Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp21052844ybl; Sun, 5 Jan 2020 18:46:04 -0800 (PST) X-Google-Smtp-Source: APXvYqwpdyyYr9HN0iqmkQ8QHSFpJUrTmq/MXTNNMcA48kDYtwTKykhwjpLYjWD3hHkeQ0+DDo1r X-Received: by 2002:a9d:6183:: with SMTP id g3mr114313285otk.304.1578278763976; Sun, 05 Jan 2020 18:46:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1578278763; cv=none; d=google.com; s=arc-20160816; b=LYvkuPQSyqWiJRVX3YkjWtqGuYklXrduxxgtoCyoC6h66LxJmCLnf13CE7xjsfv3Zf xoTva9sVNd8OkkkmpIgUlzr07dRIcqKF9WZdjqUfs5iorjht70jui17ZIb7Nfd0l/DO0 cSyn4khMGgrNEyR/W+uG+6kcb3hEaQxy3YKvLr1re4FEguP2PqZpGx4z7FExIfBjRlnk 7Zb75VvSOWU92mvsqy231Z1/SPrqZCUWpq5GkVZQHdf2MOLy2x9z+SRS6Fh1zcFA0MUy j+w32O9yACd3zUtpi6R2U6F/rdVFyGamDopYZsSmUKT3qOvgJDl7DFwjYdKsFRjzuHeP E1rg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=UJ6NnJ62Ooy0R7oKnZwCGJ6TP+B7lDV4YY3gww3T+5A=; b=QzGjzWOu6skpSgjGDiu7maD8ilApXryX9tlZP3QPhLixgYekK3OAgFVQDYSPfHSYvW kEGLuEl1X5Lfh7gGEwuYnXZ0SYmDPm6RDUBjohhw7GhRe9zY+FOHiqO9wJr49VJo96Zf cMziePwWovGg6T5jWF70vpqY1EKJWJUR8BNxu6LzPsbsDsq4/s3yH+ajexq+q/R+AsHQ Lk7V5kq3n2U4IKMLWx+IAMzJxq2UBx15uvWiUDGNHbd9U6vL6ykhdigTVofu0MUVmizD jYbJ5K91SU5ZdxQhP7gU9g3qQ165D3I/ajbPj4sPvXngl6QfMjcgnXNXPPi5O9s+LtL8 uPxQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=cGJ8Tlbn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w9si35880159otl.138.2020.01.05.18.45.50; Sun, 05 Jan 2020 18:46:03 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=cGJ8Tlbn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727356AbgAFCo4 (ORCPT + 99 others); Sun, 5 Jan 2020 21:44:56 -0500 Received: from mail-lj1-f196.google.com ([209.85.208.196]:45643 "EHLO mail-lj1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727307AbgAFCo4 (ORCPT ); Sun, 5 Jan 2020 21:44:56 -0500 Received: by mail-lj1-f196.google.com with SMTP id j26so49385359ljc.12 for ; Sun, 05 Jan 2020 18:44:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=UJ6NnJ62Ooy0R7oKnZwCGJ6TP+B7lDV4YY3gww3T+5A=; b=cGJ8Tlbn5Zm6sAd9Ge3FLpPmdJEV2m0sb8BmR8sd9/qxw8tTGQv5jXGE8EGBsEPf+T FG4QttkkHtHjD6tlyUs3YQ1ONi4L7RXr1tLq0JKPgbMp6ViTlmIAwmDIZzLeEuoCNkHd 5SekrxSlM1XXaPnvgTy8W41g+h5KT4K0bL+qIDgIUtcbncxgiUa6cRE3osDpjyx3+QBv nAU629l9qe/zLps7fSPmxtvXJ5Lc1tVbW901mMwd8XdAWRTBxRIsxLajq45f4V7fRWsR 3aiOS7wube5jzgAkWmrLZprYM4VGPET4YpA4reUDJRRNYsWqvoEBotR5xZPvITfla08Y b+ew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=UJ6NnJ62Ooy0R7oKnZwCGJ6TP+B7lDV4YY3gww3T+5A=; b=ooxi0FMp9LHihHHygOiitiaS64skMkELk921VUIA8k0MSunA5wS2u+M8LQ2G/aetYm 5IdIX00guQOasMtg6Q3XktImIpz2WEpa9TY1WRrmFgfIF1IJt1yoGicHiJK9NfVTtbm3 P4kquoCFv68wQIbwEISFZ9LxdNx1Neg8Qv0/2hMX0Y++A5Hz59EIRkzPyUzyz7hzlYa/ gMq/vpfFgiH7YN7HHdT/j1FpSBPlVuJxMg0htCD3FaQ0ZAGH77+VK2XIAEAGIdE7qQHG qyWFj/S30kqfarKBPBTV7oU/SyRRPb3BJwUWEEl6LrpB47YHHxaSghH9BbcHnLG/UM6z NWWg== X-Gm-Message-State: APjAAAW5pn3Q+FYhQ2XBrSxaS3Tjw4I0y8+1K7yMZtvakisjZfTrrurK B/xURznz2XsjLEBoaaOSpX0EHE9zHZpX3Lpc6PI= X-Received: by 2002:a2e:9015:: with SMTP id h21mr41069438ljg.69.1578278694242; Sun, 05 Jan 2020 18:44:54 -0800 (PST) MIME-Version: 1.0 References: <20200103034541.5302-1-zhenzhong.duan@gmail.com> <20200103084339.GA855576@kroah.com> In-Reply-To: <20200103084339.GA855576@kroah.com> From: Zhenzhong Duan Date: Mon, 6 Jan 2020 10:44:42 +0800 Message-ID: Subject: Re: [PATCH RESEND] ttyprintk: fix a potential sleeping in interrupt