From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CA110C3600D for ; Mon, 24 Mar 2025 21:15:49 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B4C29280002; Mon, 24 Mar 2025 17:15:46 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id AFC2C280001; Mon, 24 Mar 2025 17:15:46 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9C496280002; Mon, 24 Mar 2025 17:15:46 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 793A4280001 for ; Mon, 24 Mar 2025 17:15:46 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 13E7CB9C7B for ; Mon, 24 Mar 2025 21:15:48 +0000 (UTC) X-FDA: 83257701576.17.8B03ED7 Received: from mail-qv1-f44.google.com (mail-qv1-f44.google.com [209.85.219.44]) by imf15.hostedemail.com (Postfix) with ESMTP id 00012A0006 for ; Mon, 24 Mar 2025 21:15:45 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=kN21ax6R; spf=pass (imf15.hostedemail.com: domain of nphamcs@gmail.com designates 209.85.219.44 as permitted sender) smtp.mailfrom=nphamcs@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1742850946; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=lSKBIP8Mkd5GDvgLOVXFICnmH/X830uwa0zqRwzeZJE=; b=YOITt7kLiAEqlFDBaKEP7ooUhJLAERqFy7xF9q9FA50j49fxKbDtSCtSvM+MGesMkJbbmt T9VzLM2nR6kMBmcsN6ijipz8me6cTFt0Dy2CBnd1QbyHnpXUQp/cQgMZ/r+Xt4+sNLk4in mHy6n4xj5RkuiUZzhnBccWwsU/sSoDI= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=kN21ax6R; spf=pass (imf15.hostedemail.com: domain of nphamcs@gmail.com designates 209.85.219.44 as permitted sender) smtp.mailfrom=nphamcs@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1742850946; a=rsa-sha256; cv=none; b=BOMDZajxC8y42mTX2F5IgUjUt0bx0uroAfCbzgvkqDz4VGrTHOFxnkUUyoiX3qpBiFowCA E72sEw2ulz9xymYKgPDOVBKfIyPksSwRI6S1zT3SpWquqzSmrhM4yFgd/ePKeXSJ+9JoMf TjlG6PvZd9gqM6wbtsY60GfzF9bB5RQ= Received: by mail-qv1-f44.google.com with SMTP id 6a1803df08f44-6ecfc7fb2aaso11389466d6.0 for ; Mon, 24 Mar 2025 14:15:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1742850945; x=1743455745; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=lSKBIP8Mkd5GDvgLOVXFICnmH/X830uwa0zqRwzeZJE=; b=kN21ax6RKPo9OrG7XfFYHtLRjtFSfBx0Nm+YN4IxRKA84R6CQBdEnfhVHcBAWQqGI9 prv4ss7Tco1isYfR+6UOSbX+IsjHfF4CPQ6F2uKuWrbf2bzF01RvxSoBNdxZ0+zdBmrD JybyWykDEVHBpkPDY5DowUBulziPx3rHIO+ICd2vB7JKSjL2PGDzsKhgavsaSIwlXLEH WRKrRZNlFMPz6IwVX86HMzkX85zJ/kjgYIzsIWsmtZUtoraxbvd85OLhDwKXAOBOadSn Cp0RETAglGBjMRAs9qrmrbvgMb/YIiGhYBTLUk5vNm2h91kYb5KCRreOT636ABuOdxlB w7+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742850945; x=1743455745; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=lSKBIP8Mkd5GDvgLOVXFICnmH/X830uwa0zqRwzeZJE=; b=NSVwJsMyKvrcqgCn3A6Fi9f/e3uMUsBjvW+eBl6qwfRPGh+jUImShHx2smHyy0ulkT XTd4qCjrRlhN9ppANvr9RFx5WXIzlpZtbp6v2hlCjiOHDwLdy5ZidPYaNvE5vjDlJsLq