Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp1144597pxv; Fri, 9 Jul 2021 19:25:30 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyZ84/sVHopi03FbcG3We8b1gq3LSmMnAkmkrQUA3ZWYTbp2dAldIjRCW5JBD12CiBWpmFx X-Received: by 2002:a17:907:1ddb:: with SMTP id og27mr10088625ejc.540.1625883930059; Fri, 09 Jul 2021 19:25:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1625883930; cv=none; d=google.com; s=arc-20160816; b=RadJI02q+bKCRW1lPqmPJjgnnQr8dW0vcS2ljxoqnnqqF6EfI7jvLsCkgOmDZA0ht8 DRynrHb/YttM85s3f/VzHyXRD2KG9iDTQFETKi9mUU6FnJh0uIix+5nVvngOcOA8fmLL Mm0IHymv0X0k8N7It+12UQ7n9qtsC56IwsRZ6e+MEv5fxx8zoiQBG0C/b4w0A4YlbUVG uOzAaJRWtpjpOakQ+6HiyFcJPE3YBfH/kzPma5y8Ime8m9irhH4TknszjwcJ5yux7iQt WAKZvx9PpIsaJ04AqLPAMBJJSQ1nM0c/vthryJMK+ZsowRbX4lhoFbwJEmAtOwGYvTC0 i0WQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=5s65//C8ZElpoaU+/QNoaje6J5EoSES4jOO01yyrlgc=; b=B8e52azis6yEQaLdP6z/YPvd4wXR9dHP/0iWk7lA7eOzVmfw2TyMvjJYdl0naZjTkE bI6kgeDlrh7aWJGSEVw02DrTw5OVXOIPwMUTkU5X+MStoxUeJY1yE74NhoWSLCraUMCP BKoAHs8w9iVYP/JxMT+dWndnjnwCFbwqvIkhDstQRPGU/LmyJA1N6LA8ffQdfmdp5x8w 7PSaHMq2tdsYO81M1YAvQyu9oJjbvnZYR3U6YnXAp1YpjTAm4Gs4eHypHAi2l70NocQD j77xRm1xr9Rj4mVUbUGwJ2hHIM2r8F5K9kxlsLuAt2JxcCcuHdwuqzxLdtJGSDj22aa7 wn8A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=rOlD4nMU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v22si8541246edw.374.2021.07.09.19.25.07; Fri, 09 Jul 2021 19:25:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=rOlD4nMU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232206AbhGJCYz (ORCPT + 99 others); Fri, 9 Jul 2021 22:24:55 -0400 Received: from mail.kernel.org ([198.145.29.99]:41630 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231682AbhGJCYv (ORCPT ); Fri, 9 Jul 2021 22:24:51 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id B0908613CC; Sat, 10 Jul 2021 02:22:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1625883726; bh=sJFaU2QdTAEwspAkWBA4FyxzZBE1kR1meva6Bw5MRgo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=rOlD4nMUDPIx3UpNzQx1EKMw2hIrAcurEtd3GeM/3vUKyEEweWn5i0K3Ii/l1tchR bvs8pLWXDgbVGH3pZ5o7Z6GPJhoNx8UL1BCdKMzQpzVCg6ehMdGEpDZJ+GCK/VoAOK BAz1NWQ3SQwNQdkEWCG9aM2gMKIOO/KeodvitdBqjdjc5M090lhDrKK6hTyA0a60cL hH7cMpglTKOmBnjq/ZQujHXXSyE2HAFMUKFO0VC4Yt92+wTcxadAur8mFmc2j/FNCO S57/EKVZIJHsFuixMgHV/bSx1OZIM0+A/aQKrUxe4hledftByUloXYIJdsQbm1NEqu 9zlSM8FGRRw4w== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: "Paul E. McKenney" , syzbot+dde0cc33951735441301@syzkaller.appspotmail.com, Matthew Wilcox , syzbot+88e4f02896967fe1ab0d@syzkaller.appspotmail.com, Thomas Gleixner , Boqun Feng , Sasha Levin , rcu@vger.kernel.org Subject: [PATCH AUTOSEL 5.12 007/104] rcu: Reject RCU_LOCKDEP_WARN() false positives Date: Fri, 9 Jul 2021 22:20:19 -0400 Message-Id: <20210710022156.3168825-7-sashal@kernel.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210710022156.3168825-1-sashal@kernel.org> References: <20210710022156.3168825-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: "Paul E. McKenney" [ Upstream commit 3066820034b5dd4e89bd74a7739c51c2d6f5e554 ] If another lockdep report runs concurrently with an RCU lockdep report from RCU_LOCKDEP_WARN(), the following sequence of events can occur: 1. debug_lockdep_rcu_enabled() sees that lockdep is enabled when called from (say) synchronize_rcu(). 2. Lockdep is disabled by a concurrent lockdep report. 3. debug_lockdep_rcu_enabled() evaluates its lockdep-expression argument, for example, lock_is_held(&rcu_bh_lock_map). 4. Because lockdep is now disabled, lock_is_held() plays it safe and returns the constant 1. 5. But in this case, the constant 1 is not safe, because invoking synchronize_rcu() under rcu_read_lock_bh() is disallowed. 6. debug_lockdep_rcu_enabled() wrongly invokes lockdep_rcu_suspicious(), resulting in a false-positive splat. This commit therefore changes RCU_LOCKDEP_WARN() to check debug_lockdep_rcu_enabled() after checking the lockdep expression, so that any "safe" returns from lock_is_held() are rejected by debug_lockdep_rcu_enabled(). This requires memory ordering, which is supplied by READ_ONCE(debug_locks). The resulting volatile accesses prevent the compiler from reordering and the fact that only one variable is being accessed prevents the underlying hardware from reordering. The combination works for IA64, which can reorder reads to the same location, but this is defeated by the volatile accesses, which compile to load instructions that provide ordering. Reported-by: syzbot+dde0cc33951735441301@syzkaller.appspotmail.com Reported-by: Matthew Wilcox Reported-by: syzbot+88e4f02896967fe1ab0d@syzkaller.appspotmail.com Reported-by: Thomas Gleixner Suggested-by: Boqun Feng Reviewed-by: Boqun Feng Signed-off-by: Paul E. McKenney Signed-off-by: Sasha Levin --- include/linux/rcupdate.h | 2 +- kernel/rcu/update.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/linux/rcupdate.h b/include/linux/rcupdate.h index bd04f722714f..d11bee5d9347 100644 --- a/include/linux/rcupdate.h +++ b/include/linux/rcupdate.h @@ -315,7 +315,7 @@ static inline int rcu_read_lock_any_held(void) #define RCU_LOCKDEP_WARN(c, s) \ do { \ static bool __section(".data.unlikely") __warned; \ - if (debug_lockdep_rcu_enabled() && !__warned && (c)) { \ + if ((c) && debug_lockdep_rcu_enabled() && !__warned) { \ __warned = true; \ lockdep_rcu_suspicious(__FILE__, __LINE__, s); \ } \ diff --git a/kernel/rcu/update.c b/kernel/rcu/update.c index b95ae86c40a7..dd94a602a6d2 100644 --- a/kernel/rcu/update.c +++ b/kernel/rcu/update.c @@ -277,7 +277,7 @@ EXPORT_SYMBOL_GPL(rcu_callback_map); noinstr int notrace debug_lockdep_rcu_enabled(void) { - return rcu_scheduler_active != RCU_SCHEDULER_INACTIVE && debug_locks && + return rcu_scheduler_active != RCU_SCHEDULER_INACTIVE && READ_ONCE(debug_locks) && current->lockdep_recursion == 0; } EXPORT_SYMBOL_GPL(debug_lockdep_rcu_enabled); -- 2.30.2