context issue To: Greg Kroah-Hartman Cc: linux-kernel@vger.kernel.org, x86@kernel.org, Arnd Bergmann Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jan 3, 2020 at 4:43 PM Greg Kroah-Hartman wrote: > > On Fri, Jan 03, 2020 at 11:45:41AM +0800, Zhenzhong Duan wrote: > > Google syzbot reports: > > BUG: sleeping function called from invalid context at > > kernel/locking/mutex.c:938 > > in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 0, name: swapper/1 > > 1 lock held by swapper/1/0: > > ... > > Call Trace: > > > > dump_stack+0x197/0x210 > > ___might_sleep.cold+0x1fb/0x23e > > __might_sleep+0x95/0x190 > > __mutex_lock+0xc5/0x13c0 > > mutex_lock_nested+0x16/0x20 > > tpk_write+0x5d/0x340 > > resync_tnc+0x1b6/0x320 > > call_timer_fn+0x1ac/0x780 > > run_timer_softirq+0x6c3/0x1790 > > __do_softirq+0x262/0x98c > > irq_exit+0x19b/0x1e0 > > smp_apic_timer_interrupt+0x1a3/0x610 > > apic_timer_interrupt+0xf/0x20 > > > > > > Fix it by using spinlock in process context instead of mutex and having > > interrupt disabled in critical section. > > > > Signed-off-by: Zhenzhong Duan > > Cc: Arnd Bergmann > > Cc: Greg Kroah-Hartman > > --- > > drivers/char/ttyprintk.c | 15 +++++++++------ > > 1 file changed, 9 insertions(+), 6 deletions(-) > > Why was this resent? What differs from the first version that required > it to be resent? > > Always give us a clue here please :) Sorry, I should have done that. patch-bot told me my last version is malformed(tabs converted to spaces) which may be due to I used gmail web browser to send patch. Now I have direct access to smtp.gmail.com and use 'git send-email', so that's not an issue now. No functional changes compared to last version. > > > > > > diff --git a/drivers/char/ttyprintk.c b/drivers/char/ttyprintk.c > > index 4f24e46ebe7c..56db949a7b70 100644 > > --- a/drivers/char/ttyprintk.c > > +++ b/drivers/char/ttyprintk.c > > @@ -15,10 +15,11 @@ > > #include > > #include > > #include > > +#include > > > > struct ttyprintk_port { > > struct tty_port port; > > - struct mutex port_write_mutex; > > + spinlock_t spinlock; > > }; > > > > static struct ttyprintk_port tpk_port; > > @@ -99,11 +100,12 @@ static int tpk_open(struct tty_struct *tty, struct file *filp) > > static void tpk_close(struct tty_struct *tty, struct file *filp) > > { > > struct ttyprintk_port *tpkp = tty->driver_data; > > + unsigned long flags; > > > > - mutex_lock(&tpkp->port_write_mutex); > > + spin_lock_irqsave(&tpkp->spinlock, flags); > > /* flush tpk_printk buffer */ > > tpk_printk(NULL, 0); > > Are you sure you can call this with a spinlock held? I think so. > > Doesn't your trace above show the opposite? That's why I use spin_lock_irqsave() variants rather than spin_lock() The issue here is tpk_write()/tpk_close() could be interrupted when holding a mutex, then in timer handler tpk_write() is called again trying to acquire same mutex, lead to dead lock. With spin_lock_irqsave(), interrupt is disabled in process context, so no such issue. > > What is wrong with sleeping during the mutex you currently have? How is > syzbot reporting this error, is there a reproducer somewhere? See https://syzkaller.appspot.com/bug?extid=2eeef62ee31f9460ad65 I didn't reproduce the dead lock locally, not even for the warning syzbot reported, but syzbot does. Thanks Zhenzhong