Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp1379833imm; Thu, 4 Oct 2018 12:38:39 -0700 (PDT) X-Google-Smtp-Source: ACcGV62rmKlynPOLlxCVZs25wJXl+g6Ijn3/QAHkOrmrCXrMBSeXBLPqBitO7KR34Ad8aIHEEL9C X-Received: by 2002:a17:902:b198:: with SMTP id s24-v6mr7763042plr.70.1538681919677; Thu, 04 Oct 2018 12:38:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538681919; cv=none; d=google.com; s=arc-20160816; b=S4MjMLIy4C2nRLKr9sZ/IXiVFuXu668Z6jhJB3zRrBJwanBbO6gZvupARg93F8iOpm /w3lud3tCKWx4p4n/8aPzXpDS/dsU462tEa3qaOJntIm5WDTPbeqa+3E/JMcgzmwGWAX LHxW8Csobf29lYI6xpBLK9+QkpRB8YLUMHjINKjq4hd0Pw0vG1T35j30aDsq2IuYic15 aP2TauQWmf6P35LfECjXOMNnM4CJJtZ4eg/4vYAmNwNY2MktZlc9hnyRDkFRTbCzC965 QmZCTOG2GdknQ/GdB5SR4p6R4AF8rSoaJj5Ac3w4BhXaxO631+2aXPNwWsqoHvTa5PC/ +kEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:from:cc:to:subject :content-transfer-encoding:mime-version:references:in-reply-to :user-agent:date:dkim-signature; bh=XPVQB4kd5mn3ThSlhxyms94NTJzTyj9C96LKEJUkSXA=; b=thSa7+9HVA/9jY4jA5c0ZKvXzY7MZghC+PuPVhEIEMJcYpK+KnVfQt3vcB8HnISnk/ sZ/84j2UC70eRoZxSPQsW9HCJiIyVBkhALDNV55HLoVDP08+113WX0663jGAvjOPBked yqZA0foLhpufvsK9Z6m4kh2XAVFa/R5rPpW0TqxNIcrbf0vHrAZjYSMMT2cIIDslDSed PBJ4ZC1PPNfclJxniBDp8d9oYou9uQlDg4zLkQI5gnYAR9xrFhPpBdQsawkcahLlftj5 ewxL8CaJzk3Tg14eWEzny92mnD+/QmWsXpNmAZhdf6ZgRvslryyiwLPu82M+b5a7KK+6 yULQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b="WKV/QcBp"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g35-v6si4973197pgm.514.2018.10.04.12.38.24; Thu, 04 Oct 2018 12:38:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b="WKV/QcBp"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727739AbeJECcx (ORCPT + 99 others); Thu, 4 Oct 2018 22:32:53 -0400 Received: from mail-pf1-f194.google.com ([209.85.210.194]:46571 "EHLO mail-pf1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727646AbeJECcx (ORCPT ); Thu, 4 Oct 2018 22:32:53 -0400 Received: by mail-pf1-f194.google.com with SMTP id r64-v6so3852734pfb.13; Thu, 04 Oct 2018 12:38:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:user-agent:in-reply-to:references:mime-version :content-transfer-encoding:subject:to:cc:from:message-id; bh=XPVQB4kd5mn3ThSlhxyms94NTJzTyj9C96LKEJUkSXA=; b=WKV/QcBphpjFCearY14qC8TZNKJ/j+JMBDnPbZucSS8BDi6qNOFdIl9Wkz1U6Zd8hd FX+ldBX7aRiDfs5ofVpBjuN1gDOt8q0YGOBly92GRjq5/hWGIq7ZDLgLRzwKp0vixZGJ ZobigHnjozqpYpzrjDXJBNMvm/5PntFNT3ypAHBmy5V95ko3c85fadMVMwsvljGPcDUj 2cSImtwBFRn/qxalpvCaw7HDNirEH1LTlsoZg9NadZL/KIi/OCXrXrozCPxAX4tJPlB1 sTfBBPRGxx/17du42eUQGjeOxGmtJfludpYJStLvRwNPGzpKK9XOF5g8JAcc3XuYQ+z0 ch4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:user-agent:in-reply-to:references :mime-version:content-transfer-encoding:subject:to:cc:from :message-id; bh=XPVQB4kd5mn3ThSlhxyms94NTJzTyj9C96LKEJUkSXA=; b=c2qZF0ZxbgaoqtvxScgnar5/og3K77+aoSQ+PlZ8XtfGtZJpXNS09OzB/dOymx1ye1 xP+cq0wuGEXENJbR+GW4sIahzUSS7mOmoMJeaIyKOicnk0WSOA+C0/2JS3+uMTVbmXtA vm4XG2CeiANVv2wXPoIKIgh4K+SB8ru3AYe5wyBwjmhIawLMhfO06xmaleZJ0Y3RfmXr u0c8sLRzBscImhbHLMOQyI8qPCWzZL5qA8WqUBHFtBRzoqs3VqsXtr2I8HVhzq55U4Z5 WjGKVLxPCLlfGVRKy3gt5N90TlDdBKHE3LT0GpoupQ13f+ZG86I79FuaEoaHSUVL8c6K umZw== X-Gm-Message-State: ABuFfogV15++YhX1gR5n30LlVswPO7+5x/MGKDsRoBERHF2lnHLEBpIq JGhj4eN268CtZyExhTxciIbS4/8j