Message ID | 20191011022447.24249-1-mpe@ellerman.id.au |
---|---|
State | Not applicable |
Headers |
Received: (qmail 4137 invoked by alias); 11 Oct 2019 02:24:56 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: <libc-alpha.sourceware.org> List-Unsubscribe: <mailto:libc-alpha-unsubscribe-##L=##H@sourceware.org> List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org> List-Archive: <http://sourceware.org/ml/libc-alpha/> List-Post: <mailto:libc-alpha@sourceware.org> List-Help: <mailto:libc-alpha-help@sourceware.org>, <http://sourceware.org/ml/#faqs> Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 4126 invoked by uid 89); 11 Oct 2019 02:24:55 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-20.1 required=5.0 tests=AWL, BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS, SPF_PASS autolearn=ham version=3.3.1 spammy= X-HELO: ozlabs.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ellerman.id.au; s=201909; t=1570760691; bh=eEXnHboAKeL3t3V8Dxhyp5Ij7LkGXdOie9uDbo+nsGE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=q0NvSh6264LaH69u9aCpvAoVlx4MHB2gLx3LWm6UwcZ+DqfYphfOT44Vtb11K+R7p HuVONuIU8gT/Dhw6lX3ZYu86Y+sEeCMkMTSd4q0mpx9KcOnv406A2Ts4ZTjmFVHNaO 8KEXXINfilP9QPjzrjYRQCMwvb70paNrLg/hsvTvEe7P/C8Q4Bw249vjXGIvQGbGIJ 78gTGiDPQlE048CaVdQKgiOUmkJa4VlQedEtu9Kf2XBRiFzlFLklnPignkbFj4rxpO hVSoOlp4wPZvqJNZILZsxpuW8y4HbxI/dNNCTzga1PcZEPiX+kXN5bMnqIw1f1SKcC 5hTicPLNpAiNA== From: Michael Ellerman <mpe@ellerman.id.au> To: cyphar@cyphar.com Cc: mingo@redhat.com, peterz@infradead.org, alexander.shishkin@linux.intel.com, jolsa@redhat.com, namhyung@kernel.org, christian@brauner.io, keescook@chromium.org, linux@rasmusvillemoes.dk, viro@zeniv.linux.org.uk, torvalds@linux-foundation.org, libc-alpha@sourceware.org, linux-api@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] usercopy: Avoid soft lockups in test_check_nonzero_user() Date: Fri, 11 Oct 2019 13:24:47 +1100 Message-Id: <20191011022447.24249-1-mpe@ellerman.id.au> In-Reply-To: <20191010114007.o3bygjf4jlfk242e@yavin.dot.cyphar.com> References: <20191010114007.o3bygjf4jlfk242e@yavin.dot.cyphar.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit |
Commit Message
Michael Ellerman
Oct. 11, 2019, 2:24 a.m. UTC
On a machine with a 64K PAGE_SIZE, the nested for loops in
test_check_nonzero_user() can lead to soft lockups, eg:
watchdog: BUG: soft lockup - CPU#4 stuck for 22s! [modprobe:611]
Modules linked in: test_user_copy(+) vmx_crypto gf128mul crc32c_vpmsum virtio_balloon ip_tables x_tables autofs4
CPU: 4 PID: 611 Comm: modprobe Tainted: G L 5.4.0-rc1-gcc-8.2.0-00001-gf5a1a536fa14-dirty #1151
...
NIP __might_sleep+0x20/0xc0
LR __might_fault+0x40/0x60
Call Trace:
check_zeroed_user+0x12c/0x200
test_user_copy_init+0x67c/0x1210 [test_user_copy]
do_one_initcall+0x60/0x340
do_init_module+0x7c/0x2f0
load_module+0x2d94/0x30e0
__do_sys_finit_module+0xc8/0x150
system_call+0x5c/0x68
Even with a 4K PAGE_SIZE the test takes multiple seconds. Instead
tweak it to only scan a 1024 byte region, but make it cross the
page boundary.
