From: Masami Hiramatsu (Google) <mhiramat@kernel.org>
To: Luo Gengkun <luogengkun@huaweicloud.com>
Cc: Steven Rostedt <rostedt@goodmis.org>,
mathieu.desnoyers@efficios.com, linux-kernel@vger.kernel.org,
linux-trace-kernel@vger.kernel.org,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
linux-arm-kernel@lists.infradead.org,
Mark Rutland <mark.rutland@arm.com>
Subject: Re: [PATCH] tracing: Fix tracing_marker may trigger page fault during preempt_disable
Date: Tue, 2 Sep 2025 16:35:14 +0900 [thread overview]
Message-ID: <20250902163514.f877d9c96e913f08c0c6b0b1@kernel.org> (raw)
In-Reply-To: <cc6eb973-d82b-4afc-83fb-a2c28cc79d36@huaweicloud.com>
On Tue, 2 Sep 2025 11:47:32 +0800
Luo Gengkun <luogengkun@huaweicloud.com> wrote:
>
> On 2025/9/1 23:56, Masami Hiramatsu (Google) wrote:
> > On Fri, 29 Aug 2025 08:26:04 -0400
> > Steven Rostedt <rostedt@goodmis.org> wrote:
> >
> >> [ Adding arm64 maintainers ]
> >>
> >> On Fri, 29 Aug 2025 16:29:07 +0800
> >> Luo Gengkun <luogengkun@huaweicloud.com> wrote:
> >>
> >>> On 2025/8/20 1:50, Steven Rostedt wrote:
> >>>> On Tue, 19 Aug 2025 10:51:52 +0000
> >>>> Luo Gengkun <luogengkun@huaweicloud.com> wrote:
> >>>>
> >>>>> Both tracing_mark_write and tracing_mark_raw_write call
> >>>>> __copy_from_user_inatomic during preempt_disable. But in some case,
> >>>>> __copy_from_user_inatomic may trigger page fault, and will call schedule()
> >>>>> subtly. And if a task is migrated to other cpu, the following warning will
> >>>> Wait! What?
> >>>>
> >>>> __copy_from_user_inatomic() is allowed to be called from in atomic context.
> >>>> Hence the name it has. How the hell can it sleep? If it does, it's totally
> >>>> broken!
> >>>>
> >>>> Now, I'm not against using nofault() as it is better named, but I want to
> >>>> know why you are suggesting this change. Did you actually trigger a bug here?
> >>> yes, I trigger this bug in arm64.
> >> And I still think this is an arm64 bug.
> > I think it could be.
> >
> >>>>
> >>>>> be trigger:
> >>>>> if (RB_WARN_ON(cpu_buffer,
> >>>>> !local_read(&cpu_buffer->committing)))
> >>>>>
> >>>>> An example can illustrate this issue:
> > You've missed an important part.
> >
> >>>>> process flow CPU
> >>>>> ---------------------------------------------------------------------
> >>>>>
> >>>>> tracing_mark_raw_write(): cpu:0
> >>>>> ...
> >>>>> ring_buffer_lock_reserve(): cpu:0
> >>>>> ...
> > preempt_disable_notrace(); --> this is unlocked by ring_buffer_unlock_commit()
> >
> >>>>> cpu = raw_smp_processor_id() cpu:0
> >>>>> cpu_buffer = buffer->buffers[cpu] cpu:0
> >>>>> ...
> >>>>> ...
> >>>>> __copy_from_user_inatomic(): cpu:0
> > So this is called under preempt-disabled.
> >
> >>>>> ...
> >>>>> # page fault
> >>>>> do_mem_abort(): cpu:0
> >>>> Sounds to me that arm64 __copy_from_user_inatomic() may be broken.
> >>>>
> >>>>> ...
> >>>>> # Call schedule
> >>>>> schedule() cpu:0
> > If this does not check the preempt flag, it is a problem.
> > Maybe arm64 needs to do fixup and abort instead of do_mem_abort()?
>
> My kernel was built without CONFIG_PREEMPT_COUNT, so the preempt_disable()
> does nothing more than act as a barrier. In this case, it can pass the
> check by schedule(). Perhaps this is another issue?
OK, I got it. Indeed, in that case, we have no way to check this
happens in the preempt critical section.
Anyway, as in discussed here, __copy_from_user_inatomic() is for
the internal function, so I'm also OK to this patch.
Reviewed-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
BTW, currently we just write a fault message if the
__copy_from_user_*() hits a fault, but I think we can retry with
normal __copy_from_user() to a kernel buffer and copy it in the
ring buffer as slow path.
Thank you,
--
Masami Hiramatsu (Google) <mhiramat@kernel.org>
next prev parent reply other threads:[~2025-09-02 7:35 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-19 10:51 [PATCH] tracing: Fix tracing_marker may trigger page fault during preempt_disable Luo Gengkun
2025-08-19 17:50 ` Steven Rostedt
2025-08-29 8:29 ` Luo Gengkun
2025-08-29 12:26 ` Steven Rostedt
2025-08-29 12:36 ` Steven Rostedt
2025-08-29 19:53 ` Catalin Marinas
2025-08-29 22:13 ` Steven Rostedt
2025-08-30 10:22 ` Catalin Marinas
2025-09-01 9:56 ` Mark Rutland
2025-09-01 12:28 ` Catalin Marinas
2025-09-01 13:07 ` Mark Rutland
2025-09-01 9:43 ` Mark Rutland
2025-09-02 14:11 ` Steven Rostedt
2025-09-01 16:01 ` Masami Hiramatsu
2025-09-01 15:56 ` Masami Hiramatsu
2025-09-02 3:47 ` Luo Gengkun
2025-09-02 7:35 ` Masami Hiramatsu [this message]
2025-09-02 14:14 ` Steven Rostedt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250902163514.f877d9c96e913f08c0c6b0b1@kernel.org \
--to=mhiramat@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=luogengkun@huaweicloud.com \
--cc=mark.rutland@arm.com \
--cc=mathieu.desnoyers@efficios.com \
--cc=rostedt@goodmis.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).