From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-11.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,NICE_REPLY_A,SIGNED_OFF_BY,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 63B55C388F9 for ; Fri, 23 Oct 2020 11:39:58 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id B03642225F for ; Fri, 23 Oct 2020 11:39:55 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="SRL8te15" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B03642225F Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id D1B3B6B0071; Fri, 23 Oct 2020 07:39:54 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CCE506B0072; Fri, 23 Oct 2020 07:39:54 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BE2C56B0073; Fri, 23 Oct 2020 07:39:54 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0102.hostedemail.com [216.40.44.102]) by kanga.kvack.org (Postfix) with ESMTP id 90AD66B0071 for ; Fri, 23 Oct 2020 07:39:54 -0400 (EDT) Received: from smtpin02.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 3D2241F1B for ; Fri, 23 Oct 2020 11:39:54 +0000 (UTC) X-FDA: 77402995908.02.fruit57_4e0d05c27259 Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin02.hostedemail.com (Postfix) with ESMTP id 1ED841026DFDA for ; Fri, 23 Oct 2020 11:39:54 +0000 (UTC) X-HE-Tag: fruit57_4e0d05c27259 X-Filterd-Recvd-Size: 8473 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by imf34.hostedemail.com (Postfix) with ESMTP for ; Fri, 23 Oct 2020 11:39:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1603453192; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2+H6fT83RqZ6xsB7W39V71rbnS+i4838LTa+2r3q5sI=; b=SRL8te15WpLTEh1WcjOi3JHIJ6o6iQv51Kqhf59JdBkE6abf35H7EOODgat2r9n72H0m1p mjm7GCodz8tc81awrzWiWm1Znvs9WrBjIwstw90xjpk0B60DGdhTpvkwT4quJCTpnCr0tT EsSAbQn5cUXbICjlHQHHyISQ+klddrc= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-92-MN4NqcMbMeqebzeFyhl28Q-1; Fri, 23 Oct 2020 07:39:48 -0400 X-MC-Unique: MN4NqcMbMeqebzeFyhl28Q-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id DB70D107465C; Fri, 23 Oct 2020 11:39:46 +0000 (UTC) Received: from [10.36.114.18] (ovpn-114-18.ams2.redhat.com [10.36.114.18]) by smtp.corp.redhat.com (Postfix) with ESMTP id 217AA277DA; Fri, 23 Oct 2020 11:39:44 +0000 (UTC) Subject: Re: [PATCH] hugetlb: fix locking in region_add,region_cgh,allocate_file_region_entries To: Laurent Cremmer Cc: Mike Kravetz , Andrew Morton , Mina Almasry , David Rientjes , linux-mm@kvack.org, Shuah Khan References: <20201023074759.46605-1-laurent@oss.volkswagen.com> From: David Hildenbrand Organization: Red Hat GmbH Message-ID: <7e737014-65df-224e-0820-15eb8f4a8f7f@redhat.com> Date: Fri, 23 Oct 2020 13:39:44 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.3.1 MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=david@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 23.10.20 13:25, Laurent Cremmer wrote: >> >> On 23.10.20 09:47, Laurent Cremmer wrote: >>> commit 0db9d74ed884 ("hugetlb: disable region_add file_region coalescing") >>> introduced issues with regards to locking: >>> >>> - Missing spin_unlock in hugetlb.c:region_add and hugetlb.c:region_cgh >>> when returning after an error. >>> - Missing spin lock in hugetlb.c:allocate_file_region_entries >>> when returning after an error. >>> >>> The first two errors were spotted using the coccinelle static code >>> analysis tool while focusing on the mini_lock.cocci script, >>> whose goal is to find missing unlocks. >>> >>> make coccicheck mode=REPORT m=mm/hugetlb.c >>> >>> mm/hugetlb.c:514:3-9: preceding lock on line 487 >>> mm/hugetlb.c:564:2-8: preceding lock on line 554 >>> >>> The third instance spotted by manual examination. >>> >>> In static long region_add(...) and static long region_cgh(...) , releasing >>> the acquired lock when exiting via their error path was removed. >>> This will cause these functions to return with a lock held if they do not >>> succeed. >>> >>> This patch reintroduces the original error path making sure the lock is >>> properly