Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp935595pxb; Fri, 22 Apr 2022 14:46:17 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyQkSAsgJo9p3P01eWpg1Dt0mzyeKKKwYw1sCDJSTOej/F6bOdtwRdmxXNMYdHdJsIU5cDh X-Received: by 2002:a17:90b:384b:b0:1d2:df41:3213 with SMTP id nl11-20020a17090b384b00b001d2df413213mr18557264pjb.164.1650663977288; Fri, 22 Apr 2022 14:46:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650663977; cv=none; d=google.com; s=arc-20160816; b=RyBCgC/+teuHtGGSSv9EZg1S6oqAk6h1ch7FzxfTYW82LOkSwX6tiU09CEtnAc9ulz guG1Gay9jEEHCLaL2Mb4x5UYnmbH+WOSf28P5YYr7M34C+a8GyF2HHDmci0iyoN/hDaW FxY+CRhl1dXC5lNShs7Chfnp5VaK0pEaa+Ei7t2CoYsY0ScFrVIM+yXmzZen3i9qkvE1 XUlWuy4/7zjBXlZ+jbY1YliPbvYuEvlRsNHREOeih/hJlTnOdxpt0wjr/uNnZSjfrH0t rwh7YThXBoG5GxFsjiLMrC9SfL5Uvsr/ydNe18un+JwNl5s53sU9JFvcQX63paDx1iQE FR9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=ZWymUxmdfVUMI3yqwCTohfwWtEzgJE9q82Iv6yHI3Dk=; b=RdUfvXgxBLDmmJ6REiMIyBqjLdBiTVJFwLaoabEEk01STabDtnq12gBLevy9NdVmwX uDDYnTs7FoXhqBsP7Zj9E6dozu/yE93G867rMveNF4HHgnrx7wGALlS24kXly9f5RZf7 MYTBe7d8m6scnO94crumYJeeiHLx7ye0xWHgzIbH8k/PcNZk2/OXUU3xo+SYls8NEjKa KKd1e6EYpRsZqfd7QzD2QOFvcum5foHn2Bx8/0tfH77+yiZAF51I6miQU2NpLK5ZRDHU kfNL7Qf86wvSYL7NupNeURrVejQdk/LsK1xQ3OzM3bk4ndp7b5WGPHBDP6MKYuqdRXGS Ilag== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=Z3KEFqZX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id oo18-20020a17090b1c9200b001c662a60e37si10472450pjb.37.2022.04.22.14.46.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Apr 2022 14:46:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=Z3KEFqZX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 661CE18C2AD; Fri, 22 Apr 2022 12:54:03 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1446018AbiDVJbE (ORCPT + 99 others); Fri, 22 Apr 2022 05:31:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47772 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1446006AbiDVJbC (ORCPT ); Fri, 22 Apr 2022 05:31:02 -0400 Received: from mail-oa1-x2b.google.com (mail-oa1-x2b.google.com [IPv6:2001:4860:4864:20::2b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1753150E12 for ; Fri, 22 Apr 2022 02:28:10 -0700 (PDT) Received: by mail-oa1-x2b.google.com with SMTP id 586e51a60fabf-e604f712ecso8028483fac.9 for ; Fri, 22 Apr 2022 02:28:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ZWymUxmdfVUMI3yqwCTohfwWtEzgJE9q82Iv6yHI3Dk=; b=Z3KEFqZXjDhSzFP2dp4vJLbJ5J2B3/2UH0LjLlnohDzSOlbVypNZRuHoEuyBuo7Ric NkMQ08JtuwJTSuz9ZnXXmNJouR1ktStfKbPYJ8uZbUGq/+yqUmOGZTE67nooEYVP/1CX HamdqjWG1rMzZ5nADL1zd+D2Bx1JIVrg4v2dIitChi7vmMCmOOdkIj6pWeq9BYd8EPsO KiX3tohQB/H4Y+Jg5qNMLHvcDfWKKiF3AtFCu7ljJth1zVr7XTCtNDpWEOBhbYVZKAX+ 54GwH30dosTpccZ196Xeay9xEHhcY0sExVbcqC1d8Ftx8LUbk6ADNKQpVUYEplsTbdxd O0SA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ZWymUxmdfVUMI3yqwCTohfwWtEzgJE9q82Iv6yHI3Dk=; b=X+SXmKjCJESHPbmno5DxmMkYqCVtsh0b4TNV34LUIRh7wyouhzD5cRbCEovsEf3XLE