Fixes: f5a1a536fa14 ("lib: introduce copy_struct_from_user() helper")
Suggested-by: Aleksa Sarai <cyphar@cyphar.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
---
lib/test_user_copy.c | 23 ++++++++++++++++++++---
1 file changed, 20 insertions(+), 3 deletions(-)
How does this look? It runs in < 1s on my machine here.
cheers
Comments
On 2019-10-11, Michael Ellerman <mpe@ellerman.id.au> wrote: > On a machine with a 64K PAGE_SIZE, the nested for loops in > test_check_nonzero_user() can lead to soft lockups, eg: > > watchdog: BUG: soft lockup - CPU#4 stuck for 22s! [modprobe:611] > Modules linked in: test_user_copy(+) vmx_crypto gf128mul crc32c_vpmsum virtio_balloon ip_tables x_tables autofs4 > CPU: 4 PID: 611 Comm: modprobe Tainted: G L 5.4.0-rc1-gcc-8.2.0-00001-gf5a1a536fa14-dirty #1151 > ... > NIP __might_sleep+0x20/0xc0 > LR __might_fault+0x40/0x60 > Call Trace: > check_zeroed_user+0x12c/0x200 > test_user_copy_init+0x67c/0x1210 [test_user_copy] > do_one_initcall+0x60/0x340 > do_init_module+0x7c/0x2f0 > load_module+0x2d94/0x30e0 > __do_sys_finit_module+0xc8/0x150 > system_call+0x5c/0x68 > > Even with a 4K PAGE_SIZE the test takes multiple seconds. Instead > tweak it to only scan a 1024 byte region, but make it cross the > page boundary. > > Fixes: f5a1a536fa14 ("lib: introduce copy_struct_from_user() helper") > Suggested-by: Aleksa Sarai <cyphar@cyphar.com> > Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> > --- > lib/test_user_copy.c | 23 ++++++++++++++++++++--- > 1 file changed, 20 insertions(+), 3 deletions(-) > > How does this look? It runs in < 1s on my machine here. > > cheers > > diff --git a/lib/test_user_copy.c b/lib/test_user_copy.c > index 950ee88cd6ac..9fb6bc609d4c 100644 > --- a/lib/test_user_copy.c > +++ b/lib/test_user_copy.c > @@ -47,9 +47,26 @@ static bool is_zeroed(void *from, size_t size) > static int test_check_nonzero_user(char *kmem, char __user *umem, size_t size) > { > int ret = 0; > - size_t start, end, i; > - size_t zero_start = size / 4; > - size_t zero_end = size - zero_start; > + size_t start, end, i, zero_start, zero_end; > + > + if (test(size < 1024, "buffer too small")) > + return -EINVAL; > + > + /* > + * We want to cross a page boundary to exercise the code more > + * effectively. We assume the buffer we're passed has a page boundary at > + * size / 2. We also don't want to make the size we scan too large, > + * otherwise the test can take a long time and cause soft lockups. So > + * scan a 1024 byte region across the page boundary. > + */ > + start = size / 2 - 512; > + size = 1024; I don't think it's necessary to do "size / 2" here -- you can just use PAGE_SIZE directly and check above that "size == 2*PAGE_SIZE" (not that this check is exceptionally necessary -- since there's only one caller of this function and it's in the same file). > + > + kmem += start; > + umem += start; > + > + zero_start = size / 4; > + zero_end = size - zero_start; > > /* > * We conduct a series of check_nonzero_user() tests on a block of memory
