Re: [locks] 6d390e4b5d: will-it-scale.per_process_ops -96.6% regression

From: yangerkun
Date: Tue Mar 17 2020 - 10:05:28 EST

Next message: Mauro Carvalho Chehab: "Re: [PATCH 04/12] docs: dt: fix references to m_can.txt file"
Previous message: Andrew Lunn: "Re: [PATCH v1 1/7] mdio_bus: Introduce fwnode MDIO helpers"
In reply to: yangerkun: "Re: [locks] 6d390e4b5d: will-it-scale.per_process_ops -96.6% regression"
Next in thread: Jeff Layton: "Re: [locks] 6d390e4b5d: will-it-scale.per_process_ops -96.6% regression"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2020/3/17 9:41, yangerkun wrote:

On 2020/3/17 1:26, Linus Torvalds wrote:

On Mon, Mar 16, 2020 at 4:07 AM Jeff Layton <jlayton@xxxxxxxxxx> wrote:

+ÂÂÂÂÂÂ /*
+ÂÂÂÂÂÂÂ * If fl_blocker is NULL, it won't be set again as this thread "owns"
+ÂÂÂÂÂÂÂ * the lock and is the only one that might try to claim the lock.
+ÂÂÂÂÂÂÂ * Because fl_blocker is explicitly set last during a delete, it's
+ÂÂÂÂÂÂÂ * safe to locklessly test to see if it's NULL. If it is, then we know
+ÂÂÂÂÂÂÂ * that no new locks can be inserted into its fl_blocked_requests list,
+ÂÂÂÂÂÂÂ * and we can therefore avoid doing anything further as long as that
+ÂÂÂÂÂÂÂ * list is empty.
+ÂÂÂÂÂÂÂ */
+ÂÂÂÂÂÂ if (!smp_load_acquire(&waiter->fl_blocker) &&
+ÂÂÂÂÂÂÂÂÂÂ list_empty(&waiter->fl_blocked_requests))
+ÂÂÂÂÂÂÂÂÂÂÂÂÂÂ return status;

Ack. This looks sane to me now.

yangerkun - how did you find the original problem?\

While try to fix CVE-2019-19769, add some log in __locks_wake_up_blocks help me to rebuild the problem soon. This help me to discern the problem soon.

Would you mind using whatever stress test that caused commit
6d390e4b5d48 ("locks: fix a potential use-after-free problem when
wakeup a waiter") with this patch? And if you did it analytically,
you're a champ and should look at this patch too!

I will try to understand this patch, and if it's looks good to me, will do the performance test!

This patch looks good to me, with this patch, the bug '6d390e4b5d48 ("locks: fix a potential use-after-free problem when wakeup a waiter")' describes won't happen again. Actually, I find that syzkaller has report this bug before[1], and the log of it can help us to reproduce it with some latency in __locks_wake_up_blocks!

Also, some ltp testcases describes in [2] pass too with the patch!

For performance test, I have try to understand will-it-scale/lkp, but it seem a little complex to me, and may need some more time. So, Rong Chen, can you help to do this? Or the results may come a little later...

Thanks,
----
[1] https://syzkaller.appspot.com/bug?extid=922689db06e57b69c240
[2] https://lkml.org/lkml/2020/3/11/578

Next message: Mauro Carvalho Chehab: "Re: [PATCH 04/12] docs: dt: fix references to m_can.txt file"
Previous message: Andrew Lunn: "Re: [PATCH v1 1/7] mdio_bus: Introduce fwnode MDIO helpers"
In reply to: yangerkun: "Re: [locks] 6d390e4b5d: will-it-scale.per_process_ops -96.6% regression"
Next in thread: Jeff Layton: "Re: [locks] 6d390e4b5d: will-it-scale.per_process_ops -96.6% regression"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]