From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2A1F0C004C0 for ; Mon, 23 Oct 2023 16:11:41 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A0A8E6B00E1; Mon, 23 Oct 2023 12:11:40 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9BA8C6B00E2; Mon, 23 Oct 2023 12:11:40 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8AA866B00E3; Mon, 23 Oct 2023 12:11:40 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 7A81A6B00E1 for ; Mon, 23 Oct 2023 12:11:40 -0400 (EDT) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 4C3091605E3 for ; Mon, 23 Oct 2023 16:11:40 +0000 (UTC) X-FDA: 81377216760.02.9846B18 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by imf11.hostedemail.com (Postfix) with ESMTP id 842054001E for ; Mon, 23 Oct 2023 16:11:38 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=linutronix.de header.s=2020 header.b=Jkk1MIdu; dkim=pass header.d=linutronix.de header.s=2020e header.b=lWLEqAuy; dmarc=pass (policy=none) header.from=linutronix.de; spf=pass (imf11.hostedemail.com: domain of tglx@linutronix.de designates 193.142.43.55 as permitted sender) smtp.mailfrom=tglx@linutronix.de ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1698077498; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=bO2BXye1lMp4h+BXWFd2ZCWFmLCstWT9fiAOX+cFNvc=; b=tmbP+IMVHCF72jQrEcV48swd3qOKfY9DUJ16FKAvGOK+pcBQH/EGC1WuSM5ksmkTAB2JHm Hc2gbMPqlm1GEieB4vZdYJqSr2QOdjojZ5MonJ/bIeDwsH3JqJcjeHgBEJ0LFN5SD4Qb8l cEx+V5rNPakbNw5m4k1ON7YXxvumVdw= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=pass header.d=linutronix.de header.s=2020 header.b=Jkk1MIdu; dkim=pass header.d=linutronix.de header.s=2020e header.b=lWLEqAuy; dmarc=pass (policy=none) header.from=linutronix.de; spf=pass (imf11.hostedemail.com: domain of tglx@linutronix.de designates 193.142.43.55 as permitted sender) smtp.mailfrom=tglx@linutronix.de ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1698077498; a=rsa-sha256; cv=none; b=zM3yA2IsC6Zh+/ClwMqvhyMdZ/elmVpXHt3wNDL1UTmtxHkZFJHFofKN5yDyNsgyL/1Jev 8r0FH+KpZdE6LV3mJoWz0C2hGrs8i1yxDmaKX0maFXNP0d/tx6DbcoK7a2/+FZaJ0zJiuf Ar3P/nIqZc/OkgVmVpkOq8b9ZVnjRB0= From: Thomas Gleixner DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1698077496; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=bO2BXye1lMp4h+BXWFd2ZCWFmLCstWT9fiAOX+cFNvc=; b=Jkk1MIduHCB1MF5WJx4RWCSZ8fW9+U+ytu9yAvC3tDHutUzhDqvVluOFridpUxx1XGgHDe WtnQfGfWAttalqAmdInYz36TOlO0Ll2TFLn5ToLMU5k2bVzRfVUxtYhQPi1bPBgCDwe80e cwoclFaSLruuDzHSDHSTyZvRQjv6b6wJFO9qbTedGGJFNhKrWBvw/Vn3ejgcLcvyLcYNUl jP4+vtixe/mZITuy3GoFdjigXrjl93Nv+4nxTznlItgkpjkemItdzn6AlZW88H8EfQtZLH dhP2XgE0NM2o47ND1nPLwqfZkkO50DCqWpQl3PjxZoMHCOX3ABDFL8tUJah7kw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1698077496; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=bO2BXye1lMp4h+BXWFd2ZCWFmLCstWT9fiAOX+cFNvc=; b=lWLEqAuyKfuaLlXO6AMm4ZKc2+rIWXy1PzymO7xE1YLVZgaQdbJop3PJvcnEPSWd8Yzaxb oiKD8Ywq/zWbA3DQ== To: Andrzej Hajda , linux-kernel@vger.kernel.org, intel-gfx@lists.freedesktop.org, linux-mm@kvack.org Cc: Nirmoy Das Subject: Re: [Intel-gfx] [PATCH