Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp1176871pxk; Fri, 2 Oct 2020 03:07:58 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwzYr9XpaKceRE4vhkR3703rDUD0KOfxlY9s7hFB9r7bMDpnHSYhdxoueQkPivWuO9ZAm8W X-Received: by 2002:a05:6402:1148:: with SMTP id g8mr1507498edw.271.1601633277802; Fri, 02 Oct 2020 03:07:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1601633277; cv=none; d=google.com; s=arc-20160816; b=lsMfX9iRFgcLR10wE/yzcmJ5DIviCt5ho4ESNA1I6hoYAjdgb7sq8veCdQfurV6y+6 zl9bFJ4RYue9rzDozXiqc2w6k9GxlVQPKKr45ikhQPrfNzHKDRCiey2YtvSZoKoSfwFa cxOmaPeSAANvtGhy6sRnyExcOvewEJWEeW2VfRDBDpK9HZsMN4Mip/jiIM3v2ZmXbeWu qUHKcn6IWKLvdS7pHIPPopiQDiR5BOnt4Y7MSn2OD13zxAfjWevY32ePbvKXTZVWBZtQ ScVR2x9uDp7N91tgv4hVIvWbGaGwoWsgEzc4yXkZ9IrIJT+mTai1SHnBZ3iAhxJ0FC+l PULg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=nGbo0BAJ7AX5m3CDAPlOPwnW95gAph2oRChMJZOYa08=; b=M2S04+YEUPzsJq7X8Hh7z/T5OOqJS/oMgXQnW4q/zgkXt4k/D9WEiG5wgTl/d2su+Q pMsG/np7oskaAhgFcREEfIchccF9Y3hD7iph5ye8qBqk5JRA+I/T8p3+w77ubJEy3YCH npcjuYH5xlsQmMKLYITj4VxSGUJw4JxQg6qoTO6v26M/nt/jJ4lATwdrzmijlIXdr0jF 7C6yuXw/K1wIMCp3EsM8o0lCwPM+0R6OtvVZYLI62zzIDmWl31KY5/5Lii0QlKQnS/hs O2RuVtMP5C/EUyHWWIpO3UND0artJGTWZmAKGJBbdZOvtb6mLT6aZezLSZMrEnWsYzE8 h2DA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=K9BK3HFP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f18si664811edm.539.2020.10.02.03.07.35; Fri, 02 Oct 2020 03:07:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=K9BK3HFP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387682AbgJBKGT (ORCPT + 99 others); Fri, 2 Oct 2020 06:06:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42292 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725993AbgJBKGS (ORCPT ); Fri, 2 Oct 2020 06:06:18 -0400 Received: from casper.infradead.org (casper.infradead.org [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 65727C0613D0 for ; Fri, 2 Oct 2020 03:06:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=nGbo0BAJ7AX5m3CDAPlOPwnW95gAph2oRChMJZOYa08=; b=K9BK3HFP0QrwDMlq1/XLquTwaw Tm9Jcm/+MIoHU5v+Rrr0UJlsqs903Auz/H6iSGqY/EiZ+uxw8SHgmiNn4jZRR2BUkhkwal0wgbm4t RxUPZFsjbu6EnuaOCF42KCKQEoqn6N/YrSb+TPZZP8lvqLMRrEK9R3WjjxfAwZVfV9bmA/EaSXsCE vj7qU820fE0ohquUrnrP3F1WR738nuAqwjYRWIKnH+AUWOumBorjwU0x0wWuQ9ZBrcPMrMMXiRjpt kmF8rc5iMkCBRFzbYm2jj///L3CczCd9v3r0u5SVXBOorHSQ+DpwPcwr7juaObQ62wWL01uxAoXQk TDqEiNjg==; Received: from j217100.upc-j.chello.nl ([24.132.217.100] helo=noisy.programming.kicks-ass.net) by casper.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1kOHx4-0002ka-5v; Fri, 02 Oct 2020 10:06:10 +0000 Received: from hirez.programming.kicks-ass.net (hirez.programming.kicks-ass.net [192.168.1.