Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp3934852ybh; Tue, 17 Mar 2020 09:10:15 -0700 (PDT) X-Google-Smtp-Source: ADFU+vumdMDcFaVOnlhRS/ynS3CxQno7f66+wflYu2qJImoI2s/mEklPpc2Fuvl/VIN2R65ZiUcH X-Received: by 2002:a9d:4c8f:: with SMTP id m15mr4484645otf.273.1584461415595; Tue, 17 Mar 2020 09:10:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584461415; cv=none; d=google.com; s=arc-20160816; b=i8v7plHHKeu4tF44+XoPuPSKBm59GjuHPG9goaP6gybXPO/h3a5GrOAKFOGMs85deo vUSp9Y5eZy+jFFTrau+dKNInEBMSqzLj3wTxHdluUS/BFJLdOUrpfQJaWZMD3gETQUd2 cPj6aLH1C4yIURRLItzoJF2ffVyjJD+Ly0LAjXaARnnyTkUCeQKicKIcnejKCpzXIxKQ zjibJdjNf5GSh6RDljzKvRUV7GOt2sCc0Pi22oQRyqPd3jO2smYBdbDSE5Dd7YGse4/r TY3EERnjs/5HAZKW1QK2PlnOvn14vpZiSYA2NLlCO7CVQK61TKusNVvBlOC44NwTkxmw KUWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature; bh=uMdahwcro2NPqfPOEh2DGJMW67JF29Tkrd5Rw3/wx5k=; b=mBL4KqBXQ2qUkj3XUni6+Yo42Jotc91JALxhoXErMtF2t2LSrOnXmLVNdw85VVE4b6 icp4vwLcGm4tQHeKFFn3AbQUVOnHURjxUvWUq+9cuRONc+jFpAv3h7gTUvDItEysVSeW FpW+qvn8g/nqNnGrIBo4+ASM7ub6oP6nhxflswGcsyVDUAjx/foV7f/toFAq/3L7Cb0N 8ZQap8fCo4bW9q6WhLvAQivmzL4WgU71VxsEqAhnK0yh+rglfpen7jnJLTtItzLDte2v YPVgRUFvE+WKi6iVpIvA6L3IshMIsv3TOJxHXrDypoA0kqNHd5uPczVbSugZjXlwCdHM 4AWw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="t/XMMiB9"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c23si1940666otn.287.2020.03.17.09.09.58; Tue, 17 Mar 2020 09:10:15 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="t/XMMiB9"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726680AbgCQQHT (ORCPT + 99 others); Tue, 17 Mar 2020 12:07:19 -0400 Received: from mail.kernel.org ([198.145.29.99]:35024 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726016AbgCQQHS (ORCPT ); Tue, 17 Mar 2020 12:07:18 -0400 Received: from tleilax.poochiereds.net (68-20-15-154.lightspeed.rlghnc.sbcglobal.net [68.20.15.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 99C0F20724; Tue, 17 Mar 2020 16:07:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1584461237; bh=C3nxCVtOojJI1EE4i/01qvjqY8WR/WwWo9EvGceJqnI=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=t/XMMiB9rQREmqVkw/QrW6v3HXkY9doFIrtVESl/NbmeLU7cdm8nwvzgvml0lTsbX 3WAV8yKh2nVv1w28jzMqwj65b7yXkSmc/474gx6Eq6Ak3QKNQWH9l2LfQxwXDuNSoX d/0BWBoWrgITzbPO6hh2HTHUs9ASUSmAItXmRe4g= Message-ID: <61d6b91e9387969f5dfaba192aee366cc9b310f0.camel@kernel.org> Subject: Re: [locks] 6d390e4b5d: will-it-scale.per_process_ops -96.6% regression From: Jeff Layton To: yangerkun , Linus Torvalds Cc: NeilBrown , kernel test robot , LKML , lkp@lists.01.org, Bruce Fields , Al Viro Date: Tue, 17 Mar 2020 12:07:15 -0400 In-Reply-To: <6df79609-90eb-2f59-7e86-3532ac309a7a@huawei.com> References: <20200308140314.GQ5972@shao2-debian> <875zfbvrbm.fsf@notabene.neil.brown.name> <0066a9f150a55c13fcc750f6e657deae4ebdef97.camel@kernel.org> <87v9nattul.fsf@notabene.neil.brown.name> <87o8t2tc9s.fsf@notabene.neil.brown.name> <877dznu0pk.fsf@notabene.neil.brown.name> <87pndcsxc6.fsf@notabene.neil.brown.name> <7c8d3752-6573-ab83-d0af-f3dd4fc373f5@huawei.com> <6df79609-90eb-2f59-7e86-3532ac309a7a@huawei.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.34.4 (3.34.4-1.fc31) MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2020-03-17 at 22:05 +0800, yangerkun wrote: > > On 2020/3/17 9:41, yangerkun wrote: > > > > On 2020/3/17 1:26, Linus Torvalds wrote: > > > On Mon, Mar 16, 2020 at 4:07 AM Jeff Layton wrote: > > > > > > > > + /* > > > > + * If fl_blocker is NULL, it won't be set again as this > > > > thread "owns" > > > > + * the lock and is the only one that might try to claim the > > > > lock. > > > > + * Because fl_blocker is explicitly set last during a delete, > > > > it's > > > > + * safe to locklessly test to see if it's NULL. If it is, > > > > then we know > > > > + * that no new locks can be inserted into its > > > > fl_blocked_requests list, > > > > + * and we can therefore avoid doing anything further as long > > > > as that > > > > + * list is empty. > > > > + */ > > > > + if (!smp_load_acquire(&waiter->fl_blocker) && > > > > + list_empty(&waiter->fl_blocked_requests)) > > > > + return status; > > > > > > Ack. This looks sane to me now. > > > > > > yangerkun - how did you find the original problem?\ > > > > While try to fix CVE-2019-19769, add some log in __locks_wake_up_blocks > > help me to rebuild the problem soon. This help me to discern the problem > > soon. > > > > > Would you mind using whatever stress test that caused commit > > > 6d390e4b5d48 ("locks: fix a potential use-after-free problem when > > > wakeup a waiter") with this patch? And if you did it analytically, > > > you're a champ and should look at this patch too! > > > > I will try to understand this patch, and if it's looks good to me, will > > do the performance test! > > This patch looks good to me, with this patch, the bug '6d390e4b5d48 > ("locks: fix a potential use-after-free problem when wakeup a waiter")' > describes won't happen again. Actually, I find that syzkaller has report > this bug before[1], and the log of it can help us to reproduce it with > some latency in __locks_wake_up_blocks! > > Also, some ltp testcases describes in [2] pass too with the patch! > > For performance test, I have try to understand will-it-scale/lkp, but it > seem a little complex to me, and may need some more time. So, Rong Chen, > can you help to do this? Or the results may come a little later... > > Thanks, > ---- > [1] https://syzkaller.appspot.com/bug?extid=922689db06e57b69c240 > [2] https://lkml.org/lkml/2020/3/11/578 Thanks yangerkun. Let me know if you want to add your Reviewed-by tag. Cheers, -- Jeff Layton