Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp658485imm; Fri, 10 Aug 2018 19:52:33 -0700 (PDT) X-Google-Smtp-Source: AA+uWPwirDRg8UKATtSujPL33Sh34jt6kZuJGaSY0L/fDOhejNDWX5tbyntGXsVZfv9nVvsa2JXp X-Received: by 2002:a62:2ac8:: with SMTP id q191-v6mr9521059pfq.139.1533955953510; Fri, 10 Aug 2018 19:52:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533955953; cv=none; d=google.com; s=arc-20160816; b=ri0iVSpQwxgYNfmA5XXcTXHB855lZebFuNw1xPE0uLx8YGXlFL0PbR0y5qUYHfzDwc KCnH1AXCDDi7fmFJV5V9i36zdGE90/Z88hcLea8P2H8XqX+Ld+CjoPmWgicQcK+yhiJh EmaOc15UPND0w+C7/XJyCTmWpfWQF7kpEHscZDJPGPdyljvHWD9RyxAbVyCU7Zou9Sdi VqFHcnR3xeQ3XiIc+wTdgvySwEWO0IfD6cSulZNXn4FmAw8edzBkF03CkaHx1ghjWPB7 j3uAHJzYOaTklFO/iLMxPyrSuUVrgzDJebd6L3+O8tQiH/SoG/awECd9i58AK/bCX59a 2YGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=K5XlKV/QAHihOIEviQfcDoonh6RnTobjHNUXGks71RU=; b=R/keFKYKghScpjyclgXEegZP3M2cAz6JNgwCPOYUR0mM8KGlpIcCxRcDg0XERx2dNp 2D1N6ZcQaoDDngZzAjUpts2uiyBb5rGkg+MTwyPb4ckYs8bffY5W4i+ShSsq9Vbmkp0W b5OVEO1764Rz6u0sVZ6cl85xNf9OvyuhrIb1M2G8N5IctKaFijWF3lWCiirj8Sy62SgE uFHW+kiRwjraNP65WJOEqCnaKAM1jlUicBmYRgiUzsoB1DphpRA4GKrUd3avJX3qU0Ct zK3QIJFjsBwDQS4SAPs4AQHNvKuSKOv5cWS3RcOMt1kZZGIWrQLfKTcw7TFc6Kara+HV D2Bw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="X0/Fof96"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 184-v6si11572141pgb.587.2018.08.10.19.52.18; Fri, 10 Aug 2018 19:52:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="X0/Fof96"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727398AbeHKFXM (ORCPT + 99 others); Sat, 11 Aug 2018 01:23:12 -0400 Received: from mail-pg1-f194.google.com ([209.85.215.194]:35599 "EHLO mail-pg1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727115AbeHKFXM (ORCPT ); Sat, 11 Aug 2018 01:23:12 -0400 Received: by mail-pg1-f194.google.com with SMTP id w10-v6so5192213pgv.2 for ; Fri, 10 Aug 2018 19:50:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=K5XlKV/QAHihOIEviQfcDoonh6RnTobjHNUXGks71RU=; b=X0/Fof96bvaFUKCMg1x1xkgMhSNVFxtSvY26VlT1YoUIBFznVXsl2WNoXa7LwwGG8u kuDvd9Bn/v6oi0lctMoh5NXngV+6Z9Evkb0qgtZgIN7vpuXCde92oNxJ57VkJI4EJsf9 bHiXjQ60+1zNwSfRmwf7E9Mo9QDKvjFaNIOhnhsQNdPtiOV+RYxAhmylPu6MfeeRnFWX ydhfsPDUx1DCTg62B3jzAAQozFk2McwIR76jaN0YuQkL9ZVEGPBfVpW2DS4Xs07ZysuW qTjsmpsJYnHHy232QRJ7zdOmTyoMtXy3I0ayh3QVkKAuc3IeFkAvmq4ylTFy5wahQUry VgCQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=K5XlKV/QAHihOIEviQfcDoonh6RnTobjHNUXGks71RU=; b=VCYfgdS6+E4rOR/ejEknpibAWe139meD7kMXngkHjVEBCr5rJ+MMMQ59P1RL1yNx66 XIGFQHuximELEdahAaJrUO7gBIqJin39utOupjDZYzu2cDZxAS+oVmd2oWrScRCl6vmr lR/pma0zUQBjfCdZo0pIDWB8nK4cYHbcA90haB/7fuAHDzRxSDnmdmKVzzcof0NZai4D Y+3e4LuimBQIychXGpmqW04/4mCESW/08lnCdjCWUkW+M95epZ/8MRdS5x3gkpwl8g/F aXvRcz0/XRSjGFTfAQrB0Qp8ECMLUqi9id1M24+nlBWLJu+CfpJO6o4uSl1dW+9fdPRX qYXQ== X-Gm-Message-State: AOUpUlGqM5uU1RwrfnIikjBcsjrKOT4l6vVLl5YkB06zRKUkppjplCaq jLLkpspwk4n7CzzuwiVgvmvgsC16 X-Received: by 2002:a63:4106:: with SMTP id o6-v6mr8851346pga.453.1533955839469; Fri, 10 Aug 2018 19:50:39 -0700 (PDT) Received: from ?IPv6:2402:f000:1:1501:200:5efe:166.111.71.51? ([2402:f000:1:1501:200:5efe:a66f:4733]) by smtp.gmail.com with ESMTPSA id o21-v6sm18807773pfa.54.2018.08.10.19.50.