From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=9Vx7=A3=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-17.6 required=3.0 tests=BAYES_00,DKIMWL_WL_MED,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,
	URIBL_BLOCKED,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no
	version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id F2420C433E2
	for <linux-mm@archiver.kernel.org>; Thu, 16 Jul 2020 23:53:47 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id B2C15207BC
	for <linux-mm@archiver.kernel.org>; Thu, 16 Jul 2020 23:53:47 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="fJH2BDM6"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B2C15207BC
Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 2C1DB6B0073; Thu, 16 Jul 2020 19:53:47 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 2727D6B0074; Thu, 16 Jul 2020 19:53:47 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 1B0F36B0075; Thu, 16 Jul 2020 19:53:47 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0194.hostedemail.com [216.40.44.194])
	by kanga.kvack.org (Postfix) with ESMTP id 0655F6B0073
	for <linux-mm@kvack.org>; Thu, 16 Jul 2020 19:53:47 -0400 (EDT)
Received: from smtpin09.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay02.hostedemail.com (Postfix) with ESMTP id B98232DFD
	for <linux-mm@kvack.org>; Thu, 16 Jul 2020 23:53:46 +0000 (UTC)
X-FDA: 77045594052.09.scarf80_0d16e4c26f06
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin09.hostedemail.com (Postfix) with ESMTP id 92C0A180AD802
	for <linux-mm@kvack.org>; Thu, 16 Jul 2020 23:53:46 +0000 (UTC)
X-HE-Tag: scarf80_0d16e4c26f06
X-Filterd-Recvd-Size: 5363
Received: from mail-ed1-f67.google.com (mail-ed1-f67.google.com [209.85.208.67])
	by imf29.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Thu, 16 Jul 2020 23:53:46 +0000 (UTC)
Received: by mail-ed1-f67.google.com with SMTP id a8so6204483edy.1
        for <linux-mm@kvack.org>; Thu, 16 Jul 2020 16:53:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=gHjNZ84Odw9I00tyL0rNJk6APocttkiZI0Xw6GVe51U=;
        b=fJH2BDM6Ixum8ogIhI3oTUAlm4JvVXiLMlmveR9PrJbIIrNyy3hsxZgPKviKM4+YQU
         vBjg568mWozwniuvnzS7+RVc+0Jd05h4JQWcmc40j5oFxRSmZZPHTJ0WA+nC/pbF7+lt
         +vy3Te1DvgX4Xr1H7Hv4Py4nE4khXVlMOQUUd4rebpjFuetFSu7eDqsVAMh0IfdpwPUp
         1fwxiuksHBFBohjtIHgVptCoaISFbvcRjGEYErDBPMDcXlJX5VJ2moHZkjNCm5Bg70mj
         NlJ9wOoEvoer1eaKx9RImAsktSIETPZ0CYL7IqduNsMoJ4+VF5q7UJYys3Tix9n3r4zS
         spNg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=gHjNZ84Odw9I00tyL0rNJk6APocttkiZI0Xw6GVe51U=;
        b=VI6pS7tGgD+7gyBwXmlxWSCJueQWS5pcl1EEGoc4APo2LqyxuTwAjM0Ve7zTfYLVYn
         SKS6nlJ5mzDJJtxRIAUin1nmsg7Su7TSntd6oZl3ZUfrw4oykQGdgzYTNZkHP62x6g9U
         Fw525Idt5Bq52bBJONNbRNjTlvL8t2cbf291YGYGIYGk0l0+M98kr/aFhjhpOTqpZT/q
         1Su6pXPo9kBRT8dYXWkL5ClUit6Zfbaj7XWrft8RIJRDF/tCTEY7hs++SXVeijtOcscG
         2rax+of3Hr8mhfuvQex62FcRL9yfXTK7b+mIidf7ftL2KMSsKd+/OyNeOOoNi+gg/Ytp
         c/Dw==
X-Gm-Message-State: AOAM531o13T2mSbWuqhYP+lVxNJoXbhpx7wM6GIsbDf5yl1Qkggb+cdj
	4OIeo0vSSJaFzVmoqn6VFcI2P1ux7rBHT7VqMiGj0g==
X-Google-Smtp-Source: ABdhPJzJOYksqSLMgx/OMH73qQrO95Fo4PRZuMwDHNlEsde8QBxONmvSl4lHz2cQxebZnKGBfy9UpcHlCi8QgE9NkGs=
X-Received: by 2002:aa7:dd8e:: with SMTP id g14mr6950966edv.208.1594943624633;
 Thu, 16 Jul 2020 16:53:44 -0700 (PDT)
MIME-Version: 1.0
References: <0000000000001fbbb605aa805c9b@google.com> <5ce3ee90-333e-638d-ac8c-cd6d7ab7aa3b@I-love.SAKURA.ne.jp>
 <20200716083506.GA20915@dhcp22.suse.cz> <36db7016-98d6-2c6b-110b-b2481fd480ac@i-love.sakura.ne.jp>
 <20200716135445.GN31089@dhcp22.suse.cz> <4ba9adb2-43f5-2de0-22de-f6075c1fab50@i-love.sakura.ne.jp>
 <20200716151756.GO31089@dhcp22.suse.cz>
In-Reply-To: <20200716151756.GO31089@dhcp22.suse.cz>
From: Todd Kjos <tkjos@google.com>
Date: Thu, 16 Jul 2020 16:53:31 -0700
Message-ID: <CAHRSSEzL7E3BPnyc7WAoqo8U=ofSxaj9bKTnU-=+W2=1WManDQ@mail.gmail.com>
Subject: Re: [PATCH v2] binder: Don't use mmput() from shrinker function.
