| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 26 Feb 2024 16:21:16 -0800 From: "Paul E. McKenney" <paulmck@...nel.org> To: Oleksandr Natalenko <oleksandr@...alenko.name> Cc: linux-kernel@...r.kernel.org, rcu@...r.kernel.org, Boqun Feng <boqun.feng@...il.com>, Zqiang <qiang.zhang1211@...il.com>, Joel Fernandes <joel@...lfernandes.org>, Frederic Weisbecker <frederic@...nel.org>, Neeraj Upadhyay <quic_neeraju@...cinc.com>, Josh Triplett <josh@...htriplett.org>, Steven Rostedt <rostedt@...dmis.org>, Mathieu Desnoyers <mathieu.desnoyers@...icios.com>, Lai Jiangshan <jiangshanlai@...il.com>, Bagas Sanjaya <bagasdotme@...il.com>, Marcus Seyfarth <m.seyfarth@...il.com>, Tor Vic <torvic9@...lbox.org> Subject: Re: [PATCH 5/6] rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock() On Sat, Feb 24, 2024 at 05:30:29PM +0100, Oleksandr Natalenko wrote: > Hello. > > On čtvrtek 1. února 2024 2:40:57 CET Boqun Feng wrote: > > From: Zqiang <qiang.zhang1211@...il.com> > > > > For the kernels built with CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y and > > CONFIG_RCU_LAZY=y, the following scenarios will trigger WARN_ON_ONCE() > > in the rcu_nocb_bypass_lock() and rcu_nocb_wait_contended() functions: > > > > CPU2 CPU11 > > kthread > > rcu_nocb_cb_kthread ksys_write > > rcu_do_batch vfs_write > > rcu_torture_timer_cb proc_sys_write > > __kmem_cache_free proc_sys_call_handler > > kmemleak_free drop_caches_sysctl_handler > > delete_object_full drop_slab > > __delete_object shrink_slab > > put_object lazy_rcu_shrink_scan > > call_rcu rcu_nocb_flush_bypass > > __call_rcu_commn rcu_nocb_bypass_lock > > raw_spin_trylock(&rdp->nocb_bypass_lock) fail > > atomic_inc(&rdp->nocb_lock_contended); > > rcu_nocb_wait_contended WARN_ON_ONCE(smp_processor_id() != rdp->cpu); > > WARN_ON_ONCE(atomic_read(&rdp->nocb_lock_contended)) | > > |_ _ _ _ _ _ _ _ _ _same rdp and rdp->cpu != 11_ _ _ _ _ _ _ _ _ __| > > > > Reproduce this bug with "echo 3 > /proc/sys/vm/drop_caches". > > > > This commit therefore uses rcu_nocb_try_flush_bypass() instead of > > rcu_nocb_flush_bypass() in lazy_rcu_shrink_scan(). If the nocb_bypass > > queue is being flushed, then rcu_nocb_try_flush_bypass will return > > directly. > > > > Signed-off-by: Zqiang <qiang.zhang1211@...il.com> > > Reviewed-by: Joel Fernandes (Google) <joel@...lfernandes.org> > > Reviewed-by: Frederic Weisbecker <frederic@...nel.org> > > Reviewed-by: Paul E. McKenney <paulmck@...nel.org> > > Signed-off-by: Boqun Feng <boqun.feng@...il.com> > > --- > > kernel/rcu/tree_nocb.h | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/kernel/rcu/tree_nocb.h b/kernel/rcu/tree_nocb.h > > index 9e8052ba14b9..ffa69a5e18f4 100644 > > --- a/kernel/rcu/tree_nocb.h > > +++ b/kernel/rcu/tree_nocb.h > > @@ -1391,7 +1391,7 @@ lazy_rcu_shrink_scan(struct shrinker *shrink, struct shrink_control *sc) > > rcu_nocb_unlock_irqrestore(rdp, flags); > > continue; > > } > > - WARN_ON_ONCE(!rcu_nocb_flush_bypass(rdp, NULL, jiffies, false)); > > + rcu_nocb_try_flush_bypass(rdp, jiffies); > > rcu_nocb_unlock_irqrestore(rdp, flags); > > wake_nocb_gp(rdp, false); > > sc->nr_to_scan -= _count; > > > > Does this fix [1] [2]? > > Thank you. > > [1] https://bugzilla.kernel.org/show_bug.cgi?id=217948 > [2] https://lore.kernel.org/lkml/8461340f-c7c8-4e1e-b7fa-a0e4b9a6c2a8@gmail.com/ It might, but why not apply it to the exact kernel version on which the bug appeared and see if it prevents it? Thanx, Paul
Powered by blists - more mailing lists