lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20231023175519.4jtszivgfidn6p6j@revolver>
Date:   Mon, 23 Oct 2023 13:55:19 -0400
From:   "Liam R. Howlett" <Liam.Howlett@...cle.com>
To:     Hugh Dickins <hughd@...gle.com>
Cc:     akpm@...ux-foundation.org, linux-kernel@...r.kernel.org,
        linux-mm@...ck.org, postmaster@...gon.onmicrosoft.com,
        syzkaller-bugs@...glegroups.com,
        syzbot <syzbot+79fcba037b6df73756d3@...kaller.appspotmail.com>
Subject: Re: [syzbot] [mm?] WARNING: suspicious RCU usage in mas_walk (3)

* syzbot <syzbot+79fcba037b6df73756d3@...kaller.appspotmail.com> [231023 13:24]:
> syzbot has found a reproducer for the following issue on:
> 
> HEAD commit:    e8361b005d7c Add linux-next specific files for 20231023
> git tree:       linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=1207cb05680000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=75e8fc3570ec9a74
> dashboard link: https://syzkaller.appspot.com/bug?extid=79fcba037b6df73756d3
> compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=107fab89680000
> 
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/e28a7944599e/disk-e8361b00.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/7dd355dbe055/vmlinux-e8361b00.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/7b2a9050635d/bzImage-e8361b00.xz
> 
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+79fcba037b6df73756d3@...kaller.appspotmail.com
> 
> =============================
> WARNING: suspicious RCU usage
> 6.6.0-rc6-next-20231023-syzkaller #0 Not tainted
> -----------------------------
> lib/maple_tree.c:856 suspicious rcu_dereference_check() usage!
> 
> other info that might help us debug this:
> 
> 
> rcu_scheduler_active = 2, debug_locks = 1
> no locks held by syz-executor.4/5222.
> 
> stack backtrace:
> CPU: 0 PID: 5222 Comm: syz-executor.4 Not tainted 6.6.0-rc6-next-20231023-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
> Call Trace:
>  <TASK>
>  __dump_stack lib/dump_stack.c:88 [inline]
>  dump_stack_lvl+0x125/0x1b0 lib/dump_stack.c:106
>  lockdep_rcu_suspicious+0x20b/0x3a0 kernel/locking/lockdep.c:6711
>  mas_root lib/maple_tree.c:856 [inline]
>  mas_root lib/maple_tree.c:854 [inline]
>  mas_start lib/maple_tree.c:1385 [inline]
>  mas_state_walk lib/maple_tree.c:3705 [inline]
>  mas_walk+0x4d1/0x7d0 lib/maple_tree.c:4888
>  mas_find_setup lib/maple_tree.c:5948 [inline]
>  mas_find+0x1e6/0x400 lib/maple_tree.c:5989
>  vma_find include/linux/mm.h:952 [inline]
>  do_mbind+0xc8f/0x1010 mm/mempolicy.c:1328

Hugh,

41de65c4cd27 ("mempolicy: mmap_lock is not needed while migrating
folios") changes the do_mbind() code locking here to drop the mmap write
lock on line 1300 in e8361b005d7c.

This is an issue as it opens the VMA (maple) tree to being updated, but
you then re-walk the tree later.  If this is okay, then you can add an
rcu_read_lock()/rcu_read_unlock() to iterate over the VMAs so it is
safe (around 1327/1332, respectively).

I'm not entirely sure why this is safe to do without the mmap write
lock, but considering the change log it seems you have thought through
it.  I'm just not sure what is going to stop the VMAs from being split
or such by a ref count on the memory policy (or if it matters if they
are)?

Thanks,
Liam

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