On Fri, Oct 11, 2019 at 02:48:10PM +1100, Aleksa Sarai wrote: > On 2019-10-11, Michael Ellerman <mpe@ellerman.id.au> wrote: > > On a machine with a 64K PAGE_SIZE, the nested for loops in > > test_check_nonzero_user() can lead to soft lockups, eg: > > > > watchdog: BUG: soft lockup - CPU#4 stuck for 22s! [modprobe:611] > > Modules linked in: test_user_copy(+) vmx_crypto gf128mul crc32c_vpmsum virtio_balloon ip_tables x_tables autofs4 > > CPU: 4 PID: 611 Comm: modprobe Tainted: G L 5.4.0-rc1-gcc-8.2.0-00001-gf5a1a536fa14-dirty #1151 > > ... > > NIP __might_sleep+0x20/0xc0 > > LR __might_fault+0x40/0x60 > > Call Trace: > > check_zeroed_user+0x12c/0x200 > > test_user_copy_init+0x67c/0x1210 [test_user_copy] > > do_one_initcall+0x60/0x340 > > do_init_module+0x7c/0x2f0 > > load_module+0x2d94/0x30e0 > > __do_sys_finit_module+0xc8/0x150 > > system_call+0x5c/0x68 > > > > Even with a 4K PAGE_SIZE the test takes multiple seconds. Instead > > tweak it to only scan a 1024 byte region, but make it cross the > > page boundary. > > > > Fixes: f5a1a536fa14 ("lib: introduce copy_struct_from_user() helper") > > Suggested-by: Aleksa Sarai <cyphar@cyphar.com> > > Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> > > --- > > lib/test_user_copy.c | 23 ++++++++++++++++++++--- > > 1 file changed, 20 insertions(+), 3 deletions(-) > > > > How does this look? It runs in < 1s on my machine here. > > > > cheers > > > > diff --git a/lib/test_user_copy.c b/lib/test_user_copy.c > > index 950ee88cd6ac..9fb6bc609d4c 100644 > > --- a/lib/test_user_copy.c > > +++ b/lib/test_user_copy.c > > @@ -47,9 +47,26 @@ static bool is_zeroed(void *from, size_t size) > > static int test_check_nonzero_user(char *kmem, char __user *umem, size_t size) > > { > > int ret = 0; > > - size_t start, end, i; > > - size_t zero_start = size / 4; > > - size_t zero_end = size - zero_start; > > + size_t start, end, i, zero_start, zero_end; > > + > > + if (test(size < 1024, "buffer too small")) > > + return -EINVAL; > > + > > + /* > > + * We want to cross a page boundary to exercise the code more > > + * effectively. We assume the buffer we're passed has a page boundary at > > + * size / 2. We also don't want to make the size we scan too large, > > + * otherwise the test can take a long time and cause soft lockups. So > > + * scan a 1024 byte region across the page boundary. > > + */ > > + start = size / 2 - 512; > > + size = 1024; > > I don't think it's necessary to do "size / 2" here -- you can just use > PAGE_SIZE directly and check above that "size == 2*PAGE_SIZE" (not that > this check is exceptionally necessary -- since there's only one caller > of this function and it's in the same file). Michael, in case you resend, can you make my life a little easier and do it on top of https://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux.git/log/?h=copy_struct_from_user please. I have a fix from Aleksa sitting in there laready that _might_ cause a conflict otherwise. Christian
Christian Brauner <christian.brauner@ubuntu.com> writes: > On Fri, Oct 11, 2019 at 02:48:10PM +1100, Aleksa Sarai wrote: >> On 2019-10-11, Michael Ellerman <mpe@ellerman.id.au> wrote: >> > On a machine with a 64K PAGE_SIZE, the nested for loops in >> > test_check_nonzero_user() can lead to soft lockups, eg: >> > >> > watchdog: BUG: soft lockup - CPU#4 stuck for 22s! [modprobe:611] >> > Modules linked in: test_user_copy(+) vmx_crypto gf128mul crc32c_vpmsum virtio_balloon ip_tables x_tables autofs4 >> > CPU: 4 PID: 611 Comm: modprobe Tainted: G L 5.4.0-rc1-gcc-8.2.0-00001-gf5a1a536fa14-dirty #1151 >> > ... >> > NIP __might_sleep+0x20/0xc0 >> > LR __might_fault+0x40/0x60 >> > Call Trace: >> > check_zeroed_user+0x12c/0x200 >> > test_user_copy_init+0x67c/0x1210 [test_user_copy] >> > do_one_initcall+0x60/0x340 >> > do_init_module+0x7c/0x2f0 >> > load_module+0x2d94/0x30e0 >> > __do_sys_finit_module+0xc8/0x150 >> > system_call+0x5c/0x68 >> > >> > Even with a 4K PAGE_SIZE the test takes multiple seconds. Instead >> > tweak it to only scan a 1024 byte region, but make it cross the >> > page boundary. >> > >> > Fixes: f5a1a536fa14 ("lib: introduce copy_struct_from_user() helper") >> > Suggested-by: Aleksa Sarai <cyphar@cyphar.com> >> > Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> >> > --- >> > lib/test_user_copy.c | 23 ++++++++++++++++++++--- >> > 1 file changed, 20 insertions(+), 3 deletions(-) >> > >> > How does this look? It runs in < 1s on my machine here. >> > >> > cheers >> > >> > diff --git a/lib/test_user_copy.c b/lib/test_user_copy.c >> > index 950ee88cd6ac..9fb6bc609d4c 100644 >> > --- a/lib/test_user_copy.c >> > +++ b/lib/test_user_copy.c >> > @@ -47,9 +47,26 @@ static bool is_zeroed(void *from, size_t size) >> > static int test_check_nonzero_user(char *kmem, char __user *umem, size_t size) >> > { >> > int ret = 0; >> > - size_t start, end, i; >> > - size_t zero_start = size / 4; >> > - size_t zero_end = size - zero_start; >> > + size_t start, end, i, zero_start, zero_end; >> > + >> > + if (test(size < 1024, "buffer too small")) >> > + return -EINVAL; >> > + >> > + /* >> > + * We want to cross a page boundary to exercise the code more >> > + * effectively. We assume the buffer we're passed has a page boundary at >> > + * size / 2. We also don't want to make the size we scan too large, >> > + * otherwise the test can take a long time and cause soft lockups. So >> > + * scan a 1024 byte region across the page boundary. >> > + */ >> > + start = size / 2 - 512; >> > + size = 1024; >> >> I don't think it's necessary to do "size / 2" here -- you can just use >> PAGE_SIZE directly and check above that "size == 2*PAGE_SIZE" (not that >> this check is exceptionally necessary -- since there's only one caller >> of this function and it's in the same file). > > Michael, in case you resend, can you make my life a little easier and do > it on top of > https://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux.git/log/?h=copy_struct_from_user > please. I have a fix from Aleksa sitting in there laready that _might_ > cause a conflict otherwise. No worries, done. cheers
On Wed, Oct 16, 2019 at 11:28:20PM +1100, Michael Ellerman wrote: > Christian Brauner <christian.brauner@ubuntu.com> writes: > > On Fri, Oct 11, 2019 at 02:48:10PM +1100, Aleksa Sarai wrote: > >> On 2019-10-11, Michael Ellerman <mpe@ellerman.id.au> wrote: > >> > On a machine with a 64K PAGE_SIZE, the nested for loops in > >> > test_check_nonzero_user() can lead to soft lockups, eg: > >> > > >> > watchdog: BUG: soft lockup - CPU#4 stuck for 22s! [modprobe:611] > >> > Modules linked in: test_user_copy(+) vmx_crypto gf128mul crc32c_vpmsum virtio_balloon ip_tables x_tables autofs4 > >> > CPU: 4 PID: 611 Comm: modprobe Tainted: G L 5.4.0-rc1-gcc-8.2.0-00001-gf5a1a536fa14-dirty #1151 > >> > ... > >> > NIP __might_sleep+0x20/0xc0 > >> > LR __might_fault+0x40/0x60 > >> > Call Trace: > >> > check_zeroed_user+0x12c/0x200 > >> > test_user_copy_init+0x67c/0x1210 [test_user_copy] > >> > do_one_initcall+0x60/0x340 > >> > do_init_module+0x7c/0x2f0 > >> > load_module+0x2d94/0x30e0 > >> > __do_sys_finit_module+0xc8/0x150 > >> > system_call+0x5c/0x68 > >> > > >> > Even with a 4K PAGE_SIZE the test takes multiple seconds. Instead > >> > tweak it to only scan a 1024 byte region, but make it cross the > >> > page boundary. > >> > > >> > Fixes: f5a1a536fa14 ("lib: introduce copy_struct_from_user() helper") > >> > Suggested-by: Aleksa Sarai <cyphar@cyphar.com> > >> > Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> > >> > --- > >> > lib/test_user_copy.c | 23 ++++++++++++++++++++--- > >> > 1 file changed, 20 insertions(+), 3 deletions(-) > >> > > >> > How does this look? It runs in < 1s on my machine here. > >> > > >> > cheers > >> > > >> > diff --git a/lib/test_user_copy.c b/lib/test_user_copy.c > >> > index 950ee88cd6ac..9fb6bc609d4c 100644 > >> > --- a/lib/test_user_copy.c > >> > +++ b/lib/test_user_copy.c > >> > @@ -47,9 +47,26 @@ static bool is_zeroed(void *from, size_t size) > >> > static int test_check_nonzero_user(char *kmem, char __user *umem, size_t size) > >> > { > >> > int ret = 0; > >> > - size_t start, end, i; > >> > - size_t zero_start = size / 4; > >> > - size_t zero_end = size - zero_start; > >> > + size_t start, end, i, zero_start, zero_end; > >> > + > >> > + if (test(size < 1024, "buffer too small")) > >> > + return -EINVAL; > >> > + > >> > + /* > >> > + * We want to cross a page boundary to exercise the code more > >> > + * effectively. We assume the buffer we're passed has a page boundary at > >> > + * size / 2. We also don't want to make the size we scan too large, > >> > + * otherwise the test can take a long time and cause soft lockups. So > >> > + * scan a 1024 byte region across the page boundary. > >> > + */ > >> > + start = size / 2 - 512; > >> > + size = 1024; > >> > >> I don't think it's necessary to do "size / 2" here -- you can just use > >> PAGE_SIZE directly and check above that "size == 2*PAGE_SIZE" (not that > >> this check is exceptionally necessary -- since there's only one caller > >> of this function and it's in the same file). > > > > Michael, in case you resend, can you make my life a little easier and do > > it on top of > > https://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux.git/log/?h=copy_struct_from_user > > please. I have a fix from Aleksa sitting in there laready that _might_ > > cause a conflict otherwise. > > No worries, done. Thank you! Christian
diff --git a/lib/test_user_copy.c b/lib/test_user_copy.c index 950ee88cd6ac..9fb6bc609d4c 100644 --- a/lib/test_user_copy.c +++ b/lib/test_user_copy.c @@ -47,9 +47,26 @@ static bool is_zeroed(void *from, size_t size) static int test_check_nonzero_user(char *kmem, char __user *umem, size_t size) { int ret = 0; - size_t start, end, i; - size_t zero_start = size / 4; - size_t zero_end = size - zero_start; + size_t start, end, i, zero_start, zero_end; + + if (test(size < 1024, "buffer too small")) + return -EINVAL; + + /* + * We want to cross a page boundary to exercise the code more + * effectively. We assume the buffer we're passed has a page boundary at + * size / 2. We also don't want to make the size we scan too large, + * otherwise the test can take a long time and cause soft lockups. So + * scan a 1024 byte region across the page boundary. + */ + start = size / 2 - 512; + size = 1024; + + kmem += start; + umem += start; + + zero_start = size / 4; + zero_end = size - zero_start; /* * We conduct a series of check_nonzero_user() tests on a block of memory