* [PATCH] kasan: Prevent cpu_quarantine corruption when CPU offline and cache shrink occur at same time
@ 2022-04-14 2:59 Zqiang
2022-04-21 22:07 ` Andrew Morton
0 siblings, 1 reply; 4+ messages in thread
From: Zqiang @ 2022-04-14 2:59 UTC (permalink / raw)
To: ryabinin.a.a, dvyukov, akpm; +Cc: linux-mm, linux-kernel
The kasan_quarantine_remove_cache() is called in kmem_cache_shrink()/
destroy(), the kasan_quarantine_remove_cache() call is protected by
cpuslock in kmem_cache_destroy(), can ensure serialization with
kasan_cpu_offline(). however the kasan_quarantine_remove_cache() call
is not protected by cpuslock in kmem_cache_shrink(), when CPU going
offline and cache shrink occur at same time, the cpu_quarantine may be
corrupted by interrupt(per_cpu_remove_cache operation). so add
cpu_quarantine offline flags check in per_cpu_remove_cache().
Signed-off-by: Zqiang <qiang1.zhang@intel.com>
---
mm/kasan/quarantine.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/mm/kasan/quarantine.c b/mm/kasan/quarantine.c
index 0e33d30abb8d..51a8192d49cf 100644
--- a/mm/kasan/quarantine.c
+++ b/mm/kasan/quarantine.c
@@ -330,6 +330,8 @@ static void per_cpu_remove_cache(void *arg)
struct cpu_shrink_qlist *sq;
#endif
q = this_cpu_ptr(&cpu_quarantine);
+ if (READ_ONCE(q->offline))
+ return;
#ifndef CONFIG_PREEMPT_RT
qlist_move_cache(q, &to_free, cache);
qlist_free_all(&to_free, cache);
--
2.25.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] kasan: Prevent cpu_quarantine corruption when CPU offline and cache shrink occur at same time
2022-04-14 2:59 [PATCH] kasan: Prevent cpu_quarantine corruption when CPU offline and cache shrink occur at same time Zqiang
@ 2022-04-21 22:07 ` Andrew Morton
2022-04-22 9:27 ` Dmitry Vyukov
2022-04-25 14:25 ` Zhang, Qiang1
0 siblings, 2 replies; 4+ messages in thread
From: Andrew Morton @ 2022-04-21 22:07 UTC (permalink / raw)
To: Zqiang
Cc: ryabinin.a.a, dvyukov, linux-mm, linux-kernel,
Alexander Potapenko, Andrey Konovalov, kasan-dev
On Thu, 14 Apr 2022 10:59:25 +0800 Zqiang <qiang1.zhang@intel.com> wrote:
> The kasan_quarantine_remove_cache() is called in kmem_cache_shrink()/
> destroy(), the kasan_quarantine_remove_cache() call is protected by
> cpuslock in kmem_cache_destroy(), can ensure serialization with
> kasan_cpu_offline(). however the kasan_quarantine_remove_cache() call
> is not protected by cpuslock in kmem_cache_shrink(), when CPU going
> offline and cache shrink occur at same time, the cpu_quarantine may be
> corrupted by interrupt(per_cpu_remove_cache operation). so add
> cpu_quarantine offline flags check in per_cpu_remove_cache().
>
> ...
>
Could we please have some reviewer input here?
> --- a/mm/kasan/quarantine.c
> +++ b/mm/kasan/quarantine.c
> @@ -330,6 +330,8 @@ static void per_cpu_remove_cache(void *arg)
> struct cpu_shrink_qlist *sq;
> #endif
> q = this_cpu_ptr(&cpu_quarantine);
> + if (READ_ONCE(q->offline))
> + return;
> #ifndef CONFIG_PREEMPT_RT
> qlist_move_cache(q, &to_free, cache);
> qlist_free_all(&to_free, cache);
It might be helpful to have a little comment which explains why we're
doing this?