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by noisy.programming.kicks-ass.net (Postfix) with ESMTPS id DA4883011C6; Fri, 2 Oct 2020 12:06:07 +0200 (CEST) Received: by hirez.programming.kicks-ass.net (Postfix, from userid 1000) id C694C2011674B; Fri, 2 Oct 2020 12:06:07 +0200 (CEST) Date: Fri, 2 Oct 2020 12:06:07 +0200 From: Peter Zijlstra To: Boqun Feng Cc: Qian Cai , Waiman Long , Ingo Molnar , Will Deacon , linux-kernel@vger.kernel.org Subject: Re: lockdep null-ptr-deref Message-ID: <20201002100607.GH2651@hirez.programming.kicks-ass.net> References: <5fd046115645daa00f8841f5467da4c4d960ca92.camel@redhat.com> <20200929230823.GC17810@debian-boqun.qqnc3lrjykvubdpftowmye0fmh.lx.internal.cloudapp.net> <20200930091610.GV2628@hirez.programming.kicks-ass.net> <20200930094937.GE2651@hirez.programming.kicks-ass.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200930094937.GE2651@hirez.programming.kicks-ass.net> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Sep 30, 2020 at 11:49:37AM +0200, Peter Zijlstra wrote: > On Wed, Sep 30, 2020 at 11:16:11AM +0200, Peter Zijlstra wrote: > > On Wed, Sep 30, 2020 at 07:08:23AM +0800, Boqun Feng wrote: > > > I think there are two problems here: > > > > > > 1) the "(null)" means we don't have the "usage_str" for a usage bit, > > > which I think is the LOCK_USED_READ bit introduced by Peter at > > > 23870f122768 ('locking/lockdep: Fix "USED" <- "IN-NMI" inversions'). > > > > > > 2) the next null-ptr-deref, and I think this is also caused by > > > LOCK_USED_READ bit, because in the loop inside > > > print_lock_class_header(), we iterate from 0 to LOCK_USAGE_STATES (which > > > is 4*2 + 3), however the class->usage_traces[] only has > > > XXX_LOCK_USAGE_STATES (which is 4*2 + 1) elements, so if we have > > > LOCK_USED_READ bit set in ->usage_mask, we will try to access an element > > > out of the ->usage_traces[] array. > > > > > > Probably the following helps? And another possible fix is to enlarge the > > > ->usage_trace[] array and record the call trace of LOCK_READ_USED. > > > > Urgh.. yeah, I wanted to avoid saving that trace; it's pretty useless :/ > > The existing USED trace is already mostly pointless, the consistent > > thing would be to remove both but that might be too radical. > > > > But you're right in that I made a right mess of it. Not sure what's > > best here. > > > > Let me have a play. > > How's something like this? It's bigger than I'd like, but I feel the > result is more consistent/readable. > Qian, could you confirm this works for you? > --- > diff --git a/include/linux/lockdep_types.h b/include/linux/lockdep_types.h > index bb35b449f533..a55b1d314ae8 100644 > --- a/include/linux/lockdep_types.h > +++ b/include/linux/lockdep_types.h > @@ -35,8 +35,12 @@ enum lockdep_wait_type { > /* > * We'd rather not expose kernel/lockdep_states.h this wide, but we do need > * the total number of states... :-( > + * > + * XXX_LOCK_USAGE_STATES is the number of lines in lockdep_states.h, for each > + * of those we generates 4 states, Additionally we (for now) report on USED. > */ > -#define XXX_LOCK_USAGE_STATES (1+2*4) > +#define XXX_LOCK_USAGE_STATES 2 > +#define LOCK_TRACE_STATES (XXX_LOCK_USAGE_STATES*4 + 1) > > /* > * NR_LOCKDEP_CACHING_CLASSES ... Number of classes > @@ -106,7 +110,7 @@ struct lock_class { > * IRQ/softirq