[PATCH] locking/mutex: Test for initialized mutex

[PATCH] locking/mutex: Test for initialized mutex

[Sebastian Andrzej Siewior]

An uninitialized/ zeroed mutex will go unnoticed because there is no
check for it. There is a magic check in the unlock's slowpath path which
might go unnoticed if the unlock happens in the fastpath.

Add a ->magic check early in the mutex_lock() and mutex_trylock() path.

Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
---
Nothing screamed during uninitialized usage of init_mm's context->lock
  https://git.kernel.org/tip/32232b350d7cd93cdc65fe5a453e6a40b539e9f9

 kernel/locking/mutex.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/kernel/locking/mutex.c b/kernel/locking/mutex.c
index 0c601ae072b3f..fb1f6f1e1cc61 100644
--- a/kernel/locking/mutex.c
+++ b/kernel/locking/mutex.c
@@ -908,6 +908,10 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass,
 
 	might_sleep();
 
+#ifdef CONFIG_DEBUG_MUTEXES
+	DEBUG_LOCKS_WARN_ON(lock->magic != lock);
+#endif
+
 	ww = container_of(lock, struct ww_mutex, base);
 	if (use_ww_ctx && ww_ctx) {
 		if (unlikely(ww_ctx == READ_ONCE(ww->ctx)))
@@ -1379,8 +1383,13 @@ __ww_mutex_lock_interruptible_slowpath(struct ww_mutex *lock,
  */
 int __sched mutex_trylock(struct mutex *lock)
 {
-	bool locked = __mutex_trylock(lock);
+	bool locked;
 
+#ifdef CONFIG_DEBUG_MUTEXES
+	DEBUG_LOCKS_WARN_ON(lock->magic != lock);
+#endif
+
+	locked = __mutex_trylock(lock);
 	if (locked)
 		mutex_acquire(&lock->dep_map, 0, 1, _RET_IP_);
 
-- 
2.20.1

Re: [PATCH] locking/mutex: Test for initialized mutex

[Will Deacon]

On Wed, Jul 03, 2019 at 11:21:26AM +0200, Sebastian Andrzej Siewior wrote:
> An uninitialized/ zeroed mutex will go unnoticed because there is no
> check for it. There is a magic check in the unlock's slowpath path which
> might go unnoticed if the unlock happens in the fastpath.
> 
> Add a ->magic check early in the mutex_lock() and mutex_trylock() path.
> 
> Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
> ---
> Nothing screamed during uninitialized usage of init_mm's context->lock
>   https://git.kernel.org/tip/32232b350d7cd93cdc65fe5a453e6a40b539e9f9
> 
>  kernel/locking/mutex.c | 11 ++++++++++-
>  1 file changed, 10 insertions(+), 1 deletion(-)
> 
> diff --git a/kernel/locking/mutex.c b/kernel/locking/mutex.c
> index 0c601ae072b3f..fb1f6f1e1cc61 100644
> --- a/kernel/locking/mutex.c
> +++ b/kernel/locking/mutex.c
> @@ -908,6 +908,10 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass,
>  
>  	might_sleep();
>  
> +#ifdef CONFIG_DEBUG_MUTEXES
> +	DEBUG_LOCKS_WARN_ON(lock->magic != lock);
> +#endif

Why do we need to check this so early, or could we move it into
debug_mutex_lock_common() instead?

Will

Re: [PATCH] locking/mutex: Test for initialized mutex

[Sebastian Andrzej Siewior]

On 2019-07-10 17:50:54 [+0100], Will Deacon wrote:
> On Wed, Jul 03, 2019 at 11:21:26AM +0200, Sebastian Andrzej Siewior wrote:
> > An uninitialized/ zeroed mutex will go unnoticed because there is no
> > check for it. There is a magic check in the unlock's slowpath path which
> > might go unnoticed if the unlock happens in the fastpath.
> > 
> > Add a ->magic check early in the mutex_lock() and mutex_trylock() path.
> > 
> > Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
> > ---
> > Nothing screamed during uninitialized usage of init_mm's context->lock
> >   https://git.kernel.org/tip/32232b350d7cd93cdc65fe5a453e6a40b539e9f9
> > 
> >  kernel/locking/mutex.c | 11 ++++++++++-
> >  1 file changed, 10 insertions(+), 1 deletion(-)
> > 
> > diff --git a/kernel/locking/mutex.c b/kernel/locking/mutex.c
> > index 0c601ae072b3f..fb1f6f1e1cc61 100644
> > --- a/kernel/locking/mutex.c
> > +++ b/kernel/locking/mutex.c
> > @@ -908,6 +908,10 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass,
> >  
> >  	might_sleep();
> >  
> > +#ifdef CONFIG_DEBUG_MUTEXES
> > +	DEBUG_LOCKS_WARN_ON(lock->magic != lock);
> > +#endif
> 
> Why do we need to check this so early, or could we move it into
> debug_mutex_lock_common() instead?

debug_mutex_lock_common() is too late. A few lines later, before
"preempt_disable()" would be possible. After that, there is
__mutex_trylock() which would succeed so you don't catch the
uninitialized case. By the time you get to debug_mutex_lock_common() you
need contention and then acquire ->wait_lock which should complain about
missing magic.

