From: paulmck@linux.ibm.com (Paul E. McKenney)
Subject: v5.0-rc2 and NVMeOF
Date: Tue, 12 Feb 2019 17:10:23 -0800 [thread overview]
Message-ID: <20190213011023.GX4240@linux.ibm.com> (raw)
In-Reply-To: <1550018699.19311.45.camel@acm.org>
On Tue, Feb 12, 2019@04:44:59PM -0800, Bart Van Assche wrote:
> On Tue, 2019-02-12@11:15 -0800, Paul E. McKenney wrote:
> > [ ... ]
> > And please see below for a patch that should allow SRCU to provide
> > greatly improved diagnostics for my hypothesized scenario.
> >
> > ------------------------------------------------------------------------
> >
> > commit 266c20cf63cdcecb3856dbc7886529082f0acaf5
> > Author: Paul E. McKenney <paulmck at linux.ibm.com>
> > Date: Tue Feb 12 10:44:33 2019 -0800
> >
> > srcu: Check for in-flight callbacks in _cleanup_srcu_struct()
> >
> > If someone fails to drain the corresponding SRCU callbacks (for
> > example, by failing to invoke srcu_barrier()) before invoking either
> > cleanup_srcu_struct() or cleanup_srcu_struct_quiesced(), the resulting
> > diagnostic is an ambiguous use-after-free diagnostic, and even then
> > only if you are running something like KASAN. This commit therefore
> > improves SRCU diagnostics by adding checks for in-flight callbacks at
> > _cleanup_srcu_struct() time.
> >
> > Note that these diagnostics can still be defeated, for example, by
> > invoking call_srcu() concurrently with cleanup_srcu_struct(). Which is
> > a really bad idea, but sometimes all too easy to do. But even then,
> > these diagnostics have at least some probability of catching the problem.
> >
> > Reported-by: Sagi Grimberg <sagi at grimberg.me>
> > Reported-by: Bart Van Assche <bvanassche at acm.org>
> > Signed-off-by: Paul E. McKenney <paulmck at linux.ibm.com>
> >
> > diff --git a/kernel/rcu/srcutree.c b/kernel/rcu/srcutree.c
> > index a60b8ba9e1ac..4f30f3ecabc1 100644
> > --- a/kernel/rcu/srcutree.c
> > +++ b/kernel/rcu/srcutree.c
> > @@ -387,6 +387,8 @@ void _cleanup_srcu_struct(struct srcu_struct *ssp, bool quiesced)
> > del_timer_sync(&sdp->delay_work);
> > flush_work(&sdp->work);
> > }
> > + if (WARN_ON(rcu_segcblist_n_cbs(&sdp->srcu_cblist)))
> > + return; /* Forgot srcu_barrier(), so just leak it! */
> > }
> > if (WARN_ON(rcu_seq_state(READ_ONCE(ssp->srcu_gp_seq)) != SRCU_STATE_IDLE) ||
> > WARN_ON(srcu_readers_active(ssp))) {
>
> Hi Paul,
>
> With this patch applied I still see the KASAN use-after-free complaint but no prior
> warning from inside the RCU code.
Hmmm...
I don't see how the KASAN warning could happen without srcu_struct_cleanup()
or srcu_struct_cleanup_quiesced() being called. Perhaps a failure of
imagination on my part.
So does it seem plausible to you that one of those two has been called
at the time the KASAN complaint is emitted?
Thanx, Paul
next prev parent reply other threads:[~2019-02-13 1:10 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-15 19:07 v5.0-rc2 and NVMeOF Bart Van Assche
2019-01-17 1:16 ` Sagi Grimberg
2019-02-11 17:24 ` Bart Van Assche
2019-02-11 21:08 ` Paul E. McKenney
2019-02-11 22:27 ` Bart Van Assche
2019-02-12 1:24 ` Paul E. McKenney
2019-02-12 16:47 ` Bart Van Assche
2019-02-12 17:47 ` Paul E. McKenney
2019-02-12 19:15 ` Paul E. McKenney
2019-02-13 0:44 ` Bart Van Assche
2019-02-13 1:10 ` Paul E. McKenney [this message]
2019-02-13 15:19 ` Paul E. McKenney
2019-02-13 15:24 ` Paul E. McKenney
2019-02-13 18:36 ` Bart Van Assche
2019-02-13 18:48 ` Paul E. McKenney
2019-02-13 19:12 ` Bart Van Assche
2019-02-13 19:30 ` Paul E. McKenney
2019-02-13 19:52 ` Paul E. McKenney
2019-02-13 21:00 ` Bart Van Assche
2019-02-13 22:09 ` Paul E. McKenney
2019-02-13 23:07 ` Paul E. McKenney
2019-02-14 0:21 ` Bart Van Assche
2019-02-14 1:02 ` Paul E. McKenney
2019-02-26 17:35 ` Paul E. McKenney
2019-02-26 17:47 ` Bart Van Assche
2019-02-26 18:12 ` Paul E. McKenney
2019-02-26 18:40 ` Bart Van Assche
2019-02-26 19:20 ` Paul E. McKenney
2019-02-26 23:48 ` Bart Van Assche
2019-02-27 16:04 ` Paul E. McKenney
2019-02-27 16:25 ` Bart Van Assche
2019-02-27 18:22 ` Paul E. McKenney
2019-02-13 19:13 ` Paul E. McKenney
2019-02-13 0:47 ` Bart Van Assche
2019-02-13 1:07 ` Paul E. McKenney
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190213011023.GX4240@linux.ibm.com \
--to=paulmck@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.