From: Michael Ellerman <mpe@ellerman.id.au>
To: cyphar@cyphar.com
Cc: mingo@redhat.com, peterz@infradead.org,
alexander.shishkin@linux.intel.com, jolsa@redhat.com,
namhyung@kernel.org, christian@brauner.io, keescook@chromium.org,
linux@rasmusvillemoes.dk, viro@zeniv.linux.org.uk,
torvalds@linux-foundation.org, linux-api@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH v2] usercopy: Avoid soft lockups in test_check_nonzero_user()
Date: Wed, 16 Oct 2019 23:27:32 +1100 [thread overview]
Message-ID: <20191016122732.13467-1-mpe@ellerman.id.au> (raw)
In-Reply-To: <20191011022447.24249-1-mpe@ellerman.id.au>
On a machine with a 64K PAGE_SIZE, the nested for loops in
test_check_nonzero_user() can lead to soft lockups, eg:
watchdog: BUG: soft lockup - CPU#4 stuck for 22s! [modprobe:611]
Modules linked in: test_user_copy(+) vmx_crypto gf128mul crc32c_vpmsum virtio_balloon ip_tables x_tables autofs4
CPU: 4 PID: 611 Comm: modprobe Tainted: G L 5.4.0-rc1-gcc-8.2.0-00001-gf5a1a536fa14-dirty #1151
...
NIP __might_sleep+0x20/0xc0
LR __might_fault+0x40/0x60
Call Trace:
check_zeroed_user+0x12c/0x200
test_user_copy_init+0x67c/0x1210 [test_user_copy]
do_one_initcall+0x60/0x340
do_init_module+0x7c/0x2f0
load_module+0x2d94/0x30e0
__do_sys_finit_module+0xc8/0x150
system_call+0x5c/0x68
Even with a 4K PAGE_SIZE the test takes multiple seconds. Instead
tweak it to only scan a 1024 byte region, but make it cross the
page boundary.
Fixes: f5a1a536fa14 ("lib: introduce copy_struct_from_user() helper")
Suggested-by: Aleksa Sarai <cyphar@cyphar.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
---
lib/test_user_copy.c | 22 +++++++++++++++++++---
1 file changed, 19 insertions(+), 3 deletions(-)
v2: Rework calculation to just use PAGE_SIZE directly.
Rebase onto Christian's tree.
diff --git a/lib/test_user_copy.c b/lib/test_user_copy.c
index ad2372727b1b..5ff04d8fe971 100644
--- a/lib/test_user_copy.c
+++ b/lib/test_user_copy.c
@@ -47,9 +47,25 @@ static bool is_zeroed(void *from, size_t size)
static int test_check_nonzero_user(char *kmem, char __user *umem, size_t size)
{
int ret = 0;
- size_t start, end, i;
- size_t zero_start = size / 4;
- size_t zero_end = size - zero_start;
+ size_t start, end, i, zero_start, zero_end;
+
+ if (test(size < 2 * PAGE_SIZE, "buffer too small"))
+ return -EINVAL;
+
+ /*
+ * We want to cross a page boundary to exercise the code more
+ * effectively. We also don't want to make the size we scan too large,
+ * otherwise the test can take a long time and cause soft lockups. So
+ * scan a 1024 byte region across the page boundary.
+ */
+ size = 1024;
+ start = PAGE_SIZE - (size / 2);
+
+ kmem += start;
+ umem += start;
+
+ zero_start = size / 4;
+ zero_end = size - zero_start;
/*
* We conduct a series of check_nonzero_user() tests on a block of
--
2.21.0
next prev parent reply other threads:[~2019-10-16 12:27 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-01 1:10 [PATCH v4 0/4] lib: introduce copy_struct_from_user() helper Aleksa Sarai
2019-10-01 1:10 ` [PATCH v4 1/4] " Aleksa Sarai
2019-10-01 1:58 ` Kees Cook
2019-10-01 2:31 ` Christian Brauner
2019-10-01 16:28 ` Kees Cook
2019-10-10 11:19 ` Michael Ellerman
2019-10-10 11:19 ` Michael Ellerman
2019-10-10 11:40 ` Aleksa Sarai
2019-10-10 16:43 ` Kees Cook
2019-10-11 2:24 ` [PATCH] usercopy: Avoid soft lockups in test_check_nonzero_user() Michael Ellerman
2019-10-11 3:48 ` Aleksa Sarai
2019-10-11 9:43 ` Christian Brauner
2019-10-16 12:28 ` Michael Ellerman
2019-10-16 12:45 ` Christian Brauner
2019-10-12 9:54 ` Michael Ellerman
2019-10-12 10:12 ` Aleksa Sarai
2019-10-16 12:27 ` Michael Ellerman [this message]
2019-10-16 12:36 ` [PATCH v2] " Aleksa Sarai
2019-10-16 12:50 ` Christian Brauner
2019-10-16 13:03 ` Christian Brauner
2019-10-16 22:00 ` Michael Ellerman
2019-10-17 6:09 ` Christian Brauner
2019-10-23 2:23 ` Michael Ellerman
2019-10-01 1:10 ` [PATCH v4 2/4] clone3: switch to copy_struct_from_user() Aleksa Sarai
2019-10-01 2:32 ` Christian Brauner
2019-10-01 1:10 ` [PATCH v4 3/4] sched_setattr: " Aleksa Sarai
2019-10-01 2:33 ` Christian Brauner
2019-10-01 1:10 ` [PATCH v4 4/4] perf_event_open: " Aleksa Sarai
2019-10-01 2:36 ` Christian Brauner
2019-10-01 16:01 ` [PATCH v4 0/4] lib: introduce copy_struct_from_user() helper Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191016122732.13467-1-mpe@ellerman.id.au \
--to=mpe@ellerman.id.au \
--cc=alexander.shishkin@linux.intel.com \
--cc=christian@brauner.io \
--cc=cyphar@cyphar.com \
--cc=jolsa@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=mingo@redhat.com \
--cc=namhyung@kernel.org \
--cc=peterz@infradead.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.