Received: by 2002:a05:6358:7058:b0:131:369:b2a3 with SMTP id 24csp5912490rwp; Mon, 17 Jul 2023 11:24:38 -0700 (PDT) X-Google-Smtp-Source: APBJJlHesPgKB6td+SNgZbe1l0FGfDdjEISk9K/sI6uTNCnqq5M5jkzqVyNjAxcgHdm3hVpEcbTe X-Received: by 2002:a17:906:b7d5:b0:992:c774:9415 with SMTP id fy21-20020a170906b7d500b00992c7749415mr11068807ejb.63.1689618278530; Mon, 17 Jul 2023 11:24:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689618278; cv=none; d=google.com; s=arc-20160816; b=iO20hCoxGYHBVc7e2dvWekboVriixdeZbqOdqB5yA1jSV850iolUlW5RQarKlF0ovf E8AX67vt+DiPBrbdmemimK+0IOGA/TJz3Y0w4SwHmCez6jVYouCsb7LDXFa5gRVabBlQ reF4hkCjgiq5hkSQj+ma5lm0xa2J6qFOJ3EravsJ6zDoC3+Ikvxnk4jzSuhkjxYocNGu mjFeuhHe2uc4PS5gtVPIdXeT74zE42+tRK49UdIl767h4PToAYleXDooxEMs52agIv9l i/vI+ZAAGGmUes7Wd3ou9dwxSGXVOg1cbYvFsaeng+U1b73zlsx0waEYHM677GRl/Ixj JzBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=y3jbrfNws6m5mNhXwAyOZRbAc+P77yZYZmzy6Qpb6P0=; fh=WOvAXwpzahu/7v2HdxzTCGGReKZNMhC/GfM9rfV6tts=; b=OY8PRbStIiw+t7DLCcxwXNyUE4izO+Wjjf+F83pqoFXrg1NtEVsfwbjjE7Jf/9m5XT enbzbFVnBeSq/svvEP8zDlqb3iLXv5mWije+tfGon4qyuygiG2o3SnNTkFsFjx/UKk+4 Pe/40lDYCKNx7ojp6eWY+i29z25LY+cO+Gs32pwIWzK45riwScJ7RGd5RvMW2kuN0Di2 rHbGUocstoD7fMn5mQwomyxCYC+OcnluTr4fs5txMY/Fx97bDrTkavGem66Yi0DTCVKd c2sP1G91UqiclxvqtoLyEMgLAuFmewmtDpGLyhkSFeaiKtieP8W/sZm/u5BJ1skkwPmM gpsQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=h5HjUxes; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id qc12-20020a170906d8ac00b0098e1263aadbsi23633ejb.100.2023.07.17.11.24.13; Mon, 17 Jul 2023 11:24:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=h5HjUxes; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230306AbjGQSKO (ORCPT + 99 others); Mon, 17 Jul 2023 14:10:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40778 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230172AbjGQSKK (ORCPT ); Mon, 17 Jul 2023 14:10:10 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 42E53E4C; Mon, 17 Jul 2023 11:10:09 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id CCA20611D6; Mon, 17 Jul 2023 18:10:08 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 35B81C433C7; Mon, 17 Jul 2023 18:10:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689617408; bh=Tn6tTasSlGqo3gwhYaxuUliXOXbDqye5oZ+0i/Onq8A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=h5HjUxes+ELBhNY0CMUKHpmZtNKWy0IYcEVAdrokfmWslGHMxtdKgqIOcb/q2lRFg 2hx9yHERoORe95PQPCbtvkbQUEAOWxIPjv5tTlO2aW0hwiAxYRei9UCe/ke+jGVX7O nLQvqQyBxCxngOTfdOLkwDbhstXvuAB+kfpptmonqe2184Y7OuxDSv3FVDmCiPJGPN 56NPOIHyq/POMJtcuSmNP6ylywiHDqo+1GhWIYMrNFYuBLKc23OromzT2quoyHl9A3 lOKWBvNm2om4OUmfWcyjaH6yG/d/zZeZ2+QhQGYX2QL2Yt7TFPrhD0KpLQwGkgUw0O hZpt4Y9bVzubQ== Received: by paulmck-ThinkPad-P17-Gen-1.home (Postfix, from userid 1000) id D2181CE04CD; Mon, 17 Jul 2023 11:10:07 -0700 (PDT) From: "Paul E. McKenney" To: rcu@vger.kernel.org Cc: linux-kernel@vger.kernel.org, kernel-team@meta.com, rostedt@goodmis.org, Waiman Long , Qiuxu Zhuo , Davidlohr Bueso , Joel Fernandes , "Paul E . McKenney" Subject: [PATCH rcu 2/3] refscale: Fix uninitalized use of wait_queue_head_t Date: Mon, 17 Jul 2023 11:10:05 -0700 Message-Id: <20230717181006.1097957-2-paulmck@kernel.org> X-Mailer: git-send-email 2.40.1 In-Reply-To: <2c4aea8b-6f82-45ab-988e-a6bb19129808@paulmck-laptop> References: <2c4aea8b-6f82-45ab-988e-a6bb19129808@paulmck-laptop> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Waiman Long Running the refscale test occasionally crashes the kernel with the following error: [ 8569.952896] BUG: unable to handle page fault for address: ffffffffffffffe8 [ 8569.952900] #PF: supervisor read access in kernel mode [ 8569.952902] #PF: error_code(0x0000) - not-present page [ 8569.952904] PGD c4b048067 P4D c4b049067 PUD c4b04b067 PMD 0 [ 8569.952910] Oops: 0000 [#1] PREEMPT_RT SMP NOPTI [ 8569.952916] Hardware name: Dell Inc. PowerEdge R750/0WMWCR, BIOS 1.2.4 05/28/2021 [ 8569.952917] RIP: 0010:prepare_to_wait_event+0x101/0x190 : [ 8569.952940] Call Trace: [ 8569.952941] [ 8569.952944] ref_scale_reader+0x380/0x4a0 [refscale] [ 8569.952959] kthread+0x10e/0x130 [ 8569.952966] ret_from_fork+0x1f/0x30 [ 8569.952973] The likely cause is that init_waitqueue_head() is called after the call to the torture_create_kthread() function that creates the ref_scale_reader kthread. Although this init_waitqueue_head() call will very likely complete before this kthread is created and starts running, it is possible that the calling kthread will be delayed between the calls to torture_create_kthread() and init_waitqueue_head(). In this case, the new kthread will use the waitqueue head before it is properly initialized, which is not good for the kernel's health and well-being. The above crash happened here: static inline void __add_wait_queue(...) { : if (!(wq->flags & WQ_FLAG_PRIORITY)) <=== Crash here The offset of flags from list_head entry in wait_queue_entry is -0x18. If reader_tasks[i].wq.head.next is NULL as allocated reader_task structure is zero initialized, the instruction will try to access address 0xffffffffffffffe8, which is exactly the fault address listed above. This commit therefore invokes init_waitqueue_head() before creating the kthread. Fixes: 653ed64b01dc ("refperf: Add a test to measure performance of read-side synchronization") Signed-off-by: Waiman Long Reviewed-by: Qiuxu Zhuo Reviewed-by: Davidlohr Bueso Acked-by: Joel Fernandes (Google) Signed-off-by: Paul E. McKenney --- kernel/rcu/refscale.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/kernel/rcu/refscale.c b/kernel/rcu/refscale.c index 1970ce5f22d4..71d138573856 100644 --- a/kernel/rcu/refscale.c +++ b/kernel/rcu/refscale.c @@ -1107,12 +1107,11 @@ ref_scale_init(void) VERBOSE_SCALEOUT("Starting %d reader threads", nreaders); for (i = 0; i < nreaders; i++) { + init_waitqueue_head(&reader_tasks[i].wq); firsterr = torture_create_kthread(ref_scale_reader, (void *)i, reader_tasks[i].task); if (torture_init_error(firsterr)) goto unwind; - - init_waitqueue_head(&(reader_tasks[i].wq)); } // Main Task -- 2.40.1