lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <377bfc52-db94-4d76-ab47-8076933bc7e7@samsung.com>
Date: Mon, 7 Apr 2025 14:42:34 +0200
From: Marek Szyprowski <m.szyprowski@...sung.com>
To: Jarkko Sakkinen <jarkko@...nel.org>
Cc: keyrings@...r.kernel.org, Jarkko Sakkinen <jarkko.sakkinen@...nsys.com>,
	stable@...r.kernel.org, David Howells <dhowells@...hat.com>, Lukas Wunner
	<lukas@...ner.de>, Ignat Korchagin <ignat@...udflare.com>, Herbert Xu
	<herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net>,
	Peter Huewe <peterhuewe@....de>, Jason Gunthorpe <jgg@...pe.ca>, Paul Moore
	<paul@...l-moore.com>, James Morris <jmorris@...ei.org>, "Serge E. Hallyn"
	<serge@...lyn.com>, James Bottomley <James.Bottomley@...senpartnership.com>,
	Mimi Zohar <zohar@...ux.ibm.com>, linux-crypto@...r.kernel.org,
	linux-kernel@...r.kernel.org, linux-integrity@...r.kernel.org,
	linux-security-module@...r.kernel.org
Subject: Re: [PATCH v7] KEYS: Add a list for unreferenced keys

On 07.04.2025 14:08, Jarkko Sakkinen wrote:
> On Mon, Apr 07, 2025 at 02:23:49PM +0300, Jarkko Sakkinen wrote:
>> On Mon, Apr 07, 2025 at 12:25:11PM +0200, Marek Szyprowski wrote:
>>> On 07.04.2025 04:39, Jarkko Sakkinen wrote:
>>>> From: Jarkko Sakkinen <jarkko.sakkinen@...nsys.com>
>>>>
>>>> Add an isolated list of unreferenced keys to be queued for deletion, and
>>>> try to pin the keys in the garbage collector before processing anything.
>>>> Skip unpinnable keys.
>>>>
>>>> Use this list for blocking the reaping process during the teardown:
>>>>
>>>> 1. First off, the keys added to `keys_graveyard` are snapshotted, and the
>>>>      list is flushed. This the very last step in `key_put()`.
>>>> 2. `key_put()` reaches zero. This will mark key as busy for the garbage
>>>>      collector.
>>>> 3. `key_garbage_collector()` will try to increase refcount, which won't go
>>>>      above zero. Whenever this happens, the key will be skipped.
>>>>
>>>> Cc: stable@...r.kernel.org # v6.1+ Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@...nsys.com>
>>> This patch landed in today's linux-next as commit b0d023797e3e ("keys:
>>> Add a list for unreferenced keys"). In my tests I found that it triggers
>>> the following lockdep issue:
>>>
>>> ================================
>>> WARNING: inconsistent lock state
>>> 6.15.0-rc1-next-20250407 #15630 Not tainted
>>> --------------------------------
>>> inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
>>> ksoftirqd/3/32 [HC0[0]:SC1[1]:HE1:SE0] takes:
>>> c13fdd68 (key_serial_lock){+.?.}-{2:2}, at: key_put+0x74/0x128
>>> {SOFTIRQ-ON-W} state was registered at:
>>>     lock_acquire+0x134/0x384
>>>     _raw_spin_lock+0x38/0x48
>>>     key_alloc+0x2fc/0x4d8
>>>     keyring_alloc+0x40/0x90
>>>     system_trusted_keyring_init+0x50/0x7c
>>>     do_one_initcall+0x68/0x314
>>>     kernel_init_freeable+0x1c0/0x224
>>>     kernel_init+0x1c/0x12c
>>>     ret_from_fork+0x14/0x28
>>> irq event stamp: 234
>>> hardirqs last  enabled at (234): [<c0cb7060>]
>>> _raw_spin_unlock_irqrestore+0x5c/0x60
>>> hardirqs last disabled at (233): [<c0cb6dd0>]
>>> _raw_spin_lock_irqsave+0x64/0x68
>>> softirqs last  enabled at (42): [<c013bcd8>] handle_softirqs+0x328/0x520
>>> softirqs last disabled at (47): [<c013bf10>] run_ksoftirqd+0x40/0x68
>> OK what went to -next went there by accident and has been removed,
>> sorry. I think it was like the very first version of this patch.
>>
>> Thanks for informing anyhow!
>
> Testing branch: https://web.git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/log/?h=keys-graveyard
>
> I updated my next this morning so should be fixed soon...

I've just checked that branch and it still triggers lockdep issue. The 
following change is needed to get it fixed:

diff --git a/security/keys/gc.c b/security/keys/gc.c
index 0a3beb68633c..b22dc93eb4b4 100644
--- a/security/keys/gc.c
+++ b/security/keys/gc.c
@@ -302,9 +302,9 @@ static void key_garbage_collector(struct work_struct 
*work)
                 key_schedule_gc(new_timer);
         }

-       spin_lock(&key_graveyard_lock);
+       spin_lock_irqsave(&key_graveyard_lock, flags);
         list_splice_init(&key_graveyard, &graveyard);
-       spin_unlock(&key_graveyard_lock);
+       spin_unlock_irqrestore(&key_graveyard_lock, flags);

         if (unlikely(gc_state & KEY_GC_REAPING_DEAD_2) ||
             !list_empty(&graveyard)) {

Best regards
-- 
Marek Szyprowski, PhD
Samsung R&D Institute Poland

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