From patchwork Thu Dec 15 16:20:13 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 33701 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:e747:0:0:0:0:0 with SMTP id c7csp459353wrn; Thu, 15 Dec 2022 08:24:24 -0800 (PST) X-Google-Smtp-Source: AA0mqf46w6Areqko2PiBgkiykAktynm7quN73PLcCDZKp1AxU9O2WXmUegqJBE9kEXQMDKgecpsq X-Received: by 2002:a05:6a21:9103:b0:a3:9aa3:c060 with SMTP id tn3-20020a056a21910300b000a39aa3c060mr41128948pzb.53.1671121463808; Thu, 15 Dec 2022 08:24:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1671121463; cv=none; d=google.com; s=arc-20160816; b=KLIuz1RNtWxEWXOwxKrkfqTrQI2+EqplkWSphzrJJtsEhsOScfTQqJtxNVaFXpGUPw 8Tm2PJCPhkro5CcjEmvtup54oLLeNPDNKH6Lpn/6DJ/xbeEp1t8UUgU8eO1sOmIN8tZt iiAQPT8u2TvtvLaqUWSLYDdkjiwqdjfx37FH6mihxjdAf9aJQKhBYRP3r5gTY+TPUTEW vy1t0It8kv5bXnASb92jYC9hlQPYqvd/0TI6aMIeKpe8KNxdY8bf+1zZocdACi750n5o Gzdl/zWXHxXQpVIt4po1vsCfThdOmLklICQWNy+q3SxR9xLKEPLDXTXKvu7UTWFt3rrD 8ctA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:cc:to:from :subject:organization:dkim-signature; bh=4DbYOpVKGqZ5scXWg56uxXk7BwnWmrowQWZvgmfyqEk=; b=ggkWoCyA1WSHQd5Ed/g9+SIXqhhemJLNvHOKGbkLtWXlgqEV13PqOUsA46H8fBNuco aeygMG3m/7HAOV/9RDWqqAGO7BmjKMG42G8NPieBEXN3syxcv4AyM+q+w3Wvi5B7pxd/ 3CFpADv0GyPRCfwUQTpj6I306u3PdGLPsDwD6jktiKYUHTY/zEe778bZOXbKcr+abuPg blk4B6VaSM1UPecvzNdygSgDjm0vuFI1ZghgGjFxiSl6WmZo+G8YtyBKSvgAmQKdwhdN hozBbN+bi8ISjScUdkfC+lOoW6ae4g24bXpjPEH3KKJmU5qQMMA4AjyitL6P2EdqFyAc HSTQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="Bs/wOE6t"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p14-20020a1709028a8e00b00189c05664e8si5922461plo.563.2022.12.15.08.24.09; Thu, 15 Dec 2022 08:24:23 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="Bs/wOE6t"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230084AbiLOQVM (ORCPT + 99 others); Thu, 15 Dec 2022 11:21:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48336 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230057AbiLOQU7 (ORCPT ); Thu, 15 Dec 2022 11:20:59 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2CD092EF78 for ; Thu, 15 Dec 2022 08:20:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1671121218; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4DbYOpVKGqZ5scXWg56uxXk7BwnWmrowQWZvgmfyqEk=; b=Bs/wOE6t+U/ywbn1ewY1ou7XdoY0bVJXA9PrflDsj0OB5kBRLVrj2/LR2JvKU0xG0VNUTb c47WAt6sNE3vDfXT6bsFIy9Zy77TsnpC+RUvkMZyzmJl3eK1XhHZYd2OlTcLQi+wbSvhub CGMGIa5pJWSvgXVvUw3NdRY6QW6W+/c= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-591-PvLxAIjDOXScJCB7g925bg-1; Thu, 15 Dec 2022 11:20:17 -0500 X-MC-Unique: PvLxAIjDOXScJCB7g925bg-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 82E828030DD; Thu, 15 Dec 2022 16:20:16 +0000 (UTC) Received: from warthog.procyon.org.uk (unknown [10.33.36.96]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9517B4085720; Thu, 15 Dec 2022 16:20:15 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH net 4/9] rxrpc: Fix I/O thread startup getting skipped From: David Howells To: netdev@vger.kernel.org Cc: syzbot+3538a6a72efa8b059c38@syzkaller.appspotmail.com, Marc Dionne , Hillf Danton , dhowells@redhat.com, linux-afs@lists.infradead.org, linux-kernel@vger.kernel.org Date: Thu, 15 Dec 2022 16:20:13 +0000 Message-ID: <167112121304.152641.6427798169346167745.stgit@warthog.procyon.org.uk> In-Reply-To: <167112117887.152641.6194213035340041732.stgit@warthog.procyon.org.uk> References: <167112117887.152641.6194213035340041732.stgit@warthog.procyon.org.uk> User-Agent: StGit/1.5 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.2 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1752297860023332891?