lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Thu, 05 Oct 2023 23:28:58 -0400
From:   Rik van Riel <riel@...riel.com>
To:     Mike Kravetz <mike.kravetz@...cle.com>
Cc:     linux-kernel@...r.kernel.org, kernel-team@...a.com,
        linux-mm@...ck.org, akpm@...ux-foundation.org,
        muchun.song@...ux.dev, leit@...a.com, willy@...radead.org
Subject: Re: [PATCH 3/3] hugetlbfs: replace hugetlb_vma_lock with
 invalidate_lock

On Thu, 2023-10-05 at 17:19 -0700, Mike Kravetz wrote:
> 
> I have not gone through the patch, but it does produce the following:
> 
> [   49.783584] =====================================
> [   49.784570] WARNING: bad unlock balance detected!
> [   49.785589] 6.6.0-rc3-next-20230925+ #35 Not tainted
> [   49.786644] -------------------------------------
> [   49.787768] hfill2/938 is trying to release lock
> (mapping.invalidate_lock) at:
> [   49.789387] [<ffffffff815212e5>]
> remove_inode_hugepages+0x405/0x4b0
> [   49.790723] but there are no more locks to release!
> [   49.791808] 
> [   49.791808] other info that might help us debug this:
> [   49.793274] 4 locks held by hfill2/938:
> [   49.794190]  #0: ffff8881ff3213e8 (sb_writers#11){.+.+}-{0:0}, at:
> do_syscall_64+0x37/0x90
> [   49.796165]  #1: ffff888181c99640 (&sb->s_type-
> >i_mutex_key#16){+.+.}-{3:3}, at: do_truncate+0x6f/0xd0
> [   49.798188]  #2: ffff888301592f98
> (&hugetlb_fault_mutex_table[i]){+.+.}-{3:3}, at:
> remove_inode_hugepages+0x144/0x4b0
> [   49.800494]  #3: ffff888181c998b0
> (&hugetlbfs_i_mmap_rwsem_key){++++}-{3:3}, at:
> remove_inode_hugepages+0x239/0x4b0

Well that's a fun one. The remove_inode_hugepages function
does not take the mapping.invalidate_lock, but it calls
hugetlb_unmap_file_folio which does.

The vma_interval_tree_foreach loop has a stray
hugetlb_vma_unlock_write() left, which I should have
removed when lifting the lock outside of the loop.

Nice catch!

-- 
All Rights Reversed.

Powered by blists - more mailing lists