| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091146-gyration-venue-01c3@gregkh>
Date: Thu, 11 Sep 2025 14:53:01 +0200
From: Greg KH <gregkh@...uxfoundation.org>
To: "wangtao (EQ)" <wangtao554@...wei.com>
Cc: stable@...r.kernel.org, mingo@...hat.com, peterz@...radead.org,
juri.lelli@...hat.com, vincent.guittot@...aro.org,
dietmar.eggemann@....com, rostedt@...dmis.org, bsegall@...gle.com,
mgorman@...e.de, bristot@...hat.com, tglx@...utronix.de,
frederic@...nel.org, linux-kernel@...r.kernel.org,
tanghui20@...wei.com, zhangqiao22@...wei.com
Subject: Re: [PATCH stable/linux-5.10.y] sched/core: Fix potential deadlock
on rq lock
On Thu, Sep 11, 2025 at 08:30:44PM +0800, wangtao (EQ) wrote:
>
> 在 2025/9/11 20:20, Greg KH 写道:
> > On Mon, Sep 08, 2025 at 08:42:30AM +0000, Wang Tao wrote:
> > > When CPU 1 enters the nohz_full state, and the kworker on CPU 0 executes
> > > the function sched_tick_remote, holding the lock on CPU1's rq
> > > and triggering the warning WARN_ON_ONCE(delta > (u64)NSEC_PER_SEC * 3).
> > > This leads to the process of printing the warning message, where the
> > > console_sem semaphore is held. At this point, the print task on the
> > > CPU1's rq cannot acquire the console_sem and joins the wait queue,
> > > entering the UNINTERRUPTIBLE state. It waits for the console_sem to be
> > > released and then wakes up. After the task on CPU 0 releases
> > > the console_sem, it wakes up the waiting console_sem task.
> > > In try_to_wake_up, it attempts to acquire the lock on CPU1's rq again,
> > > resulting in a deadlock.
> > >
> > > The triggering scenario is as follows:
> > >
> > > CPU 0 CPU1
> > > sched_tick_remote
> > > WARN_ON_ONCE(delta > (u64)NSEC_PER_SEC * 3)
> > >
> > > report_bug con_write
> > > printk
> > >
> > > console_unlock
> > > do_con_write
> > > console_lock
> > > down(&console_sem)
> > > list_add_tail(&waiter.list, &sem->wait_list);
> > > up(&console_sem)
> > > wake_up_q(&wake_q)
> > > try_to_wake_up
> > > __task_rq_lock
> > > _raw_spin_lock
> > >
> > > This patch fixes the issue by deffering all printk console printing
> > > during the lock holding period.
> > >
> > > Fixes: d84b31313ef8 ("sched/isolation: Offload residual 1Hz scheduler tick")
> > > Signed-off-by: Wang Tao <wangtao554@...wei.com>
> > > ---
> > > kernel/sched/core.c | 2 ++
> > > 1 file changed, 2 insertions(+)
> > >
> > > diff --git a/kernel/sched/core.c b/kernel/sched/core.c
> > > index 40f40f359c5d..fd2c83058ec2 100644
> > > --- a/kernel/sched/core.c
> > > +++ b/kernel/sched/core.c
> > > @@ -4091,6 +4091,7 @@ static void sched_tick_remote(struct work_struct *work)
> > > goto out_requeue;
> > > rq_lock_irq(rq, &rf);
> > > + printk_deferred_enter();
> > > curr = rq->curr;
> > > if (cpu_is_offline(cpu))
> > > goto out_unlock;
> > > @@ -4109,6 +4110,7 @@ static void sched_tick_remote(struct work_struct *work)
> > > calc_load_nohz_remote(rq);
> > > out_unlock:
> > > + printk_deferred_exit();
> > > rq_unlock_irq(rq, &rf);
> > > out_requeue:
> > > --
> > > 2.34.1
> > >
> > >
> Sorry, we initially discovered the issue while testing the stable branch,
> and it seems that the mainline has the same problem, but I haven't submitted
> a patch yet.
That is required for us to be able to take a patch into the stable
trees, thanks.
greg k-h
Powered by blists - more mailing lists