco Elver <elver@...gle.com> wrote:
>
> To toggle the allocation gates, we set up a delayed work that calls
> toggle_allocation_gate(). Here we use wait_event() to await an
> allocation and subsequently disable the static branch again. However, if
> the kernel has stopped doing allocations entirely, we'd wait
> indefinitely, and stall the worker task. This may also result in the
> appropriate warnings if CONFIG_DETECT_HUNG_TASK=y.
>
> Therefore, introduce a 1 second timeout and use wait_event_timeout(). If
> the timeout is reached, the static branch is disabled and a new delayed
> work is scheduled to try setting up an allocation at a later time.
>
> Note that, this scenario is very unlikely during normal workloads once
> the kernel has booted and user space tasks are running. It can, however,
> happen during early boot after KFENCE has been enabled, when e.g.
> running tests that do not result in any allocations.
>
> Link: https://lkml.kernel.org/r/CADYN=9J0DQhizAGB0-jz4HOBBh+05kMBXb4c0cXMS7Qi5NAJiw@mail.gmail.com
> Reported-by: Anders Roxell <anders.roxell@...aro.org>
> Signed-off-by: Marco Elver <elver@...gle.com>
> ---
>  mm/kfence/core.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/mm/kfence/core.c b/mm/kfence/core.c
> index 9358f42a9a9e..933b197b8634 100644
> --- a/mm/kfence/core.c
> +++ b/mm/kfence/core.c
> @@ -592,7 +592,11 @@ static void toggle_allocation_gate(struct work_struct *work)
>         /* Enable static key, and await allocation to happen. */
>         atomic_set(&allocation_gate, 0);
>         static_branch_enable(&kfence_allocation_key);
> -       wait_event(allocation_wait, atomic_read(&allocation_gate) != 0);
> +       /*
> +        * Await an allocation. Timeout after 1 second, in case the kernel stops
> +        * doing allocations, to avoid stalling this worker task for too long.
> +        */
> +       wait_event_timeout(allocation_wait, atomic_read(&allocation_gate) != 0, HZ);
>
>         /* Disable static key and reset timer. */
>         static_branch_disable(&kfence_allocation_key);
> --
> 2.29.2.222.g5d2a92d10f8-goog
>

I gave them a spin on next-20201105 [1] and on next-20201110 [2].

I eventually got to a prompt on next-20201105.
However, I got to this kernel panic on the next-20201110:

[...]
[ 1514.089966][    T1] Testing event system initcall: OK
[ 1514.806232][    T1] Running tests on all trace events:
[ 1514.857835][    T1] Testing all events:
[ 1525.503262][    C0] hrtimer: interrupt took 10902600 ns
[ 1623.861452][    C0] BUG: workqueue lockup - pool cpus=0 node=0
flags=0x0 nice=0 stuck for 65s!
[...]
[ 7823.104349][   T28]       Tainted: G        W
5.10.0-rc3-next-20201110-00008-g8dc06700529d #3
[ 7833.206491][   T28] "echo 0 >
/proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 7840.750700][   T28] task:kworker/0:1     state:D stack:26640 pid:
1872 ppid:     2 flags:0x00000428
[ 7875.642531][   T28] Workqueue: events toggle_allocation_gate
[ 7889.178334][   T28] Call trace:
[ 7897.066649][   T28]  __switch_to+0x1cc/0x1e0
[ 7905.326856][   T28]  0xffff00000f7077b0
[ 7928.354644][   T28] INFO: lockdep is turned off.
[ 7934.022572][   T28] Kernel panic - not syncing: hung_task: blocked tasks
[ 7934.032039][   T28] CPU: 0 PID: 28 Comm: khungtaskd Tainted: G
  W         5.10.0-rc3-next-20201110-00008-g8dc06700529d #3
[ 7934.045586][   T28] Hardware name: linux,dummy-virt (DT)
[ 7934.053677][   T28] Call trace:
[ 7934.060276][   T28]  dump_backtrace+0x0/0x420
[ 7934.067635][   T28]  show_stack+0x38/0xa0
[ 7934.091277][   T28]  dump_stack+0x1d4/0x278
[ 7934.098878][   T28]  panic+0x304/0x5d8
[ 7934.114923][   T28]  check_hung_uninterruptible_tasks+0x5e4/0x640
[ 7934.123823][   T28]  watchdog+0x138/0x160
[ 7934.131561][   T28]  kthread+0x23c/0x260
[ 7934.138590][   T28]  ret_from_fork+0x10/0x18
[ 7934.146631][   T28] Kernel Offset: disabled
[ 7934.153749][   T28] CPU features: 0x0240002,20002004
[ 7934.161476][   T28] Memory Limit: none
[ 7934.171272][   T28] ---[ end Kernel panic - not syncing: hung_task:
blocked tasks ]---


Cheers,
Anders
[1] https://people.linaro.org/~anders.roxell/output-next-20201105-test.log
[2] https://people.linaro.org/~anders.roxell/output-next-20201110-test.log

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