Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp1552496pxa; Thu, 6 Aug 2020 10:06:50 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxVmM2DoqrxAFzcDU7xJZ4k5f6hjKfENzr2Sv22K04RR+i7C0/VAK4P5QSkFqOp50jsOH4L X-Received: by 2002:a17:906:f847:: with SMTP id ks7mr5605075ejb.402.1596733609793; Thu, 06 Aug 2020 10:06:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596733609; cv=none; d=google.com; s=arc-20160816; b=uIa0GumNkWCAx1x1LCznZVbFHauXavPOAT6pJn9M8M39Aw5764QCC8boFQOsNfTsyX MOu4wBywbZbKQHPpxbyodImpFmwTkZzA2etkpUr+I3viMz2mfn8QVr5HzrbJSbl8xj6u 8LV5maT1DgCE7+cDQTiUOF9563sLxuOegZ1C5blAmxwebha/KWF6gSSdvdpKmQCDYo2L A7f5vKTPsGVGT5I7gRLGUFxaD9WwOXZ1C0nE5B5pnLTMPi7F1w5ZqFM4gw3Lhfi6Dr0x zd5KMJ3FiaG/ZYwgua7r9wa62S21N6OuGZzQRX/+APcaRrVFjLESgPaPrxt1nCFOCO8J HkuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=T2iPfxLBjVspZYrNz+huCOCqkAd+X2FNwnJZLpWw+hM=; b=yRsDxMBNjtqLNyedyxjXkA7F6Fjge96vWb1lT/zf6tSi4dCdwevFedsgN431m8ePYC JEZEQ++DnFAMLcsRL+YMT9bc3d7TiSa6brF2V3Hl/6swLUG1eTPm8JXpdQkcaTofY6Gm sOylKAb287D46AhCF162UXE7SE94p/8nFkRGNiq0LW9DNpgWBLDgRYCgZGOlrqFyREIP YIjKhMisJsRzO/o1LRGu0Dx/RVSkU2mnOREyQTofZIePA3//+T2CM5abzJuuJdhlNhz7 7eKmcyhDOVd+aV7Hydqn1xOL1DUeFllsfJ3qAIkklyXWOQcLVWGD+E+MEbtMtT0l/MH5 Wr6A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Y4ynlCXK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z8si3589309ejd.290.2020.08.06.10.06.26; Thu, 06 Aug 2020 10:06:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Y4ynlCXK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729988AbgHFRFc (ORCPT + 99 others); Thu, 6 Aug 2020 13:05:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44920 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729940AbgHFREp (ORCPT ); Thu, 6 Aug 2020 13:04:45 -0400 Received: from mail-qk1-x741.google.com (mail-qk1-x741.google.com [IPv6:2607:f8b0:4864:20::741]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6C7DAC034620 for ; Thu, 6 Aug 2020 06:26:10 -0700 (PDT) Received: by mail-qk1-x741.google.com with SMTP id b79so44830096qkg.9 for ; Thu, 06 Aug 2020 06:26:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=T2iPfxLBjVspZYrNz+huCOCqkAd+X2FNwnJZLpWw+hM=; b=Y4ynlCXKpUtRgCoRk5Ti+JvbQvLBJhoDyUZKoyhtmY7lfFYMIZMnj1VrVkD89tOWzG UDwmd8cf+5zAURws27dVU4KtqqcfXWq2iI29b0U13AoTFqvFygDiPCEPAt26EOs5YYQY T7Ko8UixmobQX2cH/A28lxdtcJ9tI2gujadmpowppl/KjMwlSEs9iQiPKj6guDuUTMhZ ouxhD5ppzi4GvruPpWaS+0szPx57vt36FfI1kwdZqbK6oajfmXvpU9iSM0xsMVWhySYf K/84x5aatxjiXyiN5qPY8OGk68e5WA30dNhfKabWHiPhYi3r08k4BwndSGs/0GCOSx9e 67cQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=T2iPfxLBjVspZYrNz+huCOCqkAd+X2FNwnJZLpWw+hM=; b=HMoIoSrEp9ij2cRnJpOi4jpIRI3g4M8frl8eVC9nx5CulRY/hMCri2mhWlL/qawFll ne7kmfKVpbZQFe3yMESvWAXGcYGVYItySkaKvJANS7uolW2i7hw2jL7gcwQStbksVo/r EXWpgThyRzmz57JEXqbwfVT6SoJqF+/wkkUBormSMTlTq+6TFjfFgfVifCjF/Gg8aUHI t1tQfzazfXk7lu6TtuCt9RNN2ytJgZvXpzCd5enkwLdxcJvYbMteuF7J6HndVuSpjGCU juS7GuDRePmoi45liJj5Xa3fCeUPPWBVW6rPXV3W4/lf3BAq7/q/uJVZqhu8jAnc0Too 9DSQ== X-Gm-Message-State: AOAM530U2stwxUi9OLQ2M036+TWTt90zR1aFfRnUhXWyNlahhtPLn9i3 hWtK/388KLE5CHRfh05+zhe7Y1DM7HVKMbnBALmCxg== X-Received: by 2002:a05:620a:676:: with SMTP id a22mr8706700qkh.8.1596720369262; Thu, 06 Aug 2020 06:26:09 -0700 (PDT) MIME-Version: 1.0 References: <20200805230852.GA28727@paulmck-ThinkPad-P72> In-Reply-To: From: Dmitry Vyukov Date: Thu, 6 Aug 2020 