usage tracking bits: > */ > unsigned long usage_mask; > - const struct lock_trace *usage_traces[XXX_LOCK_USAGE_STATES]; > + const struct lock_trace *usage_traces[LOCK_TRACE_STATES]; > > /* > * Generation counter, when doing certain classes of graph walking, > diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c > index 454355c033d2..4f98ac8b4575 100644 > --- a/kernel/locking/lockdep.c > +++ b/kernel/locking/lockdep.c > @@ -600,6 +600,8 @@ static const char *usage_str[] = > #include "lockdep_states.h" > #undef LOCKDEP_STATE > [LOCK_USED] = "INITIAL USE", > + [LOCK_USED_READ] = "INITIAL READ USE", > + /* abused as string storage for verify_lock_unused() */ > [LOCK_USAGE_STATES] = "IN-NMI", > }; > #endif > @@ -2231,7 +2233,7 @@ static void print_lock_class_header(struct lock_class *class, int depth) > #endif > printk(KERN_CONT " {\n"); > > - for (bit = 0; bit < LOCK_USAGE_STATES; bit++) { > + for (bit = 0; bit < LOCK_TRACE_STATES; bit++) { > if (class->usage_mask & (1 << bit)) { > int len = depth; > > @@ -4354,27 +4356,24 @@ static int mark_lock(struct task_struct *curr, struct held_lock *this, > old_mask = hlock_class(this)->usage_mask; > hlock_class(this)->usage_mask |= new_mask; > > - /* > - * Save one usage_traces[] entry and map both LOCK_USED and > - * LOCK_USED_READ onto the same entry. > - */ > - if (new_bit == LOCK_USED || new_bit == LOCK_USED_READ) { > - if (old_mask & (LOCKF_USED | LOCKF_USED_READ)) > - goto unlock; > - new_bit = LOCK_USED; > + if (new_bit < LOCK_TRACE_STATES) { > + if (!(hlock_class(this)->usage_traces[new_bit] = save_trace())) > + return 0; > } > > - if (!(hlock_class(this)->usage_traces[new_bit] = save_trace())) > - return 0; > - > switch (new_bit) { > + case 0 ... LOCK_USED-1: > + ret = mark_lock_irq(curr, this, new_bit); > + if (!ret) > + return 0; > + break; > + > case LOCK_USED: > debug_atomic_dec(nr_unused_locks); > break; > + > default: > - ret = mark_lock_irq(curr, this, new_bit); > - if (!ret) > - return 0; > + break; > } > > unlock: > diff --git a/kernel/locking/lockdep_internals.h b/kernel/locking/lockdep_internals.h > index b0be1560ed17..67dc46e46552 100644 > --- a/kernel/locking/lockdep_internals.h > +++ b/kernel/locking/lockdep_internals.h > @@ -20,9 +20,12 @@ enum lock_usage_bit { > #undef LOCKDEP_STATE > LOCK_USED, > LOCK_USED_READ, > - LOCK_USAGE_STATES > + LOCK_USAGE_STATES, > }; > > +/* states after LOCK_USED are not traced and printed */ > +static_assert(LOCK_TRACE_STATES == LOCK_USED_READ); > + > #define LOCK_USAGE_READ_MASK 1 > #define LOCK_USAGE_DIR_MASK 2 > #define LOCK_USAGE_STATE_MASK (~(LOCK_USAGE_READ_MASK | LOCK_USAGE_DIR_MASK)) > @@ -121,7 +124,7 @@ static const unsigned long LOCKF_USED_IN_IRQ_READ = > extern struct list_head all_lock_classes; > extern struct lock_chain lock_chains[]; > > -#define LOCK_USAGE_CHARS (1+LOCK_USAGE_STATES/2) > +#define LOCK_USAGE_CHARS (2*XXX_LOCK_USAGE_STATES + 1) > > extern void get_usage_chars(struct lock_class *class, > char usage[LOCK_USAGE_CHARS]);