Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp1386820imm; Thu, 4 Oct 2018 12:46:16 -0700 (PDT) X-Google-Smtp-Source: ACcGV62GhCGe48S0KDih90rHVCr7x7h0lb6vUcOCV7dNp81I7uVGUgpLS01tmrJRpavAug31vTbO X-Received: by 2002:a17:902:7c96:: with SMTP id y22-v6mr8058902pll.321.1538682376653; Thu, 04 Oct 2018 12:46:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538682376; cv=none; d=google.com; s=arc-20160816; b=GhcceFfTOEu4Avnkl9nKxCRJfL838wEzeu0r24pbGDtEMznQf2/ogZRruNevNmVgVr LCoGYvbClD0avm0O82XZif6jGugGfw3ePUG5cQa5JRCcVTPBisFYvKES4pJ3vVHzbNrL Qs/jDWFLQe/nb3yQCKJd4H/KU0hAoBQHxO+egUz7eRLyYPmU1WInb+qQOcCUpZkHpYXy WUQbtWrQbYqqmL6aMj13lBhI6jrvc6A/qqwjc1g1HjI1xcx92RDzFNINdabMZbV/G/0Y n7ewbTbYf84gY1n8iWxipNWDr9Ib8OSjzE8/AQr+iw5mBuIv3W+RHC6lo1hv8qBdTGQq EHYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=1CW1xtYMnKRE2dEASH2cpWl7IqrCtBVvjiSx7+lGCdg=; b=ECbYUFMg48yrctd670d5hvLfe3NZzSiJNDsmwqJt201dpy7B3Ik5PzkEiXheUos0Kb 6inueTLYTq571yh+Z3AU66McGQycNdeTmmqqNyawvOhJOU3Hlkaopx/Cj8lb7uXFJDt7 Dq/Wj5DQyNzxcRAFPGbEr2FctpFmMWJb+0bUgDJ031OdSZ7T3mFr7LbdYQO7s7ddMYWH fqRVKdIUBMQ8icjTMWGalWvbBIBfhvFYpP68ix95o2ztnzRpzVTuNwT+LtGHdSYxWhk5 hiCOeHSj/7qzASEs00UZbt0hR86cIqN2w0YtCPlJk/wfOeVCZvS2BwgQ9LGbnA+qOBK9 bM3Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=vJVG2WuX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m7-v6si6152931pgl.345.2018.10.04.12.46.00; Thu, 04 Oct 2018 12:46:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=vJVG2WuX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727675AbeJECk0 (ORCPT + 99 others); Thu, 4 Oct 2018 22:40:26 -0400 Received: from mail-io1-f66.google.com ([209.85.166.66]:37057 "EHLO mail-io1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727489AbeJECk0 (ORCPT ); Thu, 4 Oct 2018 22:40:26 -0400 Received: by mail-io1-f66.google.com with SMTP id m16-v6so4691311ioj.4 for ; Thu, 04 Oct 2018 12:45:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=1CW1xtYMnKRE2dEASH2cpWl7IqrCtBVvjiSx7+lGCdg=; b=vJVG2WuXvdjUgiwoVAeFlHw2UWkNhA086gz1E7K9wYo5eT00pXxDX3kBX5lQePcrwG 7+J3zjsuzND7UywJHxodMNVXuYkLOcuwZIkJ3brSIgkyj4sFBbRaFi6V34FR5kamku0M GpHYeFeHifqaqp18TmUHfvGMohPJxgNpX6Z3QKTAju8vzHydhX38mwbIP7DsLmNVn9s6 ZV0sc8I0aq9XMsOg7EaxtQ9vw31JgpWgTssHkY8Ecl0TQuVKOGOVwu1HhYJL3ik3tm/H M7IJlHAQRzD11f6C0zW0RKgbJsoUskmpdB46iVLkZHCnnhc4R6c9ZojobttdxheLAk03 PFLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1CW1xtYMnKRE2dEASH2cpWl7IqrCtBVvjiSx7+lGCdg=; b=nLCK10Fmmy2ZYiHiE2CJrDUaTNbVrNUsdwTQPpNMPw4nha/qp92z18/pYBjKHtITNo Bcky09pFfRfl6Lv69y3a1bflZScCZqKggZ7+HtZyWVAC4GyVbAAFK3aJ9SyiJh5x3BMg fktf3Zd1ePe/RqUcJ1E0+dnK2A1nimk/vgpPX3TMxIZ4NEB8ZdEIzfgyYRfnKNcKWSEq IwW16+3VStKA2CMtGMglzPw1UMbRzyOUfCPdjlREJoD9zs2gjqWHYjhagkB7J7ZEN7/7 a5tJUhXizkdJ64hfJFXVw/KBf6yrYHfR5KVcgCI7a50HTJmAwC82WOrsFIOIERb11rIK UTSQ== X-Gm-Message-State: ABuFfogzCScStE8tTkyX3xOmHj9grhb2Lbhz8jIYr9MEU5cEubibfYbJ OnMLKLlWDiWdfo7fUMiTANfL+/LT4SGPPfI/UvzRSg== X-Received: by 2002:a6b:500e:: with SMTP id e14-v6mr6126487iob.73.1538682340750; Thu, 04 Oct 2018 12:45:40 -0700 (PDT) MIME-Version: 1.0 References: <20181004154749.111595-1-edumazet@google.com> <20181004185949.GA233675@dtor-ws> <30074728-D1C4-46D4-8BF5-6AB8ECAE3EBD@gmail.com> In-Reply-To: <30074728-D1C4-46D4-8BF5-6AB8ECAE3EBD@gmail.com> From: Eric Dumazet Date: Thu, 4 Oct 2018 12:45:29 -0700 Message-ID: Subject: Re: [PATCH] Input: mousedev - add a schedule point in mousedev_write() To: Dmitry Torokhov Cc: LKML , Eric Dumazet , linux-input@vger.kernel.org, "Paul E. McKenney" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Oct 4, 2018 at 12:38 PM Dmitry Torokhov wrote: > > On October 4, 2018 12:28:56 PM PDT, Eric Dumazet wrote: > >On Thu, Oct 4, 2018 at 11:59 AM Dmitry Torokhov > > wrote: > >> > >> Hi Eric, > >> > >> On Thu, Oct 04, 2018 at 08:47:49AM -0700, Eric Dumazet wrote: > >> > syzbot was able to trigger rcu stalls by calling write() > >> > with large number of bytes. > >> > > >> > Add a cond_resched() in the loop to avoid this. > >> > >> I think this simply masks a deeper issue. The code fetches characters > >> from userspace in a loop, takes a lock, quickly places response in an > >> output buffer, and releases interrupt. I do not see why this should > >> cause stalls as we do not hold spinlock/interrupts off for extended > >> period of time. > >> > >> Adding Paul so he can straighten me out... > >> > > > >Well... > > > >write(fd, buffer, 0x7FFF0000); > > > >Takes between 20 seconds and 2 minutes depending on CONFIG options .... > > That's fine even if it takes a couple of years. We are not holding spinlock for the entirety of this time, so we should get bumped off CPU at some point. Well, you are saying that we could get rid of all cond_resched() calls in the kernel. You should send patches asap ;) > > > > >So either apply my patch, or add a limit on the max count, and > >possibly break legitimate user space ? > > Legitimate users write a single character at a time and read response, so exciting after, let's say, 32 bytes would be fine. But I still want to understand why we have to do that. > > > > >I dunno... > > > >> > > >> > Link: https://lkml.org/lkml/2018/8/23/1106 > >> > Signed-off-by: Eric Dumazet > >> > Reported-by: syzbot+9436b02171ac0894d33e@syzkaller.appspotmail.com > >> > Cc: Dmitry Torokhov > >> > Cc: linux-input@vger.kernel.org > >> > --- > >> > drivers/input/mousedev.c | 1 + > >> > 1 file changed, 1 insertion(+) > >> > > >> > diff --git a/drivers/input/mousedev.c b/drivers/input/mousedev.c > >> > index > >e08228061bcdd2f97aaadece31d6c83eb7539ae5..412fa71245afe26a7a8ad75705566f83633ba347 > >100644 > >> > --- a/drivers/input/mousedev.c > >> > +++ b/drivers/input/mousedev.c > >> > @@ -707,6 +707,7 @@ static ssize_t mousedev_write(struct file > >*file, const char __user *buffer, > >> > mousedev_generate_response(client, c); > >> > > >> > spin_unlock_irq(&client->packet_lock); > >> > + cond_resched(); > >> > } > >> > > >> > kill_fasync(&client->fasync, SIGIO, POLL_IN); > >> > -- > >> > 2.19.0.605.g01d371f741-goog > >> > > >> > >> Thanks. > >> > >> -- > >> Dmitry > > > Thanks. > > -- > Dmitry