Re: [PATCH v7] KEYS: Add a list for unreferenced keys

[Jarkko Sakkinen <jarkko@kernel.org>]

On Mon, Apr 07, 2025 at 02:42:34PM +0200, Marek Szyprowski wrote:
> On 07.04.2025 14:08, Jarkko Sakkinen wrote:
> > On Mon, Apr 07, 2025 at 02:23:49PM +0300, Jarkko Sakkinen wrote:
> >> On Mon, Apr 07, 2025 at 12:25:11PM +0200, Marek Szyprowski wrote:
> >>> On 07.04.2025 04:39, Jarkko Sakkinen wrote:
> >>>> From: Jarkko Sakkinen <jarkko.sakkinen@opinsys.com>
> >>>>
> >>>> Add an isolated list of unreferenced keys to be queued for deletion, and
> >>>> try to pin the keys in the garbage collector before processing anything.
> >>>> Skip unpinnable keys.
> >>>>
> >>>> Use this list for blocking the reaping process during the teardown:
> >>>>
> >>>> 1. First off, the keys added to `keys_graveyard` are snapshotted, and the
> >>>>      list is flushed. This the very last step in `key_put()`.
> >>>> 2. `key_put()` reaches zero. This will mark key as busy for the garbage
> >>>>      collector.
> >>>> 3. `key_garbage_collector()` will try to increase refcount, which won't go
> >>>>      above zero. Whenever this happens, the key will be skipped.
> >>>>
> >>>> Cc: stable@vger.kernel.org # v6.1+ Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@opinsys.com>
> >>> This patch landed in today's linux-next as commit b0d023797e3e ("keys:
> >>> Add a list for unreferenced keys"). In my tests I found that it triggers
> >>> the following lockdep issue:
> >>>
> >>> ================================
> >>> WARNING: inconsistent lock state
> >>> 6.15.0-rc1-next-20250407 #15630 Not tainted
> >>> --------------------------------
> >>> inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
> >>> ksoftirqd/3/32 [HC0[0]:SC1[1]:HE1:SE0] takes:
> >>> c13fdd68 (key_serial_lock){+.?.}-{2:2}, at: key_put+0x74/0x128
> >>> {SOFTIRQ-ON-W} state was registered at:
> >>>     lock_acquire+0x134/0x384
> >>>     _raw_spin_lock+0x38/0x48
> >>>     key_alloc+0x2fc/0x4d8
> >>>     keyring_alloc+0x40/0x90
> >>>     system_trusted_keyring_init+0x50/0x7c
> >>>     do_one_initcall+0x68/0x314
> >>>     kernel_init_freeable+0x1c0/0x224
> >>>     kernel_init+0x1c/0x12c
> >>>     ret_from_fork+0x14/0x28
> >>> irq event stamp: 234
> >>> hardirqs last  enabled at (234): [<c0cb7060>]
> >>> _raw_spin_unlock_irqrestore+0x5c/0x60
> >>> hardirqs last disabled at (233): [<c0cb6dd0>]
> >>> _raw_spin_lock_irqsave+0x64/0x68
> >>> softirqs last  enabled at (42): [<c013bcd8>] handle_softirqs+0x328/0x520
> >>> softirqs last disabled at (47): [<c013bf10>] run_ksoftirqd+0x40/0x68
> >> OK what went to -next went there by accident and has been removed,
> >> sorry. I think it was like the very first version of this patch.
> >>
> >> Thanks for informing anyhow!
> >
> > Testing branch: https://web.git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/log/?h=keys-graveyard
> >
> > I updated my next this morning so should be fixed soon...
> 
> I've just checked that branch and it still triggers lockdep issue. The 
> following change is needed to get it fixed:
> 
> diff --git a/security/keys/gc.c b/security/keys/gc.c
> index 0a3beb68633c..b22dc93eb4b4 100644
> --- a/security/keys/gc.c
> +++ b/security/keys/gc.c
> @@ -302,9 +302,9 @@ static void key_garbage_collector(struct work_struct 
> *work)
>                  key_schedule_gc(new_timer);
>          }
> 
> -       spin_lock(&key_graveyard_lock);
> +       spin_lock_irqsave(&key_graveyard_lock, flags);
>          list_splice_init(&key_graveyard, &graveyard);
> -       spin_unlock(&key_graveyard_lock);
> +       spin_unlock_irqrestore(&key_graveyard_lock, flags);
> 
>          if (unlikely(gc_state & KEY_GC_REAPING_DEAD_2) ||
>              !list_empty(&graveyard)) {

Oh, it used to be liked this. I managed to mess things up during rebase:

https://lore.kernel.org/keyrings/Z-682XjIjxjAZ9j-@kernel.org/T/#m4a0db2526abb549df3871dec23056350556d4556

Thanks for spotting this, I'll revert it how it used to be in v4.

> 
> Best regards
> -- 
> Marek Szyprowski, PhD
> Samsung R&D Institute Poland
> 
> 
BR, Jarkko