> Will

Sebastian

Re: [PATCH] locking/mutex: Test for initialized mutex

[Will Deacon]

On Wed, Jul 10, 2019 at 09:15:49PM +0200, Sebastian Andrzej Siewior wrote:
> On 2019-07-10 17:50:54 [+0100], Will Deacon wrote:
> > On Wed, Jul 03, 2019 at 11:21:26AM +0200, Sebastian Andrzej Siewior wrote:
> > > An uninitialized/ zeroed mutex will go unnoticed because there is no
> > > check for it. There is a magic check in the unlock's slowpath path which
> > > might go unnoticed if the unlock happens in the fastpath.
> > > 
> > > Add a ->magic check early in the mutex_lock() and mutex_trylock() path.
> > > 
> > > Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
> > > ---
> > > Nothing screamed during uninitialized usage of init_mm's context->lock
> > >   https://git.kernel.org/tip/32232b350d7cd93cdc65fe5a453e6a40b539e9f9
> > > 
> > >  kernel/locking/mutex.c | 11 ++++++++++-
> > >  1 file changed, 10 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/kernel/locking/mutex.c b/kernel/locking/mutex.c
> > > index 0c601ae072b3f..fb1f6f1e1cc61 100644
> > > --- a/kernel/locking/mutex.c
> > > +++ b/kernel/locking/mutex.c
> > > @@ -908,6 +908,10 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass,
> > >  
> > >  	might_sleep();
> > >  
> > > +#ifdef CONFIG_DEBUG_MUTEXES
> > > +	DEBUG_LOCKS_WARN_ON(lock->magic != lock);
> > > +#endif
> > 
> > Why do we need to check this so early, or could we move it into
> > debug_mutex_lock_common() instead?
> 
> debug_mutex_lock_common() is too late. A few lines later, before
> "preempt_disable()" would be possible. After that, there is
> __mutex_trylock() which would succeed so you don't catch the
> uninitialized case. By the time you get to debug_mutex_lock_common() you
> need contention and then acquire ->wait_lock which should complain about
> missing magic.

Right you are; thanks for the explanation. I don't see a better approach
than what you've done, so:

Acked-by: Will Deacon <will@kernel.org>

Will

[tip:locking/core] locking/mutex: Test for initialized mutex

[tip-bot for Sebastian Andrzej Siewior]

Commit-ID:  6c11c6e3d5e9e5caf8686cd6a5e4552cfc3ea326
Gitweb:     https://git.kernel.org/tip/6c11c6e3d5e9e5caf8686cd6a5e4552cfc3ea326
Author:     Sebastian Andrzej Siewior <bigeasy@linutronix.de>
AuthorDate: Wed, 3 Jul 2019 11:21:26 +0200
Committer:  Ingo Molnar <mingo@kernel.org>
CommitDate: Thu, 25 Jul 2019 15:39:27 +0200

locking/mutex: Test for initialized mutex

An uninitialized/ zeroed mutex will go unnoticed because there is no
check for it. There is a magic check in the unlock's slowpath path which
might go unnoticed if the unlock happens in the fastpath.

Add a ->magic check early in the mutex_lock() and mutex_trylock() path.

Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Will Deacon <will@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/20190703092125.lsdf4gpsh2plhavb@linutronix.de
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
 kernel/locking/mutex.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/kernel/locking/mutex.c b/kernel/locking/mutex.c
index edd1c082dbf5..5e069734363c 100644
--- a/kernel/locking/mutex.c
+++ b/kernel/locking/mutex.c
@@ -908,6 +908,10 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass,
 
 	might_sleep();
 
+#ifdef CONFIG_DEBUG_MUTEXES
+	DEBUG_LOCKS_WARN_ON(lock->magic != lock);
+#endif
+
 	ww = container_of(lock, struct ww_mutex, base);
 	if (use_ww_ctx && ww_ctx) {
 		if (unlikely(ww_ctx == READ_ONCE(ww->ctx)))
@@ -1379,8 +1383,13 @@ __ww_mutex_lock_interruptible_slowpath(struct ww_mutex *lock,
  */
 int __sched mutex_trylock(struct mutex *lock)
 {
-	bool locked = __mutex_trylock(lock);
+	bool locked;
+
+#ifdef CONFIG_DEBUG_MUTEXES
+	DEBUG_LOCKS_WARN_ON(lock->magic != lock);
+#endif
 
+	locked = __mutex_trylock(lock);
 	if (locked)
 		mutex_acquire(&lock->dep_map, 0, 1, _RET_IP_);