[PATCH v2] workqueue: don't skip lockdep work dependency in cancel_work_sync()

From: Tetsuo Handa
Date: Thu Jul 28 2022 - 22:54:27 EST

Next message: Miaohe Lin: "Re: [RFC PATCH v4 6/8] hugetlb: add vma based lock for pmd sharing synchronization"
Previous message: Alistair Popple: "Re: [PATCH] mm: Re-allow pinning of zero pfns"
In reply to: Tetsuo Handa: "Re: [PATCH] workqueue: don't skip lockdep wq dependency in cancel_work_sync()"
Next in thread: Tetsuo Handa: "[PATCH v3] workqueue: don't skip lockdep work dependency in cancel_work_sync()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Like Hillf Danton mentioned

syzbot should have been able to catch cancel_work_sync() in work context
by checking lockdep_map in __flush_work() for both flush and cancel.

in [1], being unable to report an obvious deadlock scenario shown below is
broken. From locking dependency perspective, sync version of cancel request
should behave as if flush request, for it waits for completion of work if
that work has already started execution.

----------
#include <linux/module.h>
#include <linux/sched.h>
static DEFINE_MUTEX(mutex);
static void work_fn(struct work_struct *work)
{
schedule_timeout_uninterruptible(HZ / 5);
mutex_lock(&mutex);
mutex_unlock(&mutex);
}
static DECLARE_WORK(work, work_fn);
static int __init test_init(void)
{
schedule_work(&work);
schedule_timeout_uninterruptible(HZ / 10);
mutex_lock(&mutex);
cancel_work_sync(&work);
mutex_unlock(&mutex);
return -EINVAL;
}
module_init(test_init);
MODULE_LICENSE("GPL");
----------

Link: https://lkml.kernel.org/r/20220504044800.4966-1-hdanton@xxxxxxxx [1]
Reported-by: Hillf Danton <hdanton@xxxxxxxx>
Fixes: 87915adc3f0acdf0 ("workqueue: re-add lockdep dependencies for flushing")
Cc: Johannes Berg <johannes.berg@xxxxxxxxx>
Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
---
Changes in v2:
Check work's dependency and do not check workqueue's dependency.

kernel/workqueue.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/kernel/workqueue.c b/kernel/workqueue.c
index 1ea50f6be843..01c5abf7fc61 100644
--- a/kernel/workqueue.c
+++ b/kernel/workqueue.c
@@ -3066,10 +3066,8 @@ static bool __flush_work(struct work_struct *work, bool from_cancel)
if (WARN_ON(!work->func))
return false;

- if (!from_cancel) {
- lock_map_acquire(&work->lockdep_map);
- lock_map_release(&work->lockdep_map);
- }
+ lock_map_acquire(&work->lockdep_map);
+ lock_map_release(&work->lockdep_map);

if (start_flush_work(work, &barr, from_cancel)) {
wait_for_completion(&barr.done);
--
2.18.4

Next message: Miaohe Lin: "Re: [RFC PATCH v4 6/8] hugetlb: add vma based lock for pmd sharing synchronization"
Previous message: Alistair Popple: "Re: [PATCH] mm: Re-allow pinning of zero pfns"
In reply to: Tetsuo Handa: "Re: [PATCH] workqueue: don't skip lockdep wq dependency in cancel_work_sync()"
Next in thread: Tetsuo Handa: "[PATCH v3] workqueue: don't skip lockdep work dependency in cancel_work_sync()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]