Re: [syzbot] WARNING in kthread_is_per_cpu

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Valentin Schneider <valentin.schneider@arm.com>
To: Peter Zijlstra <peterz@infradead.org>
Cc: syzbot <syzbot+9362b31a2e0cad8b749d@syzkaller.appspotmail.com>,
	bp@alien8.de, dwmw@amazon.co.uk, hpa@zytor.com,
	linux-kernel@vger.kernel.org, luto@kernel.org, mingo@redhat.com,
	syzkaller-bugs@googlegroups.com, tglx@linutronix.de,
	x86@kernel.org
Subject: Re: [syzbot] WARNING in kthread_is_per_cpu
Date: Mon, 19 Apr 2021 20:58:26 +0100	[thread overview]
Message-ID: <874kg2kpwd.mognet@arm.com> (raw)
In-Reply-To: <20210419184553.GA26214@worktop.programming.kicks-ass.net>

On 19/04/21 20:45, Peter Zijlstra wrote:
> On Mon, Apr 19, 2021 at 12:31:22PM +0100, Valentin Schneider wrote:
>
>>   if ((p->flags & PF_KTHREAD) && kthread_is_per_cpu(p))
>>                                  `\
>>                                    to_kthread(p);
>>                                     `\
>>                                       WARN_ON(!(p->flags & PF_KTHREAD));
>>
>> ... Huh?
>
> Something like so perhaps?
>

Looks about right, IIUC the key being:

  p->flags & PF_KTHREAD + p->set_child_tid => the struct kthread is
  persistent

  p->flags & PF_KTHREAD => you may or may not have a struct kthread (see
  kernel/umh.c kernel_thread() uses). PF_KTHREAD isn't even guaranteed to
  persist (begin_new_exec()), which seems to be what the syzbot hit.

I'd be happy to see is_per_cpu_kthread() die, but that's somewhat
orthogonal to this here. For now, this does need the tiny extra below.

While we're at it, does free_kthread_struct() want the __to_kthread()
treatment as well? The other to_kthread() callsites looked like they only
made sense with a "proper" kthread anyway.

---
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
index 49636a49843f..8b470c2d5680 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -7612,7 +7612,7 @@ int can_migrate_task(struct task_struct *p, struct lb_env *env)
 		return 0;
 
 	/* Disregard pcpu kthreads; they are where they need to be. */
-	if ((p->flags & PF_KTHREAD) && kthread_is_per_cpu(p))
+	if (kthread_is_per_cpu(p))
 		return 0;
 
 	if (!cpumask_test_cpu(env->dst_cpu, p->cpus_ptr)) {

> diff --git a/kernel/kthread.c b/kernel/kthread.c
> index 1578973c5740..eeba40df61ac 100644
> --- a/kernel/kthread.c
> +++ b/kernel/kthread.c
> @@ -78,6 +78,14 @@ static inline void set_kthread_struct(void *kthread)
>       current->set_child_tid = (__force void __user *)kthread;
>  }
>
> +static inline struct kthread *__to_kthread(struct task_struct *k)
> +{
> +	void *kthread = (__force void *)k->set_child_tid;
> +	if (kthread && !(k->flags & PF_KTHREAD))
> +		kthread = NULL;
> +	return kthread;
> +}
> +
>  static inline struct kthread *to_kthread(struct task_struct *k)
>  {
>       WARN_ON(!(k->flags & PF_KTHREAD));
> @@ -516,7 +524,7 @@ void kthread_set_per_cpu(struct task_struct *k, int cpu)
>
>  bool kthread_is_per_cpu(struct task_struct *k)
>  {
> -	struct kthread *kthread = to_kthread(k);
> +	struct kthread *kthread = __to_kthread(k);
>       if (!kthread)
>               return false;
>
> diff --git a/kernel/sched/core.c b/kernel/sched/core.c
> index 3384ea74cad4..dc6311bd6986 100644
> --- a/kernel/sched/core.c
> +++ b/kernel/sched/core.c
> @@ -7658,7 +7658,7 @@ static void balance_push(struct rq *rq)
>        * histerical raisins.
>        */
>       if (rq->idle == push_task ||
> -	    ((push_task->flags & PF_KTHREAD) && kthread_is_per_cpu(push_task)) ||
> +	    kthread_is_per_cpu(push_task) ||
>           is_migration_disabled(push_task)) {
>
>               /*

next prev parent reply	other threads:[~2021-04-19 19:58 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-19 10:36 [syzbot] WARNING in kthread_is_per_cpu syzbot
2021-04-19 11:30 ` Thomas Gleixner
2021-04-19 11:31 ` Valentin Schneider
2021-04-19 18:45   ` Peter Zijlstra
2021-04-19 19:58     ` Valentin Schneider [this message]
2021-04-20  8:51       ` Peter Zijlstra
2021-04-20  9:43         ` Valentin Schneider
2021-04-20 10:11           ` Peter Zijlstra
2021-04-20 10:17             ` Valentin Schneider
2021-04-22  7:36         ` [tip: sched/core] kthread: Fix PF_KTHREAD vs to_kthread() race tip-bot2 for Peter Zijlstra

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:49636a49843 dfblob:8b470c2d568 )
 OR (
bs:"Re: [syzbot] WARNING in kthread_is_per_cpu" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=874kg2kpwd.mognet@arm.com \
    --to=valentin.schneider@arm.com \
    --cc=bp@alien8.de \
    --cc=dwmw@amazon.co.uk \
    --cc=hpa@zytor.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=mingo@redhat.com \
    --cc=peterz@infradead.org \
    --cc=syzbot+9362b31a2e0cad8b749d@syzkaller.appspotmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.