From: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Arnd Bergmann <arnd@arndb.de>,
linux-kernel@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>,
syzbot <syzbot+8ab2d0f39fb79fe6ca40@syzkaller.appspotmail.com>
Subject: Re: [PATCH v3] /dev/mem: Bail out upon SIGKILL.
Date: Mon, 26 Aug 2019 22:44:29 +0900 [thread overview]
Message-ID: <87bb0adb-1d36-6481-6845-a93e5a3e5d17@i-love.sakura.ne.jp> (raw)
In-Reply-To: <20190826132916.GB12281@kroah.com>
On 2019/08/26 22:29, Greg Kroah-Hartman wrote:
> On Mon, Aug 26, 2019 at 10:13:25PM +0900, Tetsuo Handa wrote:
>> syzbot found that a thread can stall for minutes inside read_mem() or
>> write_mem() after that thread was killed by SIGKILL [1]. Reading from
>> iomem areas of /dev/mem can be slow, depending on the hardware.
>> While reading 2GB at one read() is legal, delaying termination of killed
>> thread for minutes is bad. Thus, allow reading/writing /dev/mem and
>> /dev/kmem to be preemptible and killable.
>>
>> [ 1335.912419][T20577] read_mem: sz=4096 count=2134565632
>> [ 1335.943194][T20577] read_mem: sz=4096 count=2134561536
>> [ 1335.978280][T20577] read_mem: sz=4096 count=2134557440
>> [ 1336.011147][T20577] read_mem: sz=4096 count=2134553344
>> [ 1336.041897][T20577] read_mem: sz=4096 count=2134549248
>>
>> Theoretically, reading/writing /dev/mem and /dev/kmem can become
>> "interruptible". But this patch chose "killable". Future patch will make
>> them "interruptible" so that we can revert to "killable" if some program
>> regressed.
>>
>> [1] https://syzkaller.appspot.com/bug?id=a0e3436829698d5824231251fad9d8e998f94f5e
>>
>> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
>> Reported-by: syzbot <syzbot+8ab2d0f39fb79fe6ca40@syzkaller.appspotmail.com>
>> ---
>> drivers/char/mem.c | 21 +++++++++++++++++++++
>> 1 file changed, 21 insertions(+)
>
> What changed from previous versions?
>
> That goes below the --- line at the very least.
(1) Moved fatal_signal_pending() test to end of iteration.
(2) Added need_resched() test before cond_resched().
(3) Removed -EINTR assignment because end of iteration means
that at least one byte was processed (sz > 0).
>
> thanks,
>
> greg k-h
>
next prev parent reply other threads:[~2019-08-26 13:44 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-26 13:13 [PATCH v3] /dev/mem: Bail out upon SIGKILL Tetsuo Handa
2019-08-26 13:29 ` Greg Kroah-Hartman
2019-08-26 13:44 ` Tetsuo Handa [this message]
2019-09-04 10:19 ` Tetsuo Handa
2019-09-04 10:50 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87bb0adb-1d36-6481-6845-a93e5a3e5d17@i-love.sakura.ne.jp \
--to=penguin-kernel@i-love.sakura.ne.jp \
--cc=arnd@arndb.de \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=syzbot+8ab2d0f39fb79fe6ca40@syzkaller.appspotmail.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.