lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 26 Feb 2021 15:14:31 -0800
From:   Mike Kravetz <>
To:     Shakeel Butt <>,
        syzbot <>
Cc:     Andrew Morton <>,
        LKML <>,
        Linux MM <>,
        syzkaller-bugs <>,
        Eric Dumazet <>,
        Mina Almasry <>,
        Michal Hocko <>
Subject: Re: possible deadlock in sk_clone_lock

Cc: Michal

On 2/26/21 2:44 PM, Shakeel Butt wrote:
> On Fri, Feb 26, 2021 at 2:09 PM syzbot
> <> wrote:
>> other info that might help us debug this:
>>  Possible interrupt unsafe locking scenario:
>>        CPU0                    CPU1
>>        ----                    ----
>>   lock(hugetlb_lock);
>>                                local_irq_disable();
>>                                lock(slock-AF_INET);
>>                                lock(hugetlb_lock);
>>   <Interrupt>
>>     lock(slock-AF_INET);
>>  *** DEADLOCK ***
> This has been reproduced on 4.19 stable kernel as well [1] and there
> is a reproducer as well.
> It seems like sendmsg(MSG_ZEROCOPY) from a buffer backed by hugetlb. I
> wonder if we just need to make hugetlb_lock softirq-safe.
> [1]

Thanks Shakeel,

Commit c77c0a8ac4c5 ("mm/hugetlb: defer freeing of huge pages if in non-task
context") attempted to address this issue.  It uses a work queue to
acquire hugetlb_lock if the caller is !in_task().

In another recent thread, there was the suggestion to change the
!in_task to in_atomic.

I need to do some research on the subtle differences between in_task,
in_atomic, etc.  TBH, I 'thought' !in_task would prevent the issue
reported here.  But, that obviously is not the case.
Mike Kravetz

Powered by blists - more mailing lists