To: Michal Hocko <mhocko@kernel.org>
Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>, 
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Arve Hjonnevag <arve@android.com>, 
	Todd Kjos <tkjos@android.com>, Martijn Coenen <maco@android.com>, 
	Joel Fernandes <joel@joelfernandes.org>, Christian Brauner <christian@brauner.io>, 
	syzbot <syzbot+e5344baa319c9a96edec@syzkaller.appspotmail.com>, acme@kernel.org, 
	alexander.shishkin@linux.intel.com, jolsa@redhat.com, 
	LKML <linux-kernel@vger.kernel.org>, Mark Rutland <mark.rutland@arm.com>, 
	Ingo Molnar <mingo@redhat.com>, namhyung@kernel.org, 
	Peter Zijlstra <peterz@infradead.org>, syzkaller-bugs <syzkaller-bugs@googlegroups.com>, 
	"open list:ANDROID DRIVERS" <devel@driverdev.osuosl.org>, linux-mm <linux-mm@kvack.org>
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Queue-Id: 92C0A180AD802
X-Spamd-Result: default: False [0.00 / 100.00]
X-Rspamd-Server: rspam04
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Thu, Jul 16, 2020 at 8:18 AM Michal Hocko <mhocko@kernel.org> wrote:
>
> On Fri 17-07-20 00:12:15, Tetsuo Handa wrote:
> > syzbot is reporting that mmput() from shrinker function has a risk of
> > deadlock [1], for delayed_uprobe_add() from update_ref_ctr() calls
> > kzalloc(GFP_KERNEL) with delayed_uprobe_lock held, and
> > uprobe_clear_state() from __mmput() also holds delayed_uprobe_lock.
> >
> > Commit a1b2289cef92ef0e ("android: binder: drop lru lock in isolate
> > callback") replaced mmput() with mmput_async() in order to avoid sleeping
> > with spinlock held. But this patch replaces mmput() with mmput_async() in
> > order not to start __mmput() from shrinker context.
> >
> > [1] https://syzkaller.appspot.com/bug?id=bc9e7303f537c41b2b0cc2dfcea3fc42964c2d45
> >
> > Reported-by: syzbot <syzbot+1068f09c44d151250c33@syzkaller.appspotmail.com>
> > Reported-by: syzbot <syzbot+e5344baa319c9a96edec@syzkaller.appspotmail.com>
> > Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
>
> Reviewed-by: Michal Hocko <mhocko@suse.com>

Acked-by: Todd Kjos <tkjos@google.com>

>
> Thanks!
>
> > ---
> >  drivers/android/binder_alloc.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c
> > index 42c672f1584e..cbe6aa77d50d 100644
> > --- a/drivers/android/binder_alloc.c
> > +++ b/drivers/android/binder_alloc.c
> > @@ -947,7 +947,7 @@ enum lru_status binder_alloc_free_page(struct list_head *item,
> >               trace_binder_unmap_user_end(alloc, index);
> >       }
> >       mmap_read_unlock(mm);
> > -     mmput(mm);
> > +     mmput_async(mm);
> >
> >       trace_binder_unmap_kernel_start(alloc, index);
> >
> > --
> > 2.18.4
>
> --
> Michal Hocko
> SUSE Labs