lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <ZXBCB2Gv1O-1-T6f@alley>
Date:   Wed, 6 Dec 2023 10:42:31 +0100
From:   Petr Mladek <pmladek@...e.com>
To:     Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
Cc:     Hillf Danton <hdanton@...a.com>,
        syzbot <syzbot+186b55175d8360728234@...kaller.appspotmail.com>,
        linux-kernel@...r.kernel.org, Matthew Wilcox <willy@...radead.org>,
        John Ogness <john.ogness@...utronix.de>,
        Waiman Long <longman@...hat.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [kernel?] possible deadlock in stack_depot_put

On Tue 2023-12-05 21:00:46, Tetsuo Handa wrote:
> On 2023/12/05 20:31, Hillf Danton wrote:
> > Unlike down_trylock(), mutex_trylock() is unable to trigger any lockdep
> > warning, so why is a binary semaphore prefered over mutex?
> 
> The mutex has limitations which makes it impossible to use for console lock.
> 
> https://elixir.bootlin.com/linux/v6.7-rc4/source/kernel/locking/mutex.c#L537

In particular, mutexes can't be acquired in an interrupt context not even
via mutex_trylock().

> By the way, this is a KASAN bug saying "refcount_t: underflow; use-after-free.".
> Possibly a candidate for printk_deferred_enter() user?

In practice, it would mean adding

	printk_deferred_enter()
	printk_deferred_exit()

around the KASAN/stackdepot code which might be called in any context
and might print a message. For example, see show_one_worker_pool().

It should be used only when really needed because it reduces the
chance to see the messages.

But honestly, I do not see a better solution. printk_deferred() is
used on many locations inside the scheduler to avoid these deadlocks
between console_sem and rq->lock.

It should be solved by the printk rework introducing per-console
locks. It might eventually allow to get rid of console_sem
completely. But it might be a long ride until all console
drivers get converted.

Best Regards,
Petr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