= X-GMAIL-MSGID: =?utf-8?q?1752297860023332891?= When starting a kthread, the __kthread_create_on_node() function, as called from kthread_run(), waits for a completion to indicate that the task_struct (or failure state) of the new kernel thread is available before continuing. This does not wait, however, for the thread function to be invoked and, indeed, will skip it if kthread_stop() gets called before it gets there. If this happens, though, kthread_run() will have returned successfully, indicating that the thread was started and returning the task_struct pointer. The actual error indication is returned by kthread_stop(). Note that this is ambiguous, as the caller cannot tell whether the -EINTR error code came from kthread() or from the thread function. This was encountered in the new rxrpc I/O thread, where if the system is being pounded hard by, say, syzbot, the check of KTHREAD_SHOULD_STOP can be delayed long enough for kthread_stop() to get called when rxrpc releases a socket - and this causes an oops because the I/O thread function doesn't get started and thus doesn't remove the rxrpc_local struct from the local_endpoints list. Fix this by using a completion to wait for the thread to actually enter rxrpc_io_thread(). This makes sure the thread can't be prematurely stopped and makes sure the relied-upon cleanup is done. Fixes: a275da62e8c1 ("rxrpc: Create a per-local endpoint receive queue and I/O thread") Reported-by: syzbot+3538a6a72efa8b059c38@syzkaller.appspotmail.com Signed-off-by: David Howells cc: Marc Dionne cc: Hillf Danton Link: https://lore.kernel.org/r/000000000000229f1505ef2b6159@google.com/ --- net/rxrpc/ar-internal.h | 1 + net/rxrpc/io_thread.c | 2 ++ net/rxrpc/local_object.c | 2 ++ 3 files changed, 5 insertions(+) diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h index e7dccab7b741..37f3aec784cc 100644 --- a/net/rxrpc/ar-internal.h +++ b/net/rxrpc/ar-internal.h @@ -287,6 +287,7 @@ struct rxrpc_local { struct hlist_node link; struct socket *socket; /* my UDP socket */ struct task_struct *io_thread; + struct completion io_thread_ready; /* Indication that the I/O thread started */ struct rxrpc_sock __rcu *service; /* Service(s) listening on this endpoint */ struct rw_semaphore defrag_sem; /* control re-enablement of IP DF bit */ struct sk_buff_head rx_queue; /* Received packets */ diff --git a/net/rxrpc/io_thread.c b/net/rxrpc/io_thread.c index d83ae3193032..e460e4151c16 100644 --- a/net/rxrpc/io_thread.c +++ b/net/rxrpc/io_thread.c @@ -426,6 +426,8 @@ int rxrpc_io_thread(void *data) struct rxrpc_call *call; struct sk_buff *skb; + complete(&local->io_thread_ready); + skb_queue_head_init(&rx_queue); set_user_nice(current, MIN_NICE); diff --git a/net/rxrpc/local_object.c b/net/rxrpc/local_object.c index 24ee585d9aaf..270b63d8f37a 100644 --- a/net/rxrpc/local_object.c +++ b/net/rxrpc/local_object.c @@ -97,6 +97,7 @@ static struct rxrpc_local *rxrpc_alloc_local(struct rxrpc_net *rxnet, local->rxnet = rxnet; INIT_HLIST_NODE(&local->link); init_rwsem(&local->defrag_sem); + init_completion(&local->io_thread_ready); skb_queue_head_init(&local->rx_queue); INIT_LIST_HEAD(&local->call_attend_q); local->client_bundles = RB_ROOT; @@ -189,6 +190,7 @@ static int rxrpc_open_socket(struct rxrpc_local *local, struct net *net) goto error_sock; } + wait_for_completion(&local->io_thread_ready); local->io_thread = io_thread; _leave(" = 0"); return 0;