Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1332513rwb; Thu, 15 Dec 2022 08:53:56 -0800 (PST) X-Google-Smtp-Source: AA0mqf4i/07jLexqTn6Xz0I91zpWDELPVZrUc0awc+PGudj13T68ahFzmwhGWTYvo8o9VFkQqxJb X-Received: by 2002:a17:906:2898:b0:7ad:a350:7fd9 with SMTP id o24-20020a170906289800b007ada3507fd9mr24570203ejd.52.1671123236072; Thu, 15 Dec 2022 08:53:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1671123236; cv=none; d=google.com; s=arc-20160816; b=Sxk+J/Oaw+iRbuPO2PjMDTRYiW6eLUMd069E9TDkfBYDBHepjLDoeBCesAHt+Vu5Z2 oa8IuetrgXd1bcMDmcEGQ4FBQw5TCXqMleYXXdqKEiMTa9rCtE3Lq5gQj9TprPC16G23 C16egDKe+xIvCH+ls3eDGWggsI1Bp2qa/3PrCoMpp7n+WnCD/ht0k6pLlAr3fG3wykrk jB/XxXtRRQA+UXr3aoDv2K8g8kvZaybyVJdO4a9MVkDj6W42HTAvIsFYx7M6wTOWE2S9 coBBWIUGYtoNowT1cDF7pzR4N/OfGFEUxkiijw2R+Q1Df2Nvbf+1SQHjxrmhso+EPH6C b9dA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:cc:to:from :subject:organization:dkim-signature; bh=DF86rSgR/dRc7PKGJd14IVV3jKd8aO5w6wnfL8h5Kog=; b=tPHkPK9IyBINHwWGNVtY3hklcaGs5Lq+LWCZS10M3kF7mqBTAo8GE+frc4glwbktdX gad/tZGiC9g/0HxaonlBe3QolK2oeVKuah+0xIcTpVI86H16+iYWtyyPHJCfVIevjH/L b/dDC6BzeyxKhnLfyRe3WNrBOuWp//GOG4FCw7FGsclfrntgAbzSeN4l2wO86dppB6tA CTj9SruchLrVB5oqDt8QFwPSh7EhXdoHUnsWe/gNfT1M1asYCb2zLi8JBcyg4QfPRKs2 Vo5QR8SXCbm5BFPSj7cOFv2+xc6iDfA64sYI0SpVMZbRVk82hBfr36NVAT5i89IK6yry DWdQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=hD0arG8n; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id nc8-20020a1709071c0800b007c177f0064dsi10197049ejc.972.2022.12.15.08.53.40; Thu, 15 Dec 2022 08:53:56 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=hD0arG8n; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230174AbiLOQWX (ORCPT + 68 others); Thu, 15 Dec 2022 11:22:23 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49034 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230134AbiLOQVc (ORCPT ); Thu, 15 Dec 2022 11:21:32 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0E7081901F for ; Thu, 15 Dec 2022 08:20:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1671121245; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=DF86rSgR/dRc7PKGJd14IVV3jKd8aO5w6wnfL8h5Kog=; b=hD0arG8ng6cJKICl+MmTuNcop/FC02sbQR3Svtr1Sq3PmLS2eoyOYzIunbN6rjNXb/x+Vs 4AH0kTyVcupUInLWLbFEjIRuJWFO4YcOpuN/1gn3217bD0j3Qb9+iSQgpS4MU4JNA4dYrF DIu5Rq8gGd9ZE/PdMZDnR2xsSC/LF4w= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-30-wAYdqCbsMmOh9WEy3iHy5A-1; Thu, 15 Dec 2022 11:20:42 -0500 X-MC-Unique: wAYdqCbsMmOh9WEy3iHy5A-1 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id AF91318A6484; Thu, 15 Dec 2022 16:20:41 +0000 (UTC) Received: from warthog.procyon.org.uk (unknown [10.33.36.96]) by smtp.corp.redhat.com (Postfix) with ESMTP id 10D7A400F58; Thu, 15 Dec 2022 16:20:40 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH net 7/9] rxrpc: Fix I/O thread stop From: David Howells To: netdev@vger.kernel.org Cc: Marc Dionne , linux-afs@lists.infradead.org, dhowells@redhat.com, linux-afs@lists.infradead.org, linux-kernel@vger.kernel.org Date: Thu, 15 Dec 2022 16:20:38 +0000 Message-ID: <167112123846.152641.13678238089457654453.stgit@warthog.procyon.org.uk> In-Reply-To: <167112117887.152641.6194213035340041732.stgit@warthog.procyon.org.uk> References: <167112117887.152641.6194213035340041732.stgit@warthog.procyon.org.uk> User-Agent: StGit/1.5 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The rxrpc I/O thread checks to see if there's any work it needs to do, and if not, checks kthread_should_stop() before scheduling, and if it should stop, breaks out of the loop and tries to clean up and exit. This can, however, race with socket destruction, wherein outstanding calls are aborted and released from the socket and then the socket unuses the local endpoint, causing kthread_stop() to be issued. The abort is deferred to the I/O thread and the event can by issued between the I/O thread checking if there's any work to be done (such as processing call aborts) and the stop being seen. This results in the I/O thread stopping processing of events whilst call cleanup events are still outstanding, leading to connections or other objects still being around and uncleaned up, which can result in assertions being triggered, e.g.: rxrpc: AF_RXRPC: Leaked client conn 00000000e8009865 {2} ------------[ cut here ]------------ kernel BUG at net/rxrpc/conn_client.c:64! Fix this by retrieving the kthread_should_stop() indication, then checking to see if there's more work to do, and going back round the loop if there is, and breaking out of the loop only if there wasn't. This was triggered by a syzbot test that produced some other symptom[1]. Fixes: a275da62e8c1 ("rxrpc: Create a per-local endpoint receive queue and I/O thread") Signed-off-by: David Howells cc: Marc Dionne cc: linux-afs@lists.infradead.org Link: https://lore.kernel.org/r/0000000000002b4a9f05ef2b616f@google.com/ [1] --- net/rxrpc/io_thread.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/rxrpc/io_thread.c b/net/rxrpc/io_thread.c index e460e4151c16..e6b9f0ceae17 100644 --- a/net/rxrpc/io_thread.c +++ b/net/rxrpc/io_thread.c @@ -425,6 +425,7 @@ int rxrpc_io_thread(void *data) struct rxrpc_local *local = data; struct rxrpc_call *call; struct sk_buff *skb; + bool should_stop; complete(&local->io_thread_ready); @@ -478,13 +479,14 @@ int rxrpc_io_thread(void *data) } set_current_state(TASK_INTERRUPTIBLE); + should_stop = kthread_should_stop(); if (!skb_queue_empty(&local->rx_queue) || !list_empty(&local->call_attend_q)) { __set_current_state(TASK_RUNNING); continue; } - if (kthread_should_stop()) + if (should_stop) break; schedule(); }