Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp791942pxb; Fri, 15 Apr 2022 11:22:57 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz5sIGg6yHztKVvJhqAuPf+CMwhlrL+xh1l3GrB2myRZmMXaZiCSHrUmhQT2NU5bBe74q4S X-Received: by 2002:a05:6402:254d:b0:41f:7a15:a5ad with SMTP id l13-20020a056402254d00b0041f7a15a5admr485282edb.260.1650046976768; Fri, 15 Apr 2022 11:22:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650046976; cv=none; d=google.com; s=arc-20160816; b=Cit1Hl1x5JP0MLoUDYlbcRmyUGWhyUUWMXvXJHgkOh5CeDLMdQ6Mji79zGOFoXLNly LhcC9avFAuS+T+6AeOyaiasJqAL6627Vp1LRp2w+TJ1V4EQGdoJGz0g4cu6zU12JD6D+ d44q7hhrrae9UNgDOGf946eKWAolFeNzzQdMIqhsnTaq7bSqQb22MyMloVZFb8h22AhJ 7638tpdh4pal0ZIROCktwSBEdAx9MxxveCo/6Mg12DmEy4I6UJkCC4veYx5q7oubGVaV z/0BrE0VQtiu3gRpUSdrw5329oNsmX+JarDQuhxQ3VXh3lo21jETnGV2nAXfFd4xReEV QpHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=d38j63s4NKVUGbWFU/XMKARqUYJTDW2iz9cTRfiEGlo=; b=bJXfjzkW0NU9SJMxGRRWeORoJEjgbrQqeKkJqkF0azTBbQyizZ1uskFbPgaIeQUygd Jobl7Lz9LG+OF+uDg9DdyEpa63pzCWwgcPTfic2/DfMYSkvdN6c8wyuu5lK8l1Ph1w9R Nw0be+wSBeP1ZJEhzKs24t4+aTcv50mhXiVlnYX4pH7RtGpNM1uQiKHvIG7SqshSDsVl zpCQWNBbWp3yeee2kNTrSwGro16sIhDk+EFi8X/LP39GlPfJfeeG3G4DWb8827ouwU2D Ql2vIkw1EPqrlaGQgRn2pnEyzdT+u08gAtqLK6cQYA3iNV5CiTkNyR5QsLqg6M3b7C3E +85Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcdkim header.b=o5yEG0Ux; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r17-20020a1709060d5100b006e89c67c9d2si1373338ejh.870.2022.04.15.11.22.30; Fri, 15 Apr 2022 11:22:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcdkim header.b=o5yEG0Ux; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242639AbiDNLXd (ORCPT + 99 others); Thu, 14 Apr 2022 07:23:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32810 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242635AbiDNLX2 (ORCPT ); Thu, 14 Apr 2022 07:23:28 -0400 Received: from alexa-out-sd-02.qualcomm.com (alexa-out-sd-02.qualcomm.com [199.106.114.39]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E833F286D0 for ; Thu, 14 Apr 2022 04:21:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; i=@quicinc.com; q=dns/txt; s=qcdkim; t=1649935263; x=1681471263; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=d38j63s4NKVUGbWFU/XMKARqUYJTDW2iz9cTRfiEGlo=; b=o5yEG0UxY0J5SIOZYKFI7/Zy08HoyUK4rG2Z2nfCZXCMDaiv9Pz8Ckml b/Eo1ywNPNK/MWrrknI614rQj/q9MkKKPSHl0BKsoGXJOgAuFEJcHQZ7k lqAOuRfSXzqV036sZ3Osho40ioPSrULgcFKlQ9I5Z+2vtREhurM9KekIp k=; Received: from unknown (HELO ironmsg04-sd.qualcomm.com) ([10.53.140.144]) by alexa-out-sd-02.qualcomm.com with ESMTP; 14 Apr 2022 04:21:03 -0700 X-QCInternal: smtphost Received: from nasanex01c.na.qualcomm.com ([10.47.97.222]) by ironmsg04-sd.qualcomm.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Apr 2022 04:21:02 -0700 Received: from hu-mojha-hyd.qualcomm.com (10.80.80.8) by nasanex01c.na.qualcomm.com (10.47.97.222) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22; Thu, 14 Apr 2022 04:20:59 -0700 Date: Thu, 14 Apr 2022 16:50:55 +0530 From: Mukesh Ojha To: Thomas Gleixner CC: , , , , Subject: Re: Possible race in dev_coredumpm()-del_timer() path Message-ID: <20220414112055.GA14124@hu-mojha-hyd.qualcomm.com> References: <2e1f81e2-428c-f11f-ce92-eb11048cb271@quicinc.com> <20220413101639.GA24349@hu-mojha-hyd.qualcomm.com> <87pmlkdk6i.ffs@tglx> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: <87pmlkdk6i.ffs@tglx> User-Agent: Mutt/1.5.24 (2015-08-30) X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01b.na.qualcomm.com (10.46.141.250) To nasanex01c.na.qualcomm.com (10.47.97.222) X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Apr 14, 2022 at 12:38:13PM +0200, Thomas Gleixner wrote: > On Wed, Apr 13 2022 at 12:58, Greg KH wrote: > > On Wed, Apr 13, 2022 at 03:46:39PM +0530, Mukesh Ojha wrote: > >> p1 p2(X) > >> > >> dev_coredump() uevent sent to userspace > >> device_add() =========================> userspace process X reads the uevents > >> writes to devcd fd which > >> results into writes to > >> > >> devcd_data_write() > >> mod_delayed_work() > >> try_to_grab_pending() > >> del_timer() > >> debug_assert_init() > >> INIT_DELAYED_WORK > >> schedule_delayed_work > >> debug_object_fixup() > > > > Why do you have object debugging enabled? That's going to take a LONG > > time, and will find bugs in your code. Perhaps like this one? > > It's not finding bugs in his code. It finds bug in the upstream > dev_coredump code. > > > And if you turn object debugging off, what happens? > > The debugobject splat goes away, but the problem persists. > > device_add() -> uevent > > Preemption or concurrency: > > devcd_data_write() > mod_delayed_work(..., w, 0); <- Uninitialized. > > The dev_coredump code exposes the device before it is fully initialized > and a write ending up in devcd_data_write() touches uninitialized work. > > It does not help to move the initialization before device_add() as that > creates another problem: > > INIT_DELAYED_WORK(w) > ... > device_add() -> uevent > > Preemption or concurrency: > > devcd_data_write() > mod_delayed_work(..., w, 0); <- Schedules work immediately > > work_queue_runs() > devcd_del(w) > device_del() > put_device() <- Drops the last reference > > initialization continues... > > So, yes this needs serialization of some sort. Hi Thomas, Thanks for understanding the problem. Can the patch mentioned at below link helps with the first problem ? https://lore.kernel.org/lkml/57a04278-0a60-cc7d-7ce8-a75c2befd568@quicinc.com/ > > Same problem vs. disabled_store(). you mean, while userspace is reading the data and suddenly disable_store() done from sysfs. -Mukesh > > Thanks, > > tglx