| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240913104752.GU4723@noisy.programming.kicks-ass.net>
Date: Fri, 13 Sep 2024 12:47:52 +0200
From: Peter Zijlstra <peterz@...radead.org>
To: "Paul E. McKenney" <paulmck@...nel.org>
Cc: linux-kernel@...r.kernel.org, linux-perf-users@...r.kernel.org,
kan.liang@...ux.intel.com, mingo@...hat.com, acme@...nel.org,
namhyung@...nel.org, mark.rutland@....com,
alexander.shishkin@...ux.intel.com, jolsa@...nel.org,
irogers@...gle.com, adrian.hunter@...el.com
Subject: Re: [BUG BISECTED] Missing RCU reader in perf_event_setup_cpumask()
On Fri, Sep 13, 2024 at 01:00:44AM -0700, Paul E. McKenney wrote:
> Hello!
>
> On next-20240912 running rcutorture scenario TREE05, I see this
> deterministically:
>
> [ 32.603233] =============================
> [ 32.604594] WARNING: suspicious RCU usage
> [ 32.605928] 6.11.0-rc5-00040-g4ba4f1afb6a9 #55238 Not tainted
> [ 32.607812] -----------------------------
> [ 32.609140] kernel/events/core.c:13946 RCU-list traversed in non-reader section!!
> [ 32.611595]
> [ 32.611595] other info that might help us debug this:
> [ 32.611595]
> [ 32.614247]
> [ 32.614247] rcu_scheduler_active = 2, debug_locks = 1
> [ 32.616392] 3 locks held by cpuhp/4/35:
> [ 32.617687] #0: ffffffffb666a650 (cpu_hotplug_lock){++++}-{0:0}, at: cpuhp_thread_fun+0x4e/0x200
> [ 32.620563] #1: ffffffffb666cd20 (cpuhp_state-down){+.+.}-{0:0}, at: cpuhp_thread_fun+0x4e/0x200
> [ 32.623412] #2: ffffffffb677c288 (pmus_lock){+.+.}-{3:3}, at: perf_event_exit_cpu_context+0x32/0x2f0
> [ 32.626399]
> [ 32.626399] stack backtrace:
> [ 32.627848] CPU: 4 UID: 0 PID: 35 Comm: cpuhp/4 Not tainted 6.11.0-rc5-00040-g4ba4f1afb6a9 #55238
> [ 32.628832] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
> [ 32.628832] Call Trace:
> [ 32.628832] <TASK>
> [ 32.628832] dump_stack_lvl+0x83/0xa0
> [ 32.628832] lockdep_rcu_suspicious+0x143/0x1a0
> [ 32.628832] perf_event_exit_cpu_context+0x2e5/0x2f0
> [ 32.628832] ? __pfx_perf_event_exit_cpu+0x10/0x10
> [ 32.628832] perf_event_exit_cpu+0x9/0x10
> [ 32.628832] cpuhp_invoke_callback+0x130/0x2a0
> [ 32.628832] ? lock_release+0xc7/0x290
> [ 32.628832] ? cpuhp_thread_fun+0x4e/0x200
> [ 32.628832] cpuhp_thread_fun+0x183/0x200
> [ 32.628832] smpboot_thread_fn+0xd8/0x1d0
> [ 32.628832] ? __pfx_smpboot_thread_fn+0x10/0x10
> [ 32.628832] kthread+0xd4/0x100
> [ 32.628832] ? __pfx_kthread+0x10/0x10
> [ 32.628832] ret_from_fork+0x2f/0x50
> [ 32.628832] ? __pfx_kthread+0x10/0x10
> [ 32.628832] ret_from_fork_asm+0x1a/0x30
> [ 32.628832] </TASK>
>
> I bisected this to:
>
> 4ba4f1afb6a9 ("perf: Generic hotplug support for a PMU with a scope")
>
> This adds a perf_event_setup_cpumask() function that uses
> list_for_each_entry_rcu() without an obvious RCU read-side critical
> section, so the fix might be as simple as adding rcu_read_lock() and
> rcu_read_unlock(). In the proper places, of course. ;-)
IIRC that condition should be:
lockdep_is_held(&pmus_srcu) || lockdep_is_held(&pmus_lock)
And at this pooint we actually do hold pmus_lock.
But that all begs the question why we're using RCU iteration here to
begin with, as this code seems to be only called from this context.
Kan, is the simple fix to do:
- list_for_each_entry_rcu(pmu, &pmus, entry, lockdep_is_held(&pmus_srcu)) {
+ list_for_each_entry(pmu, &pmus, entry) {
?
Powered by blists - more mailing lists