| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <12387583.O9o76ZdvQC@natalenko.name>
Date: Sat, 24 Feb 2024 17:30:29 +0100
From: Oleksandr Natalenko <oleksandr@...alenko.name>
To: linux-kernel@...r.kernel.org, rcu@...r.kernel.org,
Boqun Feng <boqun.feng@...il.com>
Cc: Zqiang <qiang.zhang1211@...il.com>,
Joel Fernandes <joel@...lfernandes.org>,
Frederic Weisbecker <frederic@...nel.org>,
"Paul E . McKenney" <paulmck@...nel.org>, Boqun Feng <boqun.feng@...il.com>,
Neeraj Upadhyay <quic_neeraju@...cinc.com>,
Josh Triplett <josh@...htriplett.org>, Steven Rostedt <rostedt@...dmis.org>,
Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
Lai Jiangshan <jiangshanlai@...il.com>, Bagas Sanjaya <bagasdotme@...il.com>,
Marcus Seyfarth <m.seyfarth@...il.com>, Tor Vic <torvic9@...lbox.org>
Subject:
Re: [PATCH 5/6] rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()
Hello.
On čtvrtek 1. února 2024 2:40:57 CET Boqun Feng wrote:
> From: Zqiang <qiang.zhang1211@...il.com>
>
> For the kernels built with CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y and
> CONFIG_RCU_LAZY=y, the following scenarios will trigger WARN_ON_ONCE()
> in the rcu_nocb_bypass_lock() and rcu_nocb_wait_contended() functions:
>
> CPU2 CPU11
> kthread
> rcu_nocb_cb_kthread ksys_write
> rcu_do_batch vfs_write
> rcu_torture_timer_cb proc_sys_write
> __kmem_cache_free proc_sys_call_handler
> kmemleak_free drop_caches_sysctl_handler
> delete_object_full drop_slab
> __delete_object shrink_slab
> put_object lazy_rcu_shrink_scan
> call_rcu rcu_nocb_flush_bypass
> __call_rcu_commn rcu_nocb_bypass_lock
> raw_spin_trylock(&rdp->nocb_bypass_lock) fail
> atomic_inc(&rdp->nocb_lock_contended);
> rcu_nocb_wait_contended WARN_ON_ONCE(smp_processor_id() != rdp->cpu);
> WARN_ON_ONCE(atomic_read(&rdp->nocb_lock_contended)) |
> |_ _ _ _ _ _ _ _ _ _same rdp and rdp->cpu != 11_ _ _ _ _ _ _ _ _ __|
>
> Reproduce this bug with "echo 3 > /proc/sys/vm/drop_caches".
>
> This commit therefore uses rcu_nocb_try_flush_bypass() instead of
> rcu_nocb_flush_bypass() in lazy_rcu_shrink_scan(). If the nocb_bypass
> queue is being flushed, then rcu_nocb_try_flush_bypass will return
> directly.
>
> Signed-off-by: Zqiang <qiang.zhang1211@...il.com>
> Reviewed-by: Joel Fernandes (Google) <joel@...lfernandes.org>
> Reviewed-by: Frederic Weisbecker <frederic@...nel.org>
> Reviewed-by: Paul E. McKenney <paulmck@...nel.org>
> Signed-off-by: Boqun Feng <boqun.feng@...il.com>
> ---
> kernel/rcu/tree_nocb.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/rcu/tree_nocb.h b/kernel/rcu/tree_nocb.h
> index 9e8052ba14b9..ffa69a5e18f4 100644
> --- a/kernel/rcu/tree_nocb.h
> +++ b/kernel/rcu/tree_nocb.h
> @@ -1391,7 +1391,7 @@ lazy_rcu_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
> rcu_nocb_unlock_irqrestore(rdp, flags);
> continue;
> }
> - WARN_ON_ONCE(!rcu_nocb_flush_bypass(rdp, NULL, jiffies, false));
> + rcu_nocb_try_flush_bypass(rdp, jiffies);
> rcu_nocb_unlock_irqrestore(rdp, flags);
> wake_nocb_gp(rdp, false);
> sc->nr_to_scan -= _count;
>
Does this fix [1] [2]?
Thank you.
[1] https://bugzilla.kernel.org/show_bug.cgi?id=217948
[2] https://lore.kernel.org/lkml/8461340f-c7c8-4e1e-b7fa-a0e4b9a6c2a8@gmail.com/
--
Oleksandr Natalenko (post-factum)
Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists