Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp1715354pxb; Mon, 11 Oct 2021 11:29:03 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx4DQFGiw+D4gtpr6xr3ef4yw6/YLh8Wkeu+LC3O142W5SMg3YOTslr/dqPtwL5iAwcTqK4 X-Received: by 2002:a17:90b:4a07:: with SMTP id kk7mr638234pjb.37.1633976942899; Mon, 11 Oct 2021 11:29:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1633976942; cv=none; d=google.com; s=arc-20160816; b=n3LjZpPYuNGpJVH5drTQWleuFpQpWKHclIjSgeWrBpyIcV1c9VRKZ9+jJngQKBvPtt mXBSfbEjb1q5zP5f1L+v1FSKjyPlGIsuqNBLYX6rG70iGJgwfQe2XS6C/7jJiFAJOPng 7Gq4dzllXQ23FtOlezu791j3BBQKJbAKPcxnqWJK9x6U5JEmQCGDJQYgcxcb7BUc9fbx a1yPXnxApjJlusWCpIwPrzBItsaefwCIRlrHISFrTOcozerIzbp9RCUnQDLrVkpJ6WqE /x2CCD3roiCOKqg7zIbx5GqI6bo/wTy7Z4Ddl7Y5mPhl38e2LTHSRM3u2FKaq37TpzKJ us5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=gq44BE6cR8pVsQLnKSit7diJ5idp1S8o+4+dKV9Zh/s=; b=cH/F5GKkW6f1Ws+ODlD3wqu7fqwaB3HVgTdB8kCK1rnVFdpAYT5rq1/Tb0djnL6y0O VIn24eiPDLbKhVa04ky2hAf8Ep+lCBetXzdgB4/MpuKY4j37FhFEbdQOCidOqwkIqDNt 86wVG4j6Zgk5a4sfmLptrrZjCoMeQIEYAe4f8WRgLTcepdaTWge2xMwzbDhxBYbKuR4k rCY9MdxiStfc92NxsTtIrwB3jH+0XAvLgPa7Ua8KsSwBuwAb4C//DGRVFTl/wRsLmwdQ 0esQjm+VHHzcLk1bDN9/XzhKBsmC/gKLXJ17Baqy5lS7e8ld0fXEMWTuYDTY6HIBSqxq oRlA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@infradead.org header.s=bombadil.20210309 header.b=e9KiY20K; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c9si11429019pgl.600.2021.10.11.11.28.49; Mon, 11 Oct 2021 11:29:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=bombadil.20210309 header.b=e9KiY20K; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234438AbhJKS3j (ORCPT + 99 others); Mon, 11 Oct 2021 14:29:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43682 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229565AbhJKS3i (ORCPT ); Mon, 11 Oct 2021 14:29:38 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 932E2C061570; Mon, 11 Oct 2021 11:27:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:In-Reply-To:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=gq44BE6cR8pVsQLnKSit7diJ5idp1S8o+4+dKV9Zh/s=; b=e9KiY20KcjCMS22qGi2zZlb1EG Dl56WOahyftO7bGTf2DDoGk/kUjhFK2UqbJXCMlN672P3XgjbJkTch95a6eBw8mBFRbT//XBq04Rz 3/mq7wg+74fhnzqHN9OJWQkPAqltlnADqdbpm4U/fbPQp4+9DmuIaILAPTMu/LYoudvrOY58ywyCY nxrgAERN1iINi6ljEbIajEY7waqReRQi1uSMaN4gE+n4i1z6rYTjusE58/NDpQVFAhs78h6RY1YYd cXsJ9I+RTyzrjbVIKzjYK0M8p9uR58sgxH8IkeOTzY2QRHxOCvbWVE3e9eB9z/9Z1cKNJQL182oYN p8SilPmA==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.94.2 #2 (Red Hat Linux)) id 1ma01K-00ANdv-Mf; Mon, 11 Oct 2021 18:27:30 +0000 Date: Mon, 11 Oct 2021 11:27:30 -0700 From: Luis Chamberlain To: Kees Cook , akpm@linux-foundation.org Cc: tj@kernel.org, gregkh@linuxfoundation.org, minchan@kernel.org, jeyu@kernel.org, shuah@kernel.org, bvanassche@acm.org, dan.j.williams@intel.com, joe@perches.com, tglx@linutronix.de, rostedt@goodmis.org, linux-spdx@vger.kernel.org, linux-doc@vger.kernel.org, linux-block@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v8 11/12] zram: fix crashes with cpu hotplug multistate Message-ID: References: <20210927163805.808907-1-mcgrof@kernel.org> <20210927163805.808907-12-mcgrof@kernel.org> <202110051354.294E28AC87@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <202110051354.294E28AC87@keescook> Sender: Luis Chamberlain Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Oct 05, 2021 at 01:55:35PM -0700, Kees Cook wrote: > On Mon, Sep 27, 2021 at 09:38:04AM -0700, Luis Chamberlain wrote: > > Provide a simple state machine to fix races with driver exit where we > > remove the CPU multistate callbacks and re-initialization / creation of > > new per CPU instances which should be managed by these callbacks. > > > > The zram driver makes use of cpu hotplug multistate support, whereby it > > associates a struct zcomp per CPU. Each struct zcomp represents a > > compression algorithm in charge of managing compression streams per > > CPU. Although a compiled zram driver only supports a fixed set of > > compression algorithms, each zram device gets a struct zcomp allocated > > per CPU. The "multi" in CPU hotplug multstate refers to these per > > cpu struct zcomp instances. Each of these will have the CPU hotplug > > callback called for it on CPU plug / unplug. The kernel's CPU hotplug > > multistate keeps a linked list of these different structures so that > > it will iterate over them on CPU transitions. > > > > By default at driver initialization we will create just one zram device > > (num_devices=1) and a zcomp structure then set for the now default > > lzo-rle comrpession algorithm. At driver removal we first remove each > > zram device, and so we destroy the associated struct zcomp per CPU. But > > since we expose sysfs attributes to create new devices or reset / > > initialize existing zram devices, we can easily end up re-initializing > > a struct zcomp for a zram device before the exit routine of the module > > removes the cpu hotplug callback. When this happens the kernel's CPU > > hotplug will detect that at least one instance (struct zcomp for us) > > exists. This can happen in the following situation: > > > > CPU 1 CPU 2 > > > > disksize_store(...); > > class_unregister(...); > > idr_for_each(...); > > zram_debugfs_destroy(); > > > > idr_destroy(...); > > unregister_blkdev(...); > > cpuhp_remove_multi_state(...); > > So this is strictly separate from the sysfs/module unloading race? It is only related in the sense that the sysfs/module unloading race happened *after* this other issue, but addressing these through separate threads created a break in conversation and focus. For instance, a theoretical race was mentioned in one thread, which I worked to prove/disprove and then I disproved it was not possible. But at this point, yes, this is a purely separate issue, and this patch *should* be picked up already. Andrew, can you merge this? It already has the respective maintainer Ack, and I can continue to work on the rest of the patches. The only issue I can think of would be a conflict with the last patch but that's a oneliner, I think chances are low that would create a conflict if its all merged separately, and if so, it should be an easy fix for a merge conflict. Luis