15:25:57 +0200 Message-ID: Subject: Re: Finally starting on short RCU grace periods, but... To: Marco Elver Cc: "Paul E. McKenney" , Kostya Serebryany , LKML , kasan-dev , Alexander Potapenko , Andrey Konovalov , "'Dmitry Vyukov' via syzkaller-upstream-moderation" , Jann Horn Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Aug 6, 2020 at 3:22 PM Dmitry Vyukov wrote: > > On Thu, Aug 6, 2020 at 12:31 PM Marco Elver wrote: > > > > +Cc kasan-dev > > > > On Thu, 6 Aug 2020 at 01:08, Paul E. McKenney wrote: > > > > > > Hello! > > > > > > If I remember correctly, one of you asked for a way to shorten RCU > > > grace periods so that KASAN would have a better chance of detecting bugs > > > such as pointers being leaked out of RCU read-side critical sections. > > > I am finally starting entering and testing code for this, but realized > > > that I had forgotten a couple of things: > > > > > > 1. I don't remember exactly who asked, but I suspect that it was > > > Kostya. I am using his Reported-by as a placeholder for the > > > moment, but please let me know if this should be adjusted. > > > > It certainly was not me. > > > > > 2. Although this work is necessary to detect situtions where > > > call_rcu() is used to initiate a grace period, there already > > > exists a way to make short grace periods that are initiated by > > > synchronize_rcu(), namely, the rcupdate.rcu_expedited kernel > > > boot parameter. This will cause all calls to synchronize_rcu() > > > to act like synchronize_rcu_expedited(), resulting in about 2-3 > > > orders of magnitude reduction in grace-period latency on small > > > systems (say 16 CPUs). > > > > > > In addition, I plan to make a few other adjustments that will > > > increase the probability of KASAN spotting a pointer leak even in the > > > rcupdate.rcu_expedited case. > > > > Thank you, that'll be useful I think. > > > > > But if you would like to start this sort of testing on current mainline, > > > rcupdate.rcu_expedited is your friend! > > Hi Paul, > > This is great! > > I understand it's not a sufficiently challenging way of tracking > things, but it's simply here ;) > https://bugzilla.kernel.org/show_bug.cgi?id=208299 > (now we also know who asked for this, +Jann) > > I've tested on the latest mainline and with rcupdate.rcu_expedited=1 > it boots to ssh successfully and I see: > [ 0.369258][ T0] All grace periods are expedited (rcu_expedited). > > I have created https://github.com/google/syzkaller/pull/2021 to enable > it on syzbot. > On syzbot we generally use only 2-4 CPUs per VM, so it should be even better. > > > Do any of you remember some bugs we missed due to this? Can we find > > them if we add this option? > > The problem is that it's hard to remember bugs that were not caught :) > Here is an approximation of UAFs with free in rcu callback: > https://groups.google.com/forum/#!searchin/syzkaller-bugs/KASAN$20use-after-free$20rcu_do_batch%7Csort:date > The ones with low hit count are the ones that we almost did not catch. > That's the best estimation I can think of. Also potentially we can get > reproducers for such bugs without reproducers. > Maybe we will be able to correlate some bugs/reproducers that appear > soon with this change. Wait, it was added in 2012? https://github.com/torvalds/linux/commit/3705b88db0d7cc4