hIDErG0jVvUB69BXVjBvdvl6JWQRmr15jX+JWgf4DI6u60MecZJ3cOqR+agPKZUVoEsY pZPPzB8a8PnGOfYj2KFP/nr0sOXch6lV/fJsq/vMrKEW8o0w7v/65mEPyytnOmSazisY DZuUCsRnxAznCEgUT5A9dx+Lc1oEt+CzfjI+1shxxTipumSyxRJMYDVf+EDTAgvgMm8/ GDCbLAW2tKJSq5eYw9UFd9SdklM1c6QbxcHKxaVVpVw2nu9D2HcJs6fshFWxeoxLuhG5 VhQw== X-Gm-Message-State: AOAM533B8dLnKPPo2yyL8SB73VidrE0LszPqsoeQr4kHVaVQDd+yS5bg RMKZJncja209gKvpdJmmU64qqd+3EQwZFdqzvJ0+5xZqWkdVEzPd X-Received: by 2002:a05:6870:468b:b0:e6:7f11:523f with SMTP id a11-20020a056870468b00b000e67f11523fmr1478203oap.163.1650619689161; Fri, 22 Apr 2022 02:28:09 -0700 (PDT) MIME-Version: 1.0 References: <20220414025925.2423818-1-qiang1.zhang@intel.com> <20220421150746.627e0f62363485d65c857010@linux-foundation.org> In-Reply-To: <20220421150746.627e0f62363485d65c857010@linux-foundation.org> From: Dmitry Vyukov Date: Fri, 22 Apr 2022 11:27:58 +0200 Message-ID: Subject: Re: [PATCH] kasan: Prevent cpu_quarantine corruption when CPU offline and cache shrink occur at same time To: Andrew Morton Cc: Zqiang , ryabinin.a.a@gmail.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Alexander Potapenko , Andrey Konovalov , kasan-dev Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 22 Apr 2022 at 00:07, Andrew Morton wrote: > > On Thu, 14 Apr 2022 10:59:25 +0800 Zqiang wrote: > > > The kasan_quarantine_remove_cache() is called in kmem_cache_shrink()/ > > destroy(), the kasan_quarantine_remove_cache() call is protected by > > cpuslock in kmem_cache_destroy(), can ensure serialization with > > kasan_cpu_offline(). however the kasan_quarantine_remove_cache() call > > is not protected by cpuslock in kmem_cache_shrink(), when CPU going > > offline and cache shrink occur at same time, the cpu_quarantine may be > > corrupted by interrupt(per_cpu_remove_cache operation). so add > > cpu_quarantine offline flags check in per_cpu_remove_cache(). > > > > ... > > > > Could we please have some reviewer input here? This is very tricky, I think can follow this: Reviewed-by: Dmitry Vyukov If q->offline is set, then kasan_cpu_offline() will or has already removed everything from cpu_quarantine and freed, so we can return early in per_cpu_remove_cache(). If kasan_cpu_offline() hasn't yet removed everything from cpu_quarantine already, it's actually problematic for the kmem_cache_destroy() case. But since both kmem_cache_destroy() and kasan_cpu_offline() are serialized by cpus lock, this case must not happen. > > --- a/mm/kasan/quarantine.c > > +++ b/mm/kasan/quarantine.c > > @@ -330,6 +330,8 @@ static void per_cpu_remove_cache(void *arg) > > struct cpu_shrink_qlist *sq; > > #endif > > q = this_cpu_ptr(&cpu_quarantine); > > + if (READ_ONCE(q->offline)) > > + return; > > #ifndef CONFIG_PREEMPT_RT > > qlist_move_cache(q, &to_free, cache); > > qlist_free_all(&to_free, cache); > > It might be helpful to have a little comment which explains why we're > doing this?