X-Received: by 2002:a62:8f0c:: with SMTP id n12-v6mr8344761pfd.172.1538681889144; Thu, 04 Oct 2018 12:38:09 -0700 (PDT) Received: from ?IPv6:2620:0:1000:fd28:2c8f:9cc8:6674:4e3e? ([2620:0:1000:fd28:2c8f:9cc8:6674:4e3e]) by smtp.gmail.com with ESMTPSA id y9-v6sm7624166pfn.123.2018.10.04.12.38.07 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 04 Oct 2018 12:38:07 -0700 (PDT) Date: Thu, 04 Oct 2018 12:38:02 -0700 User-Agent: K-9 Mail for Android In-Reply-To: References: <20181004154749.111595-1-edumazet@google.com> <20181004185949.GA233675@dtor-ws> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [PATCH] Input: mousedev - add a schedule point in mousedev_write() To: Eric Dumazet CC: LKML , Eric Dumazet , linux-input@vger.kernel.org, "Paul E. McKenney" From: Dmitry Torokhov Message-ID: <30074728-D1C4-46D4-8BF5-6AB8ECAE3EBD@gmail.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On October 4, 2018 12:28:56 PM PDT, Eric Dumazet wr= ote: >On Thu, Oct 4, 2018 at 11:59 AM Dmitry Torokhov > wrote: >> >> Hi Eric, >> >> On Thu, Oct 04, 2018 at 08:47:49AM -0700, Eric Dumazet wrote: >> > syzbot was able to trigger rcu stalls by calling write() >> > with large number of bytes=2E >> > >> > Add a cond_resched() in the loop to avoid this=2E >> >> I think this simply masks a deeper issue=2E The code fetches characters >> from userspace in a loop, takes a lock, quickly places response in an >> output buffer, and releases interrupt=2E I do not see why this should >> cause stalls as we do not hold spinlock/interrupts off for extended >> period of time=2E >> >> Adding Paul so he can straighten me out=2E=2E=2E >> > >Well=2E=2E=2E > >write(fd, buffer, 0x7FFF0000); > >Takes between 20 seconds and 2 minutes depending on CONFIG options =2E=2E= =2E=2E That's fine even if it takes a couple of years=2E We are not holding spinl= ock for the entirety of this time, so we should get bumped off CPU at some = point=2E > >So either apply my patch, or add a limit on the max count, and >possibly break legitimate user space ? Legitimate users write a single character at a time and read response, so = exciting after, let's say, 32 bytes would be fine=2E But I still want to un= derstand why we have to do that=2E > >I dunno=2E=2E=2E > >> > >> > Link: https://lkml=2Eorg/lkml/2018/8/23/1106 >> > Signed-off-by: Eric Dumazet >> > Reported-by: syzbot+9436b02171ac0894d33e@syzkaller=2Eappspotmail=2Eco= m >> > Cc: Dmitry Torokhov >> > Cc: linux-input@vger=2Ekernel=2Eorg >> > --- >> > drivers/input/mousedev=2Ec | 1 + >> > 1 file changed, 1 insertion(+) >> > >> > diff --git a/drivers/input/mousedev=2Ec b/drivers/input/mousedev=2Ec >> > index >e08228061bcdd2f97aaadece31d6c83eb7539ae5=2E=2E412fa71245afe26a7a8ad757055= 66f83633ba347 >100644 >> > --- a/drivers/input/mousedev=2Ec >> > +++ b/drivers/input/mousedev=2Ec >> > @@ -707,6 +707,7 @@ static ssize_t mousedev_write(struct file >*file, const char __user *buffer, >> > mousedev_generate_response(client, c); >> > >> > spin_unlock_irq(&client->packet_lock); >> > + cond_resched(); >> > } >> > >> > kill_fasync(&client->fasync, SIGIO, POLL_IN); >> > -- >> > 2=2E19=2E0=2E605=2Eg01d371f741-goog >> > >> >> Thanks=2E >> >> -- >> Dmitry Thanks=2E --=20 Dmitry