lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALrw=nG5Q_5i6eMbyt0_ZemT+EGgYpSDAg5-tUPC+SmxrPkNUQ@mail.gmail.com>
Date:   Thu, 9 Mar 2023 11:21:19 +0000
From:   Ignat Korchagin <ignat@...udflare.com>
To:     Mike Snitzer <snitzer@...nel.org>
Cc:     Hou Tao <houtao@...weicloud.com>, linux-kernel@...r.kernel.org,
        dm-devel@...hat.com, mpatocka@...hat.com, houtao1@...wei.com,
        Alasdair Kergon <agk@...hat.com>
Subject: Re: dm crypt: initialize tasklet in crypt_io_init()

On Wed, Mar 8, 2023 at 7:19 PM Mike Snitzer <snitzer@...nel.org> wrote:
>
> On Wed, Mar 08 2023 at  8:55P -0500,
> Ignat Korchagin <ignat@...udflare.com> wrote:
>
> > On Wed, Mar 8, 2023 at 2:56 AM Hou Tao <houtao@...weicloud.com> wrote:
> > >
> > > Hi,
> > >
> > > On 3/7/2023 10:47 PM, Mike Snitzer wrote:
> > > > On Mon, Mar 06 2023 at  9:12P -0500,
> > > > Hou Tao <houtao@...weicloud.com> wrote:
> > > >
> > > >> Hi,
> > > >>
> > > >> On 3/7/2023 3:31 AM, Mike Snitzer wrote:
> > > >>> On Mon, Mar 06 2023 at  8:49P -0500,
> > > >>> Hou Tao <houtao@...weicloud.com> wrote:
> > > >>>
> > > >>>> From: Hou Tao <houtao1@...wei.com>
> > > >>>>
> > > >>>> When neither no_read_workqueue nor no_write_workqueue are enabled,
> > > >>>> tasklet_trylock() in crypt_dec_pending() may still return false due to
> > > >>>> an uninitialized state, and dm-crypt will do io completion in io_queue
> > > >>>> instead of current context unnecessarily.
> > > >>> Have you actually experienced this?
> > > >> Yes. I had written a bpftrace script to check the completion context of
> > > >> blkdev_bio_end_io_simple() when doing direct io read on dm-crypt device. The
> > > >> expected context should be unbound workers of crypt_queue, but sometimes the
> > > >> context is the bound worker of io_queue.
> > > > OK, thanks for clarifying.  Curious to know the circumstance (I
> > > > thought per-bio-data is zero'd -- but it may be I'm mistaken).
> > > The circumstance is just a normal qemu VM running the vanilla kernel for test
> > > purpose. According to the implementation of bio_alloc_bioset(), the front pad of
> > > bio is not initialized and only bio itself is initialized. AFAIK if
> > > CONFIG_INIT_ON_ALLOC_DEFAULT_ON is enabled, per-bio-data may be zeroed.
>
> OK.
>
> > > > From: Mike Snitzer <snitzer@...nel.org>
> > > > Date: Mon, 6 Mar 2023 15:58:33 -0500
> > > > Subject: [PATCH] dm crypt: conditionally enable code needed for tasklet usecases
> > > >
> > > > Use jump_label to limit the need for branching, and tasklet_init(),
> > > > unless either of the optional "no_read_workqueue" and/or
> > > > "no_write_workqueue" features are used.
> > > >
> > > > Signed-off-by: Mike Snitzer <snitzer@...nel.org>
> > > > ---
> > > >  drivers/md/dm-crypt.c | 35 +++++++++++++++++++++++++++--------
> > > >  1 file changed, 27 insertions(+), 8 deletions(-)
> > > >
> > > > diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
> > > > index 641457e72603..2d0309ca07f5 100644
> > > > --- a/drivers/md/dm-crypt.c
> > > > +++ b/drivers/md/dm-crypt.c
> > > > @@ -40,6 +40,7 @@
> > > >  #include <keys/user-type.h>
> > > >  #include <keys/encrypted-type.h>
> > > >  #include <keys/trusted-type.h>
> > > > +#include <linux/jump_label.h>
> > > >
> > > >  #include <linux/device-mapper.h>
> > > >
> > > > @@ -85,6 +86,8 @@ struct dm_crypt_io {
> > > >       struct rb_node rb_node;
> > > >  } CRYPTO_MINALIGN_ATTR;
> > > >
> > > > +static DEFINE_STATIC_KEY_FALSE(use_tasklet_enabled);
> > > > +
> > > >  struct dm_crypt_request {
> > > >       struct convert_context *ctx;
> > > >       struct scatterlist sg_in[4];
> > > > @@ -1730,12 +1733,15 @@ static void crypt_io_init(struct dm_crypt_io *io, struct crypt_config *cc,
> > > >       io->sector = sector;
> > > >       io->error = 0;
> > > >       io->ctx.r.req = NULL;
> > > > -     /*
> > > > -      * tasklet_init() here to ensure crypt_dec_pending()'s
> > > > -      * tasklet_trylock() doesn't incorrectly return false
> > > > -      * even when tasklet isn't in use.
> > > > -      */
> > > > -     tasklet_init(&io->tasklet, kcryptd_crypt_tasklet, (unsigned long)&io->work);
> > > > +     if (static_branch_unlikely(&use_tasklet_enabled)) {
> > > > +             /*
> > > > +              * tasklet_init() here to ensure crypt_dec_pending()'s
> > > > +              * tasklet_trylock() doesn't incorrectly return false
> > > > +              * even when tasklet isn't in use.
> > > > +              */
> > > > +             tasklet_init(&io->tasklet, kcryptd_crypt_tasklet,
> > > > +                          (unsigned long)&io->work);
> > > > +     }
> > > >       io->integrity_metadata = NULL;
> > > >       io->integrity_metadata_from_pool = false;
> > > >       atomic_set(&io->io_pending, 0);
> > > > @@ -1775,6 +1781,10 @@ static void crypt_dec_pending(struct dm_crypt_io *io)
> > > >               kfree(io->integrity_metadata);
> > > >
> > > >       base_bio->bi_status = error;
> > > > +     if (!static_branch_unlikely(&use_tasklet_enabled)) {
> > > > +             bio_endio(base_bio);
> > > > +             return;
> > > > +     }
> > > Because use_tasklet_enabled can be enabled concurrently, so I think it is still
> > > possible that crypt_dec_pending will try-lock an unitialized tasklet if
> > > use_tasklet_enabled is enabled when invoking crypt_dec_pending().
>
> Good point, while I think it is probably acceptable given the worst
> case is punting the bio_endio to a workqueue for a time ...
>
> > Perhaps instead we can just pass an additional flag from
> > tasklet_schedule to indicate to the function that we're running in a
> > tasklet. I originally have chosen the tasklet_trylock/unlock hack to
> > avoid passing an extra flag. But unitialized memory makes sense as
> > well as the desire to avoid calling tasklet_init unconditionally. So
> > an extra member in dm_crypt_io might be the most straightforward here.
>
> ... I think we should certainly evaluate the use of an extra flag.
>
> Ignat: I'll have a look at implementing it but if you have a patch
> already developed please do share.

I don't have but it seems your latest patch is exactly what I had in mind.

> Thanks,
> Mike

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