released on all exits. >>> >>> A a new function allocate_file_region_entries was also introduced that >>> must be called with a lock held and returned with the lock held. >>> However the lock is temporarily released during processing but will not >>> be reacquired on error. >>> >>> This patch ensures that the lock will be reacquired in the error path also. >>> >>> Fixes: 0db9d74ed884 ("hugetlb: disable region_add file_region coalescing") >>> Link: https://lists.elisa.tech/g/development-process/message/289 >>> Signed-off-by: Laurent Cremmer >>> Reviewed-by: Oliver Hartkopp >>> --- >>> mm/hugetlb.c | 17 +++++++++++------ >>> 1 file changed, 11 insertions(+), 6 deletions(-) >>> >>> diff --git a/mm/hugetlb.c b/mm/hugetlb.c >>> index fe76f8fd5a73..92bea6f77361 100644 >>> --- a/mm/hugetlb.c >>> +++ b/mm/hugetlb.c >>> @@ -438,7 +438,7 @@ static int allocate_file_region_entries(struct resv_map *resv, >>> for (i = 0; i < to_allocate; i++) { >>> trg = kmalloc(sizeof(*trg), GFP_KERNEL); >> >> So we're allocating memory with GFP_KERNEL while holding a spinlock? >> >> If my memory isn't completely wrong, that's broken, no? this would >> require GFP_ATOMIC? >> >> But I might be messing up things :) >> > > Ah, the beauty of patches sometimes not telling the whole story :-) > The lock is released in line 437, prior attempting to allocate with > GFP_KERNEL, so GFP_ATOMIC is not required in this context. Ah, I actually misread line 437, sorry :) [...] >>> >>> @@ -450,7 +450,8 @@ static int allocate_file_region_entries(struct resv_map *resv, >>> >>> return 0; >>> >>> -out_of_memory: >>> +out_of_memory_unlocked: > > However, in light of your remarks, I would question re-acquiring the > lock before cleaning up using kfree and would defer it to after the > clean up as ended. Agree? > >>> + spin_lock(&resv->lock); >>> list_for_each_entry_safe(rg, trg, &allocated_regions, link) { >>> list_del(&rg->link); >>> kfree(rg); >>> @@ -508,7 +509,8 @@ static long region_add(struct resv_map *resv, long f, long t, >>> >>> if (allocate_file_region_entries( >>> resv, actual_regions_needed - in_regions_needed)) { >>> - return -ENOMEM; >>> + add = -ENOMEM; >> >> dito, does this handle atomic context? >> > > IMHO it does, since allocate_file_region_entries will drop the lock > when attempting to allocate entries and reacquires it on exit. Right, that's the source of my confusion. > >> >>> + goto out_locked; >>> } >>> >>> goto retry; >>> @@ -517,7 +519,7 @@ static long region_add(struct resv_map *resv, long f, long t, >>> add = add_reservation_in_range(resv, f, t, h_cg, h, NULL); >>> >>> resv->adds_in_progress -= in_regions_needed; >>> - >>> +out_locked: >>> spin_unlock(&resv->lock); >>> VM_BUG_ON(add < 0); >>> return add; >>> @@ -557,11 +559,14 @@ static long region_chg(struct resv_map *resv, long f, long t, >>> if (*out_regions_needed == 0) >>> *out_regions_needed = 1; >>> >>> - if (allocate_file_region_entries(resv, *out_regions_needed)) >>> - return -ENOMEM; >>> + if (allocate_file_region_entries(resv, *out_regions_needed)) { >>> + chg = -ENOMEM; >>> + goto out_locked; >>> + } >> >> dito >> > > See above, allocate_file_region_entries will return the lock held. > > Now, in defence of the original implementation what "looks" like a bug > at first sight might be an attempt to "optimize-out" a pair of > lock/unlock operations on the error path of region_add, and region_chg > by relying on the implicit knowledegfe that > allocate_file_region_entries would return with the lock not being held > on error. > Unfortunately it hinders the readability (and IMHO the > maintainability) of the code. Yeah, this use of locking is just prone for BUGs. Horrible if you ask me. Temporarily dropping locks is one source of confusions and bugs. Inconsistently returning with either locks held or not is another horrible thing to do. I'll have to stare at the code another couple of minutes to figure out what's actually right or wrong. -- Thanks, David / dhildenb