| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Dec 2022 20:32:16 +0100
From: Peter Zijlstra <peterz@...radead.org>
To: Waiman Long <longman@...hat.com>
Cc: Ingo Molnar <mingo@...hat.com>, Juri Lelli <juri.lelli@...hat.com>,
Vincent Guittot <vincent.guittot@...aro.org>,
Dietmar Eggemann <dietmar.eggemann@....com>,
Steven Rostedt <rostedt@...dmis.org>,
Ben Segall <bsegall@...gle.com>, Mel Gorman <mgorman@...e.de>,
Daniel Bristot de Oliveira <bristot@...hat.com>,
Phil Auld <pauld@...hat.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH-tip v3] sched: Use kfree_rcu() in do_set_cpus_allowed()
On Mon, Dec 05, 2022 at 11:39:36AM -0500, Waiman Long wrote:
> Commit 851a723e45d1 ("sched: Always clear user_cpus_ptr in
> do_set_cpus_allowed()") may call kfree() if user_cpus_ptr was previously
> set. Unfortunately, some of the callers of do_set_cpus_allowed()
> may have pi_lock held when calling it. So the following splats may be
> printed especially when running with a PREEMPT_RT kernel:
>
> WARNING: possible circular locking dependency detected
> BUG: sleeping function called from invalid context
>
> To avoid these problems, kfree_rcu() is used instead. An internal
> cpumask_rcuhead union is created for the sole purpose of facilitating
> the use of kfree_rcu() to free the cpumask.
>
> Fixes: 851a723e45d1 ("sched: Always clear user_cpus_ptr in do_set_cpus_allowed()")
> Suggested-by: Peter Zijlstra <peterz@...radead.org>
> Signed-off-by: Waiman Long <longman@...hat.com>
> ---
> kernel/sched/core.c | 20 +++++++++++++++++---
> 1 file changed, 17 insertions(+), 3 deletions(-)
>
> [v3: Fix build problem reported by kernel test robot]
>
> diff --git a/kernel/sched/core.c b/kernel/sched/core.c
> index 57e5932f81a9..155b6cfe119a 100644
> --- a/kernel/sched/core.c
> +++ b/kernel/sched/core.c
> @@ -2604,9 +2604,19 @@ void do_set_cpus_allowed(struct task_struct *p, const struct cpumask *new_mask)
> .user_mask = NULL,
> .flags = SCA_USER, /* clear the user requested mask */
> };
> + union cpumask_rcuhead {
> + cpumask_t cpumask;
> + struct rcu_head rcu;
> + };
>
> __do_set_cpus_allowed(p, &ac);
> - kfree(ac.user_mask);
> +
> + /*
> + * Because this is called with p->pi_lock held, it is not possible
> + * to use kfree() here (when PREEMPT_RT=y), therefore punt to using
> + * kfree_rcu().
> + */
> + kfree_rcu((union cpumask_rcuhead *)ac.user_mask, rcu);
> }
>
> int dup_user_cpus_ptr(struct task_struct *dst, struct task_struct *src,
> @@ -8220,7 +8230,7 @@ long sched_setaffinity(pid_t pid, const struct cpumask *in_mask)
> struct affinity_context ac;
> struct cpumask *user_mask;
> struct task_struct *p;
> - int retval;
> + int retval, size;
>
> rcu_read_lock();
>
> @@ -8253,7 +8263,11 @@ long sched_setaffinity(pid_t pid, const struct cpumask *in_mask)
> if (retval)
> goto out_put_task;
>
> - user_mask = kmalloc(cpumask_size(), GFP_KERNEL);
> + /*
> + * See do_set_cpus_allowed() for the rcu_head usage.
> + */
> + size = max_t(int, cpumask_size(), sizeof(struct rcu_head));
> + user_mask = kmalloc(size, GFP_KERNEL);
> if (!user_mask) {
> retval = -ENOMEM;
> goto out_put_task;
AFAICT you forgot dup_user_cpus_ptr().
Powered by blists - more mailing lists