[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Z_PJwt_d9ISuZJBr@kernel.org>
Date: Mon, 7 Apr 2025 15:49:06 +0300
From: Jarkko Sakkinen <jarkko@...nel.org>
To: Marek Szyprowski <m.szyprowski@...sung.com>
Cc: keyrings@...r.kernel.org, Jarkko Sakkinen <jarkko.sakkinen@...nsys.com>,
stable@...r.kernel.org, David Howells <dhowells@...hat.com>,
Lukas Wunner <lukas@...ner.de>,
Ignat Korchagin <ignat@...udflare.com>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
Peter Huewe <peterhuewe@....de>, Jason Gunthorpe <jgg@...pe.ca>,
Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
James Bottomley <James.Bottomley@...senpartnership.com>,
Mimi Zohar <zohar@...ux.ibm.com>, linux-crypto@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-integrity@...r.kernel.org,
linux-security-module@...r.kernel.org
Subject: Re: [PATCH v7] KEYS: Add a list for unreferenced keys
On Mon, Apr 07, 2025 at 02:42:34PM +0200, Marek Szyprowski wrote:
> On 07.04.2025 14:08, Jarkko Sakkinen wrote:
> > On Mon, Apr 07, 2025 at 02:23:49PM +0300, Jarkko Sakkinen wrote:
> >> On Mon, Apr 07, 2025 at 12:25:11PM +0200, Marek Szyprowski wrote:
> >>> On 07.04.2025 04:39, Jarkko Sakkinen wrote:
> >>>> From: Jarkko Sakkinen <jarkko.sakkinen@...nsys.com>
> >>>>
> >>>> Add an isolated list of unreferenced keys to be queued for deletion, and
> >>>> try to pin the keys in the garbage collector before processing anything.
> >>>> Skip unpinnable keys.
> >>>>
> >>>> Use this list for blocking the reaping process during the teardown:
> >>>>
> >>>> 1. First off, the keys added to `keys_graveyard` are snapshotted, and the
> >>>> list is flushed. This the very last step in `key_put()`.
> >>>> 2. `key_put()` reaches zero. This will mark key as busy for the garbage
> >>>> collector.
> >>>> 3. `key_garbage_collector()` will try to increase refcount, which won't go
> >>>> above zero. Whenever this happens, the key will be skipped.
> >>>>
> >>>> Cc: stable@...r.kernel.org # v6.1+ Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@...nsys.com>
> >>> This patch landed in today's linux-next as commit b0d023797e3e ("keys:
> >>> Add a list for unreferenced keys"). In my tests I found that it triggers
> >>> the following lockdep issue:
> >>>
> >>> ================================
> >>> WARNING: inconsistent lock state
> >>> 6.15.0-rc1-next-20250407 #15630 Not tainted
> >>> --------------------------------
> >>> inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
> >>> ksoftirqd/3/32 [HC0[0]:SC1[1]:HE1:SE0] takes:
> >>> c13fdd68 (key_serial_lock){+.?.}-{2:2}, at: key_put+0x74/0x128
> >>> {SOFTIRQ-ON-W} state was registered at:
> >>> lock_acquire+0x134/0x384
> >>> _raw_spin_lock+0x38/0x48
> >>> key_alloc+0x2fc/0x4d8
> >>> keyring_alloc+0x40/0x90
> >>> system_trusted_keyring_init+0x50/0x7c
> >>> do_one_initcall+0x68/0x314
> >>> kernel_init_freeable+0x1c0/0x224
> >>> kernel_init+0x1c/0x12c
> >>> ret_from_fork+0x14/0x28
> >>> irq event stamp: 234
> >>> hardirqs last enabled at (234): [<c0cb7060>]
> >>> _raw_spin_unlock_irqrestore+0x5c/0x60
> >>> hardirqs last disabled at (233): [<c0cb6dd0>]
> >>> _raw_spin_lock_irqsave+0x64/0x68
> >>> softirqs last enabled at (42): [<c013bcd8>] handle_softirqs+0x328/0x520
> >>> softirqs last disabled at (47): [<c013bf10>] run_ksoftirqd+0x40/0x68
> >> OK what went to -next went there by accident and has been removed,
> >> sorry. I think it was like the very first version of this patch.
> >>
> >> Thanks for informing anyhow!
> >
> > Testing branch: https://web.git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/log/?h=keys-graveyard
> >
> > I updated my next this morning so should be fixed soon...
>
> I've just checked that branch and it still triggers lockdep issue. The
> following change is needed to get it fixed:
>
> diff --git a/security/keys/gc.c b/security/keys/gc.c
> index 0a3beb68633c..b22dc93eb4b4 100644
> --- a/security/keys/gc.c
> +++ b/security/keys/gc.c
> @@ -302,9 +302,9 @@ static void key_garbage_collector(struct work_struct
> *work)
> key_schedule_gc(new_timer);
> }
>
> - spin_lock(&key_graveyard_lock);
> + spin_lock_irqsave(&key_graveyard_lock, flags);
> list_splice_init(&key_graveyard, &graveyard);
> - spin_unlock(&key_graveyard_lock);
> + spin_unlock_irqrestore(&key_graveyard_lock, flags);
>
> if (unlikely(gc_state & KEY_GC_REAPING_DEAD_2) ||
> !list_empty(&graveyard)) {
Oh, it used to be liked this. I managed to mess things up during rebase:
https://lore.kernel.org/keyrings/Z-682XjIjxjAZ9j-@kernel.org/T/#m4a0db2526abb549df3871dec23056350556d4556
Thanks for spotting this, I'll revert it how it used to be in v4.
>
> Best regards
> --
> Marek Szyprowski, PhD
> Samsung R&D Institute Poland
>
>
BR, Jarkko
Powered by blists - more mailing lists