Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp32290184rwd; Fri, 7 Jul 2023 11:23:45 -0700 (PDT) X-Google-Smtp-Source: APBJJlEO4qnCJmbVsNm5i9FeeZeImiFIugqMsc5JiuNeKZv2ql2i5f0+uJ37Xw5iJ6Qwbe5AhaOj X-Received: by 2002:a17:906:b52:b0:98d:1f6a:fd47 with SMTP id v18-20020a1709060b5200b0098d1f6afd47mr4246714ejg.76.1688754225710; Fri, 07 Jul 2023 11:23:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688754225; cv=none; d=google.com; s=arc-20160816; b=yOCc42xA4zfWtbdZYoqDTTrN6bpyX9q5OukNWIUXwkI6hNSkLB2wWGX9gVOZFNUghg X8lQFjRNm/Y5EZooLpvtCeXKBavd7sZSIvYA4decPIpMkesa10knxQFb/Ym+TLS0ImbI LY2IEZbIPjQmHW3gu8HiZesRtiocjt0lY42BENaV8BJPNhq4ERB7ofkI/JnJaoMngQcl 4euoXdsw22OAdX0zhbqps5KglbcSKcRlVOB6bhdMFPRl98xKjG22vQVgOgfIGLNQVVX4 wyrtV2/W+mVVp6TVxXwLXe39rv+xshU4rIiNAYxvrZkw9OJGkHINq9VmW/pz+MH65A7M LYRg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=f9rh0YOBvUkURfw2yRRmYIyhoJjs2mVb9xvsLnJrw2g=; fh=7ltggNYANUkQpQfUc6wWv37sR0VMLL527YI9N06V8kw=; b=zOxsB9PuN3KDFsNWEDj3Pq/3GWqqutWnRbOpapHyX++tPZEW+8hxHV72sax8TPTLre N+eABNcsi0XZI6T4DUoNzFn9hobIDqY3ndF4/yjk5Xjrky0aJTuQaJLAoFB+/5PwblFo Ve0bkbHYXf7+iHj3FIQJwL2WXmbJ/3cPHtUfqE8s0GblOygOmULzm7ab/wi+076TdCpc GKiAuxskScJiHsfGJTwunMYf015iXeozLxvqDR2RaG4p8z0rCqljkWnHU4W8ALDnmKan mk2wWhP+hlZ3TWIAXx+K4Rx/VuMMlw6A2aFrdPmhixWot5KDKCFcmBLay9xRLGxj9D4I PRsw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=F5o+5eeh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id lr24-20020a170906fb9800b00993d5cdf483si846420ejb.807.2023.07.07.11.23.19; Fri, 07 Jul 2023 11:23:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=F5o+5eeh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230036AbjGGRzM (ORCPT + 99 others); Fri, 7 Jul 2023 13:55:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56704 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229460AbjGGRzL (ORCPT ); Fri, 7 Jul 2023 13:55:11 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A6CC1AF for ; Fri, 7 Jul 2023 10:54:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1688752464; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=f9rh0YOBvUkURfw2yRRmYIyhoJjs2mVb9xvsLnJrw2g=; b=F5o+5eehKKtHoJSJH5sIC7d69ZlEY2zv47SJKn/oCbggmHwHbq4CtfQZxLZSfPXUzCESEG w1SK+5ZWRIKzaDgXXKx2xZWOFEijLaq6IWNJC1G82LKDULBzbwkXFnDroJ5kj96S8TeB0O 32NAeLu9bH8EVdJ+/mP7HnYAZkQp5Pc= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-361-TkcTCsjGPUKboqSdKhNJpg-1; Fri, 07 Jul 2023 13:54:19 -0400 X-MC-Unique: TkcTCsjGPUKboqSdKhNJpg-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id EF93188D540; Fri, 7 Jul 2023 17:54:18 +0000 (UTC) Received: from llong.com (unknown [10.22.34.12]) by smtp.corp.redhat.com (Postfix) with ESMTP id 18B9E1121330; Fri, 7 Jul 2023 17:54:18 +0000 (UTC) From: Waiman Long To: "Paul E. McKenney" , Davidlohr Bueso , Josh Triplett , Frederic Weisbecker , Neeraj Upadhyay , Joel Fernandes , Steven Rostedt , Mathieu Desnoyers , Lai Jiangshan , Boqun Feng , Zqiang Cc: rcu@vger.kernel.org, linux-kernel@vger.kernel.org, Qiuxu Zhuo , Waiman Long Subject: [PATCH v2] refscale: Fix use of uninitalized wait_queue_head_t Date: Fri, 7 Jul 2023 13:53:55 -0400 Message-Id: <20230707175355.2442933-1-longman@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org It was found that running the refscale test might crash the kernel once in a while with the following error: [ 8569.952896] BUG: unable to handle page fault for address: ffffffffffffffe8 [ 8569.952900] #PF: supervisor read access in kernel mode [ 8569.952902] #PF: error_code(0x0000) - not-present page [ 8569.952904] PGD c4b048067 P4D c4b049067 PUD c4b04b067 PMD 0 [ 8569.952910] Oops: 0000 [#1] PREEMPT_RT SMP NOPTI [ 8569.952916] Hardware name: Dell Inc. PowerEdge R750/0WMWCR, BIOS 1.2.4 05/28/2021 [ 8569.952917] RIP: 0010:prepare_to_wait_event+0x101/0x190 : [ 8569.952940] Call Trace: [ 8569.952941] [ 8569.952944] ref_scale_reader+0x380/0x4a0 [refscale] [ 8569.952959] kthread+0x10e/0x130 [ 8569.952966] ret_from_fork+0x1f/0x30 [ 8569.952973] This is likely caused by the fact that init_waitqueue_head() is called after the ref_scale_reader kthread is created. The kthread can potentially try to use the waitqueue head before it is properly initialized. The crash happened at static inline void __add_wait_queue(...) { : if (!(wq->flags & WQ_FLAG_PRIORITY)) <=== Crash here The offset of flags from list_head entry in wait_queue_entry is -0x18. If reader_tasks[i].wq.head.next is NULL as allocated reader_task structure is zero initialized, the instruction will try to access address 0xffffffffffffffe8 which is the fault address listed above. Fix this by initializing the waitqueue head first before kthread creation. Fixes: 653ed64b01dc ("refperf: Add a test to measure performance of read-side synchronization") Signed-off-by: Waiman Long Reviewed-by: Qiuxu Zhuo Reviewed-by: Davidlohr Bueso --- kernel/rcu/refscale.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/kernel/rcu/refscale.c b/kernel/rcu/refscale.c index 1970ce5f22d4..71d138573856 100644 --- a/kernel/rcu/refscale.c +++ b/kernel/rcu/refscale.c @@ -1107,12 +1107,11 @@ ref_scale_init(void) VERBOSE_SCALEOUT("Starting %d reader threads", nreaders); for (i = 0; i < nreaders; i++) { + init_waitqueue_head(&reader_tasks[i].wq); firsterr = torture_create_kthread(ref_scale_reader, (void *)i, reader_tasks[i].task); if (torture_init_error(firsterr)) goto unwind; - - init_waitqueue_head(&(reader_tasks[i].wq)); } // Main Task -- 2.31.1