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] kasan: Prevent cpu_quarantine corruption when CPU offline and cache shrink occur at same time
2022-04-21 22:07 ` Andrew Morton
@ 2022-04-22 9:27 ` Dmitry Vyukov
2022-04-25 14:25 ` Zhang, Qiang1
1 sibling, 0 replies; 4+ messages in thread
From: Dmitry Vyukov @ 2022-04-22 9:27 UTC (permalink / raw)
To: Andrew Morton
Cc: Zqiang, ryabinin.a.a, linux-mm, linux-kernel, Alexander Potapenko,
Andrey Konovalov, kasan-dev
On Fri, 22 Apr 2022 at 00:07, Andrew Morton <akpm@linux-foundation.org> wrote:
>
> On Thu, 14 Apr 2022 10:59:25 +0800 Zqiang <qiang1.zhang@intel.com> wrote:
>
> > The kasan_quarantine_remove_cache() is called in kmem_cache_shrink()/
> > destroy(), the kasan_quarantine_remove_cache() call is protected by
> > cpuslock in kmem_cache_destroy(), can ensure serialization with
> > kasan_cpu_offline(). however the kasan_quarantine_remove_cache() call
> > is not protected by cpuslock in kmem_cache_shrink(), when CPU going
> > offline and cache shrink occur at same time, the cpu_quarantine may be
> > corrupted by interrupt(per_cpu_remove_cache operation). so add
> > cpu_quarantine offline flags check in per_cpu_remove_cache().
> >
> > ...
> >
>
> Could we please have some reviewer input here?
This is very tricky, I think can follow this:
Reviewed-by: Dmitry Vyukov <dvyukov@google.com>
If q->offline is set, then kasan_cpu_offline() will or has already
removed everything from cpu_quarantine and freed, so we can return
early in per_cpu_remove_cache().
If kasan_cpu_offline() hasn't yet removed everything from
cpu_quarantine already, it's actually problematic for the
kmem_cache_destroy() case. But since both kmem_cache_destroy() and
kasan_cpu_offline() are serialized by cpus lock, this case must not
happen.
> > --- a/mm/kasan/quarantine.c
> > +++ b/mm/kasan/quarantine.c
> > @@ -330,6 +330,8 @@ static void per_cpu_remove_cache(void *arg)
> > struct cpu_shrink_qlist *sq;
> > #endif
> > q = this_cpu_ptr(&cpu_quarantine);
> > + if (READ_ONCE(q->offline))
> > + return;
> > #ifndef CONFIG_PREEMPT_RT
> > qlist_move_cache(q, &to_free, cache);
> > qlist_free_all(&to_free, cache);
>
> It might be helpful to have a little comment which explains why we're
> doing this?
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: [PATCH] kasan: Prevent cpu_quarantine corruption when CPU offline and cache shrink occur at same time
2022-04-21 22:07 ` Andrew Morton
2022-04-22 9:27 ` Dmitry Vyukov
@ 2022-04-25 14:25 ` Zhang, Qiang1
1 sibling, 0 replies; 4+ messages in thread
From: Zhang, Qiang1 @ 2022-04-25 14:25 UTC (permalink / raw)
To: Andrew Morton
Cc: ryabinin.a.a@gmail.com, dvyukov@google.com, linux-mm@kvack.org,
linux-kernel@vger.kernel.org, Alexander Potapenko,
Andrey Konovalov, kasan-dev
On Thu, 14 Apr 2022 10:59:25 +0800 Zqiang <qiang1.zhang@intel.com> wrote:
> The kasan_quarantine_remove_cache() is called in kmem_cache_shrink()/
> destroy(), the kasan_quarantine_remove_cache() call is protected by
> cpuslock in kmem_cache_destroy(), can ensure serialization with
> kasan_cpu_offline(). however the kasan_quarantine_remove_cache() call
> is not protected by cpuslock in kmem_cache_shrink(), when CPU going
> offline and cache shrink occur at same time, the cpu_quarantine may be
> corrupted by interrupt(per_cpu_remove_cache operation). so add
> cpu_quarantine offline flags check in per_cpu_remove_cache().
>
> ...
>
>Could we please have some reviewer input here?
> --- a/mm/kasan/quarantine.c
> +++ b/mm/kasan/quarantine.c
> @@ -330,6 +330,8 @@ static void per_cpu_remove_cache(void *arg)
> struct cpu_shrink_qlist *sq;
> #endif
> q = this_cpu_ptr(&cpu_quarantine);
> + if (READ_ONCE(q->offline))
> + return;
> #ifndef CONFIG_PREEMPT_RT
> qlist_move_cache(q, &to_free, cache);
> qlist_free_all(&to_free, cache);
>It might be helpful to have a little comment which explains why we're doing this?
Sorry for late reply, may be add some comment:
Ensure the ordering between the writing to q->offline and per_cpu_remove_cache.
prevent cpu_quarantine be corrupted by interrupt.
Is this OK ?
Thanks
Zqiang
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-04-25 14:25 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-04-14 2:59 [PATCH] kasan: Prevent cpu_quarantine corruption when CPU offline and cache shrink occur at same time Zqiang
2022-04-21 22:07 ` Andrew Morton
2022-04-22 9:27 ` Dmitry Vyukov
2022-04-25 14:25 ` Zhang, Qiang1
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).