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 10 Aug 2018 19:50:38 -0700 (PDT) Subject: Re: [PATCH] kernel: locking: rtmutex: Fix a possible sleep-in-atomic-context bug in rt_mutex_handle_deadlock() To: Steven Rostedt Cc: peterz@infradead.org, mingo@redhat.com, will.deacon@arm.com, linux-kernel@vger.kernel.org References: <20180811023524.13845-1-baijiaju1990@gmail.com> <20180811024456.ykccnkbdrac4nbem@home.goodmis.org> From: Jia-Ju Bai Message-ID: Date: Sat, 11 Aug 2018 10:50:33 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 MIME-Version: 1.0 In-Reply-To: <20180811024456.ykccnkbdrac4nbem@home.goodmis.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2018/8/11 10:44, Steven Rostedt wrote: > On Sat, Aug 11, 2018 at 10:35:24AM +0800, Jia-Ju Bai wrote: >> The driver may sleep with holding a spinlock. >> >> The function call paths (from bottom to top) in Linux-4.16 are: >> >> [FUNC] schedule >> kernel/locking/rtmutex.c, 1223: >> schedule in rt_mutex_handle_deadlock >> kernel/locking/rtmutex.c, 1273: >> rt_mutex_handle_deadlock in rt_mutex_slowlock >> kernel/locking/rtmutex.c, 1249: >> _raw_spin_lock_irqsave in rt_mutex_slowlock >> >> To fix the bug, the spinlock is released before schedule() and then acquired again. >> This is found by my static analysis tool (DSAC). >> >> Signed-off-by: Jia-Ju Bai >> --- >> kernel/locking/rtmutex.c | 6 ++++-- >> 1 file changed, 4 insertions(+), 2 deletions(-) >> >> diff --git a/kernel/locking/rtmutex.c b/kernel/locking/rtmutex.c >> index 2823d4163a37..af03e162f812 100644 >> --- a/kernel/locking/rtmutex.c >> +++ b/kernel/locking/rtmutex.c >> @@ -1205,7 +1205,7 @@ __rt_mutex_slowlock(struct rt_mutex *lock, int state, >> } >> >> static void rt_mutex_handle_deadlock(int res, int detect_deadlock, >> - struct rt_mutex_waiter *w) >> + struct rt_mutex_waiter *w, struct rt_mutex *lock) >> { >> /* >> * If the result is not -EDEADLOCK or the caller requested >> @@ -1219,8 +1219,10 @@ static void rt_mutex_handle_deadlock(int res, int detect_deadlock, >> */ >> rt_mutex_print_deadlock(w); >> while (1) { >> + raw_spin_unlock_irq(&lock->wait_lock); >> set_current_state(TASK_INTERRUPTIBLE); >> schedule(); >> + raw_spin_lock_irq(&lock->wait_lock); >> } > If you look at the code you will notice that it stops the task and never lets > it continue. Ever. > > If we hit this path, it means we are in a deadlock scenario and will not make > any forward progress. > > If anything, it should simply be: > > rt_mutex_print_deadlock(w); > + /* We're not going anywhere, release the wait_lock */ > + raw_spin_unlock_irq(&lock->wait_lock); > while (1) { > set_current_state(TASK_INTERRUPTIBLE); > schedule(); > } Thanks for your reply :) Okay, I will send a V2 patch. Best wishes, Jia-Ju Bai