| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3a468388-8845-d3ba-67fe-67138781055e@oracle.com>
Date: Thu, 25 Mar 2021 10:32:23 -0700
From: Mike Kravetz <mike.kravetz@...cle.com>
To: Michal Hocko <mhocko@...e.com>
Cc: linux-mm@...ck.org, linux-kernel@...r.kernel.org,
Roman Gushchin <guro@...com>,
Shakeel Butt <shakeelb@...gle.com>,
Oscar Salvador <osalvador@...e.de>,
David Hildenbrand <david@...hat.com>,
Muchun Song <songmuchun@...edance.com>,
David Rientjes <rientjes@...gle.com>,
Miaohe Lin <linmiaohe@...wei.com>,
Peter Zijlstra <peterz@...radead.org>,
Matthew Wilcox <willy@...radead.org>,
HORIGUCHI NAOYA <naoya.horiguchi@....com>,
"Aneesh Kumar K . V" <aneesh.kumar@...ux.ibm.com>,
Waiman Long <longman@...hat.com>, Peter Xu <peterx@...hat.com>,
Mina Almasry <almasrymina@...gle.com>,
Hillf Danton <hdanton@...a.com>,
Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [PATCH 7/8] hugetlb: make free_huge_page irq safe
On 3/25/21 4:21 AM, Michal Hocko wrote:
> On Wed 24-03-21 17:28:34, Mike Kravetz wrote:
>> Commit c77c0a8ac4c5 ("mm/hugetlb: defer freeing of huge pages if in
>> non-task context") was added to address the issue of free_huge_page
>> being called from irq context. That commit hands off free_huge_page
>> processing to a workqueue if !in_task. However, as seen in [1] this
>> does not cover all cases. Instead, make the locks taken in the
>> free_huge_page irq safe.
>
> I would just call out the deadlock scenario here in the changelog
> rathert than torture people by forcing them to follow up on the 0day
> report. Something like the below?
> "
> "
> However this doesn't cover all the cases as pointed out by 0day bot
> lockdep report [1]
> : Possible interrupt unsafe locking scenario:
> :
> : CPU0 CPU1
> : ---- ----
> : lock(hugetlb_lock);
> : local_irq_disable();
> : lock(slock-AF_INET);
> : lock(hugetlb_lock);
> : <Interrupt>
> : lock(slock-AF_INET);
>
> Shakeel has later explained that this is very likely TCP TX
> zerocopy from hugetlb pages scenario when the networking code drops a
> last reference to hugetlb page while having IRQ disabled. Hugetlb
> freeing path doesn't disable IRQ while holding hugetlb_lock so a lock
> dependency chain can lead to a deadlock.
>
Thanks. I will update changelog.
>
>> This patch does the following:
>> - Make hugetlb_lock irq safe. This is mostly a simple process of
>> changing spin_*lock calls to spin_*lock_irq* calls.
>> - Make subpool lock irq safe in a similar manner.
>> - Revert the !in_task check and workqueue handoff.
>>
>> [1] https://lore.kernel.org/linux-mm/000000000000f1c03b05bc43aadc@google.com/
>>
>> Signed-off-by: Mike Kravetz <mike.kravetz@...cle.com>
>
> Acked-by: Michal Hocko <mhocko@...e.com>
And, thanks for looking at the series!
--
Mike Kravetz
Powered by blists - more mailing lists