v2] debugobjects: stop accessing objects after releasing spinlock In-Reply-To: <62e16250-63f4-4fbb-b00e-db808b600664@intel.com> References: <20230925131359.2948827-1-andrzej.hajda@intel.com> <87v8bak6iy.ffs@tglx> <62e16250-63f4-4fbb-b00e-db808b600664@intel.com> Date: Mon, 23 Oct 2023 18:11:35 +0200 Message-ID: <87r0llco94.ffs@tglx> MIME-Version: 1.0 Content-Type: text/plain X-Rspamd-Queue-Id: 842054001E X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: mssm81rmq5gb4axehkcmf4gkskddpwai X-HE-Tag: 1698077498-441568 X-HE-Meta: U2FsdGVkX184VFvQVFn/GIFgXvjBP4xXu9hmLzAQQvYrQeRRiYUA6z8Svt/per6EEgEVLyraHs9boLHxNA8TrEz7cfH91KyptdYGZ2X7Y3boELzK6dvGAffBKmSMiTorpPaodBp7pb7vMKZIMrYX5sC3DHmhg4x6fcWZM5380gczKruUQ1eXC8Hv+zBMbUT8uj6d53LCJD5wSTqbVihQM1U4dF8lX3V3k6s9h0oh1xDkSg4/F2Io4ur0KAuz7JALvCGhZzS6WYPCrukea6i9pwfR6vXVzlUXH6Qm9IceEK/mVX4nB6dgCnVSxMFuQUT6rzSXur0Ac/tdvAmBnB2Ifpt5SKCd8z7ZpbaeGjEf0bsBOnbypc8JgweaIdPVqYZIxzPrUMLVgPTmpwv4+7fGB1yokJ2hoXGUjgZvTqRSI0MAKg2uFaPsH4Zf0xf5jKK7BdJWvQKg92K7KatDoIOtDxIlgqom3Bk/kB6Z1bMAs2CZ17XWc/nfWbpWSvtl0OSViJCVJlxJfJq11mkl0+SNLWlN8e5k1lOp5b9kMNZ0Eby6XPTRy8vpMD+WP/+UAmB7LfEp/nRnXhXACF+0sWpEDsq7roC/EihowdoUIdzoayL5cjlOqS7M3veCeqW5BGGNfAPCQL/YHQWoOt2g/NmgRqsiciQHt74jwF5GmmGSGGwrE1dz7ovszkaE2vXirbwGkmOe7+xr8lwMWyxt+OE+6mg1zEf+v1+3E+Pg1XyrIEjx7lTBfqzhP0zO3LNTwY0EolKAV6tnTM0LK2qdkvsy9CgEq4jqtrLliesbggFgBMce8bVgJFmsQ/4KoOacphplqJHytjfUMG3Cj4KsGOEfCvG3Fr9wN/DN62dU0OYB+7LYF+eJGz9pfPr/KpIlb17nKKTJ6THlawIK0sNIAREfc0gPMAwR9igDeH+ImqFh1UhFuZvm+X6MJSxkpQe99mvyzbF/OH0dhDflGhKHTET CuWA1zK0 PXeN1m7iGo9VvWFyfNssRIOlvtaN9pX3KhbTF6pxreW6/qPQ= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000002, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, Oct 19 2023 at 12:31, Andrzej Hajda wrote: > On 13.10.2023 15:15, Thomas Gleixner wrote: >> It cannot be freed. If that happens then the calling code will have an >> UAF problem on the tracked item too. > > Yes, and I have assumed that debugobjects are created also for detecting > UAFs. Kinda. > They should be able to handle/detect 'issues due to incorrectly > serialized concurrent accesses' scenarios as well, at least some of > them. And even if it cannot recover it should at least provide reliable > reporting. Fair enough. > Now we can have scenario: > 1. Thread tries to deactivate destroyed object, debugobjects detects it, > spin lock is released, thread is preempted. > 2. Other thread frees debugobject, then allocates new one on the same > memory location, ie 'obj' variable from 1st thread point to it - it is > possible because there is no locking. > 3. Then preemption occurs, and 1st thread reports error for wrong object. > > This seems the most drastic for me, but also with lowest chances to > happen due to delayed freeing, but there are also other more probable > scenarios when we print the same object but in state different from the > one when debugobject detected issue, due to modification by concurrent > thread. Now I understand what you mean. This information should be in the changelog, no? Let me stare at the patch once more.