linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Bjorn Andersson <bjorn.andersson@linaro.org>
To: Steven Rostedt <rostedt@goodmis.org>
Cc: John Stultz <john.stultz@linaro.org>,
	"Paul E. McKenney" <paulmck@kernel.org>,
	Josh Triplett <josh@joshtriplett.org>,
	lkml <linux-kernel@vger.kernel.org>,
	Saravana Kannan <saravanak@google.com>,
	Todd Kjos <tkjos@google.com>, Stephen Boyd <sboyd@kernel.org>,
	Peter Zijlstra <peterz@infradead.org>,
	Thomas Gleixner <tglx@linutronix.de>
Subject: Re: On trace_*_rcuidle functions in modules
Date: Wed, 15 Apr 2020 18:02:58 -0700	[thread overview]
Message-ID: <20200416010258.GM20625@builder.lan> (raw)
In-Reply-To: <20200415204827.24f2c548@oasis.local.home>

On Wed 15 Apr 17:48 PDT 2020, Steven Rostedt wrote:

> On Wed, 15 Apr 2020 17:06:24 -0700
> John Stultz <john.stultz@linaro.org> wrote:
> 
> > So you're saying the recent change to move to using trace_*_rcuidle()
> > was unnecessary?
> > 
> > Or is there a different notifier then cpu_pm_register_notifier() that
> > the driver should be using (that one seems to be using
> > atomic_notifier_chain_register())?
> 
> From looking at the trace event in __tcs_buffer_write() in
> drivers/soc/qcom/rpmh-rsc.c, the _rcuidle() was added by:
> 
> efde2659b0fe8 ("drivers: qcom: rpmh-rsc: Use rcuidle tracepoints for rpmh")
> 
> Which shows a backtrace dump of:
> 
>      Call trace:
>       dump_backtrace+0x0/0x174
>       show_stack+0x20/0x2c
>       dump_stack+0xc8/0x124
>       lockdep_rcu_suspicious+0xe4/0x104
>       __tcs_buffer_write+0x230/0x2d0
>       rpmh_rsc_write_ctrl_data+0x210/0x270
>       rpmh_flush+0x84/0x24c
>       rpmh_domain_power_off+0x78/0x98
>       _genpd_power_off+0x40/0xc0
>       genpd_power_off+0x168/0x208
>       genpd_power_off+0x1e0/0x208
>       genpd_power_off+0x1e0/0x208
>       genpd_runtime_suspend+0x1ac/0x220
>       __rpm_callback+0x70/0xfc
>       rpm_callback+0x34/0x8c
>       rpm_suspend+0x218/0x4a4
>       __pm_runtime_suspend+0x88/0xac
>       psci_enter_domain_idle_state+0x3c/0xb4
>       cpuidle_enter_state+0xb8/0x284
>       cpuidle_enter+0x38/0x4c
>       call_cpuidle+0x3c/0x68
>       do_idle+0x194/0x260
>       cpu_startup_entry+0x24/0x28
>       secondary_start_kernel+0x150/0x15c
> 
> 
> There's no notifier that calls this. This is called by the rpm_callback
> logic. Perhaps that callback will require a call to rcu_irq_enter()
> before calling the callback.
> 
> In any case, I think it is wrong that these callbacks are called
> without RCU watching. The _rcuidle() on that tracepoint should be
> removed, and we fix the code that gets there to ensure that RCU is
> enabled. I agree with Peter, that no module code should be executed
> without RCU watching.
> 

Forgive me, but how is this problem related to the fact that the code is
dynamically loaded, i.e. encapsulated in a module?

Per the example earlier in this thread, the thing we're worried about is
a use after free in the following scenario, right?

        cpu_pm_unregister_notifier(my_notifier);
	kfree(my_data);

But a driver implementing this snippet might do this regardless of being
builtin or module and afaict exiting probe() unsuccessfully or unbinding
the device would risk triggering this issue?

Regards,
Bjorn

  reply	other threads:[~2020-04-16  1:02 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-15  2:20 On trace_*_rcuidle functions in modules John Stultz
2020-04-15  2:57 ` Paul E. McKenney
2020-04-15  3:47   ` John Stultz
2020-04-15 13:12     ` Paul E. McKenney
2020-04-15 12:53 ` Steven Rostedt
2020-04-15 19:56   ` John Stultz
2020-04-15 20:14     ` Steven Rostedt
2020-04-15 20:17       ` John Stultz
2020-04-15 20:41         ` Steven Rostedt
2020-04-15 21:02           ` John Stultz
2020-04-15 21:49             ` Steven Rostedt
2020-04-15 22:04               ` Paul E. McKenney
2020-04-15 22:42                 ` Peter Zijlstra
2020-04-15 22:53                   ` Steven Rostedt
2020-04-15 22:53                   ` Paul E. McKenney
2020-04-15 22:51                 ` Steven Rostedt
2020-04-15 22:54                   ` Paul E. McKenney
2020-04-16  0:06                   ` John Stultz
2020-04-16  0:48                     ` Steven Rostedt
2020-04-16  1:02                       ` Bjorn Andersson [this message]
2020-04-16  1:24                         ` Steven Rostedt
2020-04-16  2:17                       ` John Stultz
2020-04-15 22:07               ` John Stultz
2020-04-15 22:40       ` Peter Zijlstra

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200416010258.GM20625@builder.lan \
    --to=bjorn.andersson@linaro.org \
    --cc=john.stultz@linaro.org \
    --cc=josh@joshtriplett.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=paulmck@kernel.org \
    --cc=peterz@infradead.org \
    --cc=rostedt@goodmis.org \
    --cc=saravanak@google.com \
    --cc=sboyd@kernel.org \
    --cc=tglx@linutronix.de \
    --cc=tkjos@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).