Received: by 2002:a05:7412:251c:b0:e2:908c:2ebd with SMTP id w28csp1327505rda; Mon, 23 Oct 2023 09:11:52 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGcSAyUMHssnEFiEGHHq1nLDvlffh/X5TTHPltmaNFWHI5wL0DV41flvIjYrLw6F/qdXE8U X-Received: by 2002:a92:c248:0:b0:357:7cba:703d with SMTP id k8-20020a92c248000000b003577cba703dmr13121024ilo.3.1698077511936; Mon, 23 Oct 2023 09:11:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698077511; cv=none; d=google.com; s=arc-20160816; b=lTCJvCpHiW5dfMrUI9Q7HpPZc96VK5e9geBv82jgy9wlE3CIXtyljdF3/T6UEpP/DX C3GRa/bOo99Y8e46M86ilU+7nDLKnRyITqaidyDMyAQH5jtxMYWXyck20WoZyghYLMCD ziWeeS99Y65FrkUMUJ3z0zvY87meNG/HfQqoeRao8tldcukcsfsVW9Ncd8hRO+upper0 ABDrgaKtkJLV5sLtBhyB0rfQJuWsQw3wcCVCNRZ507P5UEW++a7wbHJZYX6xlNOUjKDn tbOdmXg9cgU30acn68AXoaOemnF9rIZabvxserpTStOTZQ/NBppLuGgvD7Q3c8IXQFmE TWWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:date:references :in-reply-to:subject:cc:to:dkim-signature:dkim-signature:from; bh=bO2BXye1lMp4h+BXWFd2ZCWFmLCstWT9fiAOX+cFNvc=; fh=3Yjrwp2Of1nyW23EE3n7XdEkuNqvWFgzokmT2AyVcpE=; b=0TryjWdc3kK3fplzt6SQtDhkEmEFCgpK2f1kiJdyBPtYSvfaRxYCP30prfchlF6EeZ lLVDKHn4F1vBURGdkGjAnIto5pEDxzHDWK23G3Q+J7ugmQww5wHsazuJI3IKGHJlrwPt OtPkov0r/EqeNsTbSxCdgYXF+Z5+5EeL71gwzePj+pbfOJGy497zgqoMmNjd1aYHvDjc Yc7E2L0NBhSi4n4FhwEhl0Sgip9pdLo1nVDg3oiOYnD9HzeNXbiVlzas8eu44YHVOaWk Fd8weqgAhXhweRprCPARKkDMTyFhcPFbK9YfS+kTzaoU7EEcaZS4Eqj0RBsKVPlikZiv NN6A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=Jkk1MIdu; dkim=neutral (no key) header.i=@linutronix.de header.b=lWLEqAuy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Return-Path: Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id x185-20020a6386c2000000b005644a9be955si6956488pgd.179.2023.10.23.09.11.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Oct 2023 09:11:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=Jkk1MIdu; dkim=neutral (no key) header.i=@linutronix.de header.b=lWLEqAuy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id ABFDC805E514; Mon, 23 Oct 2023 09:11:49 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233508AbjJWQLn (ORCPT + 99 others); Mon, 23 Oct 2023 12:11:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52012 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232406AbjJWQLk (ORCPT ); Mon, 23 Oct 2023 12:11:40 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 64F7A10E for ; Mon, 23 Oct 2023 09:11:37 -0700 (PDT) From: Thomas Gleixner DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1698077496; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=bO2BXye1lMp4h+BXWFd2ZCWFmLCstWT9fiAOX+cFNvc=; b=Jkk1MIduHCB1MF5WJx4RWCSZ8fW9+U+ytu9yAvC3tDHutUzhDqvVluOFridpUxx1XGgHDe WtnQfGfWAttalqAmdInYz36TOlO0Ll2TFLn5ToLMU5k2bVzRfVUxtYhQPi1bPBgCDwe80e cwoclFaSLruuDzHSDHSTyZvRQjv6b6wJFO9qbTedGGJFNhKrWBvw/Vn3ejgcLcvyLcYNUl jP4+vtixe/mZITuy3GoFdjigXrjl93Nv+4nxTznlItgkpjkemItdzn6AlZW88H8EfQtZLH dhP2XgE0NM2o47ND1nPLwqfZkkO50DCqWpQl3PjxZoMHCOX3ABDFL8tUJah7kw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1698077496; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=bO2BXye1lMp4h+BXWFd2ZCWFmLCstWT9fiAOX+cFNvc=; b=lWLEqAuyKfuaLlXO6AMm4ZKc2+rIWXy1PzymO7xE1YLVZgaQdbJop3PJvcnEPSWd8Yzaxb oiKD8Ywq/zWbA3DQ== To: Andrzej Hajda , linux-kernel@vger.kernel.org, intel-gfx@lists.freedesktop.org, linux-mm@kvack.org Cc: Nirmoy Das Subject: Re: [Intel-gfx] [PATCH v2] debugobjects: stop accessing objects after releasing spinlock In-Reply-To: <62e16250-63f4-4fbb-b00e-db808b600664@intel.com> References: <20230925131359.2948827-1-andrzej.hajda@intel.com> <87v8bak6iy.ffs@tglx> <62e16250-63f4-4fbb-b00e-db808b600664@intel.com> Date: Mon, 23 Oct 2023 18:11:35 +0200 Message-ID: <87r0llco94.ffs@tglx> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Mon, 23 Oct 2023 09:11:49 -0700 (PDT) On Thu, Oct 19 2023 at 12:31, Andrzej Hajda wrote: > On 13.10.2023 15:15, Thomas Gleixner wrote: >> It cannot be freed. If that happens then the calling code will have an >> UAF problem on the tracked item too. > > Yes, and I have assumed that debugobjects are created also for detecting > UAFs. Kinda. > They should be able to handle/detect 'issues due to incorrectly > serialized concurrent accesses' scenarios as well, at least some of > them. And even if it cannot recover it should at least provide reliable > reporting. Fair enough. > Now we can have scenario: > 1. Thread tries to deactivate destroyed object, debugobjects detects it, > spin lock is released, thread is preempted. > 2. Other thread frees debugobject, then allocates new one on the same > memory location, ie 'obj' variable from 1st thread point to it - it is > possible because there is no locking. > 3. Then preemption occurs, and 1st thread reports error for wrong object. > > This seems the most drastic for me, but also with lowest chances to > happen due to delayed freeing, but there are also other more probable > scenarios when we print the same object but in state different from the > one when debugobject detected issue, due to modification by concurrent > thread. Now I understand what you mean. This information should be in the changelog, no? Let me stare at the patch once more.