Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp900578rwb; Mon, 26 Sep 2022 07:16:14 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6MhPQBKjUF26qZfdbOX4rwR/nJdAua94xZOqbpgSsInr9tbKZ8JW+NHB0Yg3BufkP5GYYx X-Received: by 2002:a05:6402:5ca:b0:43b:6e01:482c with SMTP id n10-20020a05640205ca00b0043b6e01482cmr23323820edx.189.1664201773953; Mon, 26 Sep 2022 07:16:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664201773; cv=none; d=google.com; s=arc-20160816; b=qvZUGXE3a4wtCy7B5HKmW7wU0fpDXFNaMqX4HdT2oZPRCbljCArG1P9NWu1Cjn8yZI t6nh5rniqVLTy0G455dkrqkEWW1LCKAF0MAg+QifARfpCvK/ydGDWWc6TS3At42vhLJC tpdrywTpCpA3uhTXb98w9JYY0azJPQ9EwSambReg7nwbovvs2wTczRJqtxBVNA8GZIWS zXKxAGP5P8GuBZAML6h84tTSHoN5Tv11+amJpyuNYSGYRUYjKhnud08aTlshp8Nwmp1Q H3h3JoAR23a/CBYC6xXjYvh8y3xOtwfgm7MnLduF51CmQaia1TBtEO/SUOkT9QyHrFgr eoUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=9LAxfnjbvtDohzXHVrGdROKmgZZBGyFgKDgf7cbuypM=; b=JnP0q4q5V267uHqUl4ra5aGifNtdlF0S9KFgKobn0AnQn0KFfr/7NmJZki+yo3/HBi GZMs2ewdq1ao4y1cFkd/v5Y49ihuVxDaNu7LUHK/k2X7Gy1XS/oOuM/8qW3UWTq+h+5j 1YWxkrvdE/rpwKdJ9kgwSF3mOI9Syoo3CLsEEYnTK5mZXJWWzRaEi3IJK2iboqnOIQET yyq4WiBKn8e3gQJJ86lJEe+0iZXvU8xaBHoFWbpEIf4oJU5QGrcfvds7wa+lT4mFim6i 0mVNPMXQd/Epfbleh4tJ5BViiZ8VLp/xWnJktxM1Ly8w0fmGCJ5lIXRpINue8ga/fa0P wzyw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=bV5VMspj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l15-20020a170906794f00b0078346f6a75fsi5429561ejo.709.2022.09.26.07.15.39; Mon, 26 Sep 2022 07:16:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=bV5VMspj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238216AbiIZMBN (ORCPT + 99 others); Mon, 26 Sep 2022 08:01:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57070 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238244AbiIZL5f (ORCPT ); Mon, 26 Sep 2022 07:57:35 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4EB077AC21; Mon, 26 Sep 2022 03:51:52 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C22F960A55; Mon, 26 Sep 2022 10:50:42 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D3CDFC433C1; Mon, 26 Sep 2022 10:50:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1664189442; bh=iBEv28YXbxo+cUe3FhyzyxG21m501nMtoBPjMrC11p8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=bV5VMspjyMZV7ORvbIXWxW/OsOmA/wMZPTCB8pMzwaX0RwitMSblKlj8Uwu7APHcV lRyavYsRKNcHISu2VTv++UJvgvdFXk3MG1XBi9Lv9CpA4e9fMuEviq2LpvE7FfCvwi +YglYeDa2MPloW4tB+3KOFgvXmoxkm31cwyVlHm0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Hillf Danton , Lai Jiangshan , Johannes Berg , Tetsuo Handa , Tejun Heo , Sasha Levin Subject: [PATCH 5.19 189/207] workqueue: dont skip lockdep work dependency in cancel_work_sync() Date: Mon, 26 Sep 2022 12:12:58 +0200 Message-Id: <20220926100815.074288435@linuxfoundation.org> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20220926100806.522017616@linuxfoundation.org> References: <20220926100806.522017616@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Tetsuo Handa [ Upstream commit c0feea594e058223973db94c1c32a830c9807c86 ] Like Hillf Danton mentioned syzbot should have been able to catch cancel_work_sync() in work context by checking lockdep_map in __flush_work() for both flush and cancel. in [1], being unable to report an obvious deadlock scenario shown below is broken. From locking dependency perspective, sync version of cancel request should behave as if flush request, for it waits for completion of work if that work has already started execution. ---------- #include #include static DEFINE_MUTEX(mutex); static void work_fn(struct work_struct *work) { schedule_timeout_uninterruptible(HZ / 5); mutex_lock(&mutex); mutex_unlock(&mutex); } static DECLARE_WORK(work, work_fn); static int __init test_init(void) { schedule_work(&work); schedule_timeout_uninterruptible(HZ / 10); mutex_lock(&mutex); cancel_work_sync(&work); mutex_unlock(&mutex); return -EINVAL; } module_init(test_init); MODULE_LICENSE("GPL"); ---------- The check this patch restores was added by commit 0976dfc1d0cd80a4 ("workqueue: Catch more locking problems with flush_work()"). Then, lockdep's crossrelease feature was added by commit b09be676e0ff25bd ("locking/lockdep: Implement the 'crossrelease' feature"). As a result, this check was once removed by commit fd1a5b04dfb899f8 ("workqueue: Remove now redundant lock acquisitions wrt. workqueue flushes"). But lockdep's crossrelease feature was removed by commit e966eaeeb623f099 ("locking/lockdep: Remove the cross-release locking checks"). At this point, this check should have been restored. Then, commit d6e89786bed977f3 ("workqueue: skip lockdep wq dependency in cancel_work_sync()") introduced a boolean flag in order to distinguish flush_work() and cancel_work_sync(), for checking "struct workqueue_struct" dependency when called from cancel_work_sync() was causing false positives. Then, commit 87915adc3f0acdf0 ("workqueue: re-add lockdep dependencies for flushing") tried to restore "struct work_struct" dependency check, but by error checked this boolean flag. Like an example shown above indicates, "struct work_struct" dependency needs to be checked for both flush_work() and cancel_work_sync(). Link: https://lkml.kernel.org/r/20220504044800.4966-1-hdanton@sina.com [1] Reported-by: Hillf Danton Suggested-by: Lai Jiangshan Fixes: 87915adc3f0acdf0 ("workqueue: re-add lockdep dependencies for flushing") Cc: Johannes Berg Signed-off-by: Tetsuo Handa Signed-off-by: Tejun Heo Signed-off-by: Sasha Levin --- kernel/workqueue.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/kernel/workqueue.c b/kernel/workqueue.c index aa8a82bc6738..fc6e4f252345 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c @@ -3066,10 +3066,8 @@ static bool __flush_work(struct work_struct *work, bool from_cancel) if (WARN_ON(!work->func)) return false; - if (!from_cancel) { - lock_map_acquire(&work->lockdep_map); - lock_map_release(&work->lockdep_map); - } + lock_map_acquire(&work->lockdep_map); + lock_map_release(&work->lockdep_map); if (start_flush_work(work, &barr, from_cancel)) { wait_for_completion(&barr.done); -- 2.35.1