Re: [Linux kernel bug] WARNING in static_key_slow_inc_cpuslocked

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Thomas Gleixner <tglx@linutronix.de>
To: Steven Rostedt <rostedt@goodmis.org>, Sam Sun <samsun1006219@gmail.com>
Cc: linux-kernel@vger.kernel.org, x86@kernel.org,
	syzkaller-bugs@googlegroups.com, peterz@infradead.org,
	jpoimboe@kernel.org, jbaron@akamai.com, ardb@kernel.org,
	mingo@redhat.com, Borislav Petkov <bp@alien8.de>,
	dave.hansen@linux.intel.com, hpa@zytor.com,
	xrivendell7@gmail.com,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Tejun Heo <tj@kernel.org>
Subject: Re: [Linux kernel bug] WARNING in static_key_slow_inc_cpuslocked
Date: Sun, 09 Jun 2024 16:06:05 +0200	[thread overview]
Message-ID: <87o78axlbm.ffs@tglx> (raw)
In-Reply-To: <20240609090431.3af238bc@gandalf.local.home>

On Sun, Jun 09 2024 at 09:04, Steven Rostedt wrote:
> On Sun, 9 Jun 2024 14:33:01 +0800
> Sam Sun <samsun1006219@gmail.com> wrote:
>> [   82.310798][ T8020] ------------[ cut here ]------------
>> [   82.311236][ T8020] kernel BUG at arch/x86/kernel/jump_label.c:73!
>
> This is not a bug with jump labels. It's a bug with whatever is using jump
> labels. Looks like something tried to modify a jump label that no longer
> exists.

The jump label exists.

>> [   82.331873][ T8020]  set_attr_rdpmc+0x193/0x270
>> [   82.332179][ T8020]  ? get_attr_rdpmc+0x30/0x30
>> [   82.332511][ T8020]  ? sysfs_kf_write+0x18d/0x2b0
>> [   82.332832][ T8020]  ? sysfs_kf_read+0x370/0x370
>> [   82.333159][ T8020]  kernfs_fop_write_iter+0x3ab/0x500
>
> So, something in kernfs modified a jump label location that was freed?

No. What happens is:

CPU 0                           	CPU 1

kernfs_fop_write_iter()			kernfs_fop_write_iter()
  set_attr_rdpmc()		  	  set_attr_rdpmc()
    arch_jump_label_transform_queue()       arch_jump_label_transform_queue()
     mutex_lock(text_mutex)                   mutex_lock(text_mutex)
     __jump_label_patch()
     text_poke_queue()
     mutex_unlokc(text_mutex)
                                              __jump_label_patch()

CPU 1 sees the original text and not the expected because CPU 0 did not
yet invoke arch_jump_label_transform_apply().

So clearly set_attr_rdpmc() lacks serialization, no?

Thanks,

        tglx

next prev parent reply	other threads:[~2024-06-09 14:06 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-06-09  6:33 [Linux kernel bug] WARNING in static_key_slow_inc_cpuslocked Sam Sun
2024-06-09 13:04 ` Steven Rostedt
2024-06-09 14:06   ` Thomas Gleixner [this message]
2024-06-09 14:25     ` Steven Rostedt
2024-06-09 16:02       ` Thomas Gleixner
2024-06-09 16:56         ` Thomas Gleixner
2024-06-09 19:39           ` Thomas Gleixner
2024-06-10  6:46           ` Peter Zijlstra
2024-06-10 10:34             ` Thomas Gleixner
2024-06-10 12:46               ` [patch 0/4] perf/x86, jump_label: Cure serialization issues Thomas Gleixner
2024-06-10 12:46                 ` [patch 1/4] perf/x86: Serialize set_attr_rdpmc() Thomas Gleixner
2024-06-17 15:47                   ` [tip: locking/core] " tip-bot2 for Thomas Gleixner
2024-06-10 12:46                 ` [patch 2/4] jump_label: Fix concurrency issues in static_key_slow_dec() Thomas Gleixner
2024-06-10 17:57                   ` Peter Zijlstra
2024-06-10 18:00                     ` Thomas Gleixner
2024-06-17 15:47                   ` [tip: locking/core] " tip-bot2 for Thomas Gleixner
2024-06-10 12:46                 ` [patch 3/4] jump_label: Clarify condition in static_key_fast_inc_not_disabled() Thomas Gleixner
2024-06-17 15:47                   ` [tip: locking/core] " tip-bot2 for Thomas Gleixner
2024-06-10 12:46                 ` [patch 4/4] jump_label: Simplify and clarify static_key_fast_inc_cpus_locked() Thomas Gleixner
2024-06-12 13:57                   ` Uros Bizjak
2024-06-17 15:47                   ` [tip: locking/core] " tip-bot2 for Thomas Gleixner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87o78axlbm.ffs@tglx \
    --to=tglx@linutronix.de \
    --cc=ardb@kernel.org \
    --cc=bp@alien8.de \
    --cc=dave.hansen@linux.intel.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=hpa@zytor.com \
    --cc=jbaron@akamai.com \
    --cc=jpoimboe@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=peterz@infradead.org \
    --cc=rostedt@goodmis.org \
    --cc=samsun1006219@gmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=tj@kernel.org \
    --cc=x86@kernel.org \
    --cc=xrivendell7@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.