lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <k4awh5dgzdd3dp3wmyl3z3a7w6nhoo6pszgeflbnbtdyxz47yd@ir5cgbvypdct>
Date: Wed, 26 Nov 2025 06:13:19 -0800
From: Breno Leitao <leitao@...ian.org>
To: glider@...gle.com, elver@...gle.com, dvyukov@...gle.com
Cc: usamaarif642@...il.com, leo.yan@....com, 
	linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org, kernel-team@...a.com, 
	rmikey@...a.com, john.ogness@...utronix.de, pmladek@...e.com, 
	linux@...linux.org.uk, paulmck@...nel.org, kasan-dev@...glegroups.com
Subject: Re: CSD lockup during kexec due to unbounded busy-wait in
 pl011_console_write_atomic (arm64)

On Tue, Nov 25, 2025 at 08:02:16AM -0800, Breno Leitao wrote:
> 6. Meanwhile, kfence's toggle_allocation_gate() on another CPU attempts to
> perform a synchronous operation across all CPUs, which correctly triggers a CSD
> lock timeout because CPU#0 is stuck in the busy loop with IRQs disabled.
 
I've hacked a patch to disable kfence IPIs during machine shutdown, and
with it loaded, I don't reproduce the problem described in this thread.

	Author: Breno Leitao <leitao@...ian.org>
	Date:   Tue Nov 25 07:21:55 2025 -0800

	mm/kfence: add reboot notifier to disable KFENCE on shutdown
	
	Register a reboot notifier to disable KFENCE and cancel any pending
	timer work during system shutdown. This prevents potential IPI
	synchronization issues that can occur when KFENCE is active during
	the reboot process.
	
	The notifier runs with high priority (INT_MAX) to ensure KFENCE is
	disabled early in the shutdown sequence.
	
	Signed-off-by: Breno Leitao <leitao@...ian.org>

	diff --git a/mm/kfence/core.c b/mm/kfence/core.c
	index 727c20c94ac5..5810afaaf6b4 100644
	--- a/mm/kfence/core.c
	+++ b/mm/kfence/core.c
	@@ -26,6 +26,7 @@
	#include <linux/panic_notifier.h>
	#include <linux/random.h>
	#include <linux/rcupdate.h>
	+#include <linux/reboot.h>
	#include <linux/sched/clock.h>
	#include <linux/seq_file.h>
	#include <linux/slab.h>
	@@ -819,6 +820,21 @@ static struct notifier_block kfence_check_canary_notifier = {
	
	static struct delayed_work kfence_timer;
	
	+static int kfence_reboot_callback(struct notifier_block *nb,
	+				  unsigned long action, void *data)
	+{
	+	/* Disable KFENCE to avoid IPI synchronization during shutdown */
	+	WRITE_ONCE(kfence_enabled, false);
	+	/* Cancel any pending timer work */
	+	cancel_delayed_work_sync(&kfence_timer);
	+	return NOTIFY_OK;
	+}
	+
	+static struct notifier_block kfence_reboot_notifier = {
	+	.notifier_call = kfence_reboot_callback,
	+	.priority = INT_MAX, /* Run early to stop timers ASAP */
	+};
	+
	#ifdef CONFIG_KFENCE_STATIC_KEYS
	/* Wait queue to wake up allocation-gate timer task. */
	static DECLARE_WAIT_QUEUE_HEAD(allocation_wait);
	@@ -901,6 +917,8 @@ static void kfence_init_enable(void)
		if (kfence_check_on_panic)
			atomic_notifier_chain_register(&panic_notifier_list, &kfence_check_canary_notifier);
	
	+	register_reboot_notifier(&kfence_reboot_notifier);
	+
		WRITE_ONCE(kfence_enabled, true);
		queue_delayed_work(system_unbound_wq, &kfence_timer, 0);
 

Alexander, Marco and Kasan maintainers:

What is the potential impact of disabling KFENCE during reboot
procedures?

The primary motivation is to avoid triggering IPIs during the machine
teardown process, mainly when the nbconsole is not running in threaded
mode.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