kOGjN19X2bM34NyGzFMq0BCNVJrVMlHZz2mDICqrH08YdcwgrIFuTlOSwtq0K6wFIwL/ 3M/YEa6VVJ1Pn8Ck9VVPqNfbHowv8GcfsPIdt+cVejvdYYfhDrIAQAx3gi63HN/Ylulq slL1kOkETO3icgV/kDl3PwYCpUszOgZZoblvVhrDcraJepWiJI5/PAwd3dVxNt3sudG5 t24g== X-Forwarded-Encrypted: i=1; AJvYcCUvcDlHl1TMNn/VFboalp3xQZghANm0dZ1uAr+tDkbt+I/AZaRTNs9Xs8xNRRVNsC/QY3P3HKuvCw==@kvack.org X-Gm-Message-State: AOJu0YwnHi/eboiI7d5uR1KB+tZWo7AtRhMkKXdN5Ef4er9p9DjCc59L Ykex+Ecj1L2qRV78zwSeH0rTyugikrfEuV8tyBnuyyYHIMg0FQjzPk8XNlDs9KO45ZLI3g+FKCO 3i+DLLjhCyRIksjR3CqQ7w0dF2oQ= X-Gm-Gg: ASbGnctrnuWEVqQ08S/C5mSQxcgQHU90kmI7hEvSoABLpqLJrphivuKLS3Tgx4T3ZGE iVGiLOkwZQ/HHci3b0mcPWbEqt6EpHgionhYA65UHzcn9f/7gSzHJm9GnLn0hoiRktNPit53GR6 yTuC1WNCdtxz0slRhG8cJ0DSbU X-Google-Smtp-Source: AGHT+IFiDPL/9ISevfih3CU+IAz3/VPVmZN+89C5TtaK3nDklX0FR4qkhj35fyVMgxs6lvCDmNrjxWYjkj+AwQVv5+8= X-Received: by 2002:a05:6214:ca9:b0:6e8:9a2a:145b with SMTP id 6a1803df08f44-6eb3f2d6f65mr232017376d6.23.1742850944891; Mon, 24 Mar 2025 14:15:44 -0700 (PDT) MIME-Version: 1.0 References: <20250226185625.2672936-1-yosry.ahmed@linux.dev> In-Reply-To: <20250226185625.2672936-1-yosry.ahmed@linux.dev> From: Nhat Pham Date: Mon, 24 Mar 2025 17:15:33 -0400 X-Gm-Features: AQ5f1Jr-uvoD-QGCe-ufQ2MPjnSeMYo7k_udyRgT5ya7AQurboow-ceIHS0yntI Message-ID: Subject: Re: [PATCH v2] mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() To: Yosry Ahmed Cc: Andrew Morton , Johannes Weiner , Chengming Zhou , "David S. Miller" , Herbert Xu , linux-mm@kvack.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com, syzbot+1a517ccfcbc6a7ab0f82@syzkaller.appspotmail.com, stable@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 00012A0006 X-Stat-Signature: 58wqda6iqtzu59wm759gg8psiuwghent X-HE-Tag: 1742850945-247430 X-HE-Meta: U2FsdGVkX1+/jhKf1XwasmLLwPK+9c4YXc8/b3xSLr0h3APnXcBpxXQh1FqPMk7gz/NUQw/+xF+22b6Qy1b0nzxUJItSgKmGtm/1pU/ijRoNznCZNfbzwiKjzQHWKRxmNgclfGpjEc/k3VUP87srMlgbtEvHCjUcxxAzYKJ+2s1hkq1NWlRHpec/VBVDIMylxOdyS+a3du7CQRED7a3SSLdjx1VC5lBorx987wY396WJ+thZNwXQljSNsCyE7afoK9wiACuwt8m8KZ7t7HSBNgk8oJL9cr8EUTjxMeIR92mD1rZQGnzUKCh8yFI/kXoSWp6NwBRbQagvrqlN1tPqw5odO2AsvIn2sRkDQX7qvCkW8VEYi3kZxtAB6h42EAL6howfhWqfrdb5DM5AyTp2SjPF0l4EOlSO+hd6U29dMqzzL+GtSaD0jI86dFN2W+8rwvxBgH2KnJ3QvoN53WAlkbeFVA8OtrTqOgqGrKd5woKpFVn+1o8+gQa6uv+s1xjIATay0YGo1XIIG8RAfBbSzAkzfHD1+/1ot7oGEBYydGQlgL0LjUYCe0zrpnEIBQYScMESbgu7pcf1jnSH7H0ZuhfFOuAL3IBnkNUjPqJrQlIK0tLojEgbPis/B9LaH0s3bNt4DcBzFDVW4LcZh7j4kxdMd2QxHURo0kwstoB0/aynviO36cCpAlMk/CNGZ/If+m2E1HX6WMx/aYl0qNFmAL0vwLDQepUezbZgFXvdnQ3r2PRBR1DAyUvzc8X1bDmV3iR7Ogl0lRqTABM3HtnhHmHp0lQZh081V/EfRHymGDAgeiUDgUO+EirCiRl1H0aZpam0+gueyM19rHKpCK8/9FiDC5ARwVSmi70DK5UqlP94VaWT/Fw0lFHLFvNsbyM123MKPYMUVqvryYgTmDv3YIBvU7mNjF8ok0FFjIaiMRxCELKvknsmyUVbTLxIqW/q2947C5gOyCQJ+EpKUGv qvexNzBJ Rb6+/RBchAXZUXrDZjj7GSVxHrQcNahoQAuvKbB3Q0xI6PIuXyucrmDysWQEmGbFL3635MAgetsZXj19da1fjGV7heV8+ry03mK9+sLW/InkIw4NN9UbDQTXQ4FubjuxxP86JHuNHRl6PNLFLXteH9iXKv2cP3EnCVilDHlyZ8A8LURXwUgtPZ8XZmnieNJ3VTlnRZMeZe0Yelqx7whzyobio/l1gufOjlO4DeM89mAAY2TLDHL30sS8MvfHYoTQ14ByarTXFDGawrF/f6fxT0QPaUW2EmbZwizJfC7xqX0Or1TJv/X6S8D6rdPJW6YbsRWMlzO2WuquFstbmKM0P4SKTgiq9/Bev6/IVdNR/9GTphaWM8nY+dxiIEBYKQoQtlprnKksCg788XXzKA5qZ/IukdtCIGgsY+Lq+PsJyVrbPs41vXB8S3CWcAcNJgb7T7IT7Db4ds9vahH3I50JXGHwq5YWA2zYzaE+68N8VNPCjuNTsY9PBUORDfhWKmJuXNmczcsc2ckveEU7tTaivfThOxfUMfW8nvhyTFb6BEHEUaBtm0k+SgT+7Gp8KVS7Oi83lqNVMcCDP4hYZwFKKWxshhGvmICIpoIujZDBdePUytI0= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000002, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, Feb 26, 2025 at 1:56=E2=80=AFPM Yosry Ahmed = wrote: > > Currently, zswap_cpu_comp_dead() calls crypto_free_acomp() while holding > the per-CPU acomp_ctx mutex. crypto_free_acomp() then holds scomp_lock > (through crypto_exit_scomp_ops_async()). > > On the other hand, crypto_alloc_acomp_node() holds the scomp_lock > (through crypto_scomp_init_tfm()), and then allocates memory. > If the allocation results in reclaim, we may attempt to hold the per-CPU > acomp_ctx mutex. > > The above dependencies can cause an ABBA deadlock. For example in the > following scenario: > > (1) Task A running on CPU #1: > crypto_alloc_acomp_node() > Holds scomp_lock > Enters reclaim > Reads per_cpu_ptr(pool->acomp_ctx, 1) > > (2) Task A is descheduled > > (3) CPU #1 goes offline > zswap_cpu_comp_dead(CPU #1) > Holds per_cpu_ptr(pool->acomp_ctx, 1)) > Calls crypto_free_acomp() > Waits for scomp_lock > > (4) Task A running on CPU #2: > Waits for per_cpu_ptr(pool->acomp_ctx, 1) // Read on CPU #1 > DEADLOCK > > Since there is no requirement to call crypto_free_acomp() with the > per-CPU acomp_ctx mutex held in zswap_cpu_comp_dead(), move it after the > mutex is unlocked. Also move the acomp_request_free() and kfree() calls > for consistency and to avoid any potential sublte locking dependencies > in the future. > > With this, only setting acomp_ctx fields to NULL occurs with the mutex > held. This is similar to how zswap_cpu_comp_prepare() only initializes > acomp_ctx fields with the mutex held, after performing all allocations > before holding the mutex. > > Opportunistically, move the NULL check on acomp_ctx so that it takes > place before the mutex dereference. > > Fixes: 12dcb0ef5406 ("mm: zswap: properly synchronize freeing resources d= uring CPU hotunplug") > Reported-by: syzbot+1a517ccfcbc6a7ab0f82@syzkaller.appspotmail.com > Closes: https://lore.kernel.org/all/67bcea51.050a0220.bbfd1.0096.GAE@goog= le.com/ > Cc: > Co-developed-by: Herbert Xu > Signed-off-by: Herbert Xu > Signed-off-by: Yosry Ahmed > Acked-by: Herbert Xu As per: https://lore.kernel.org/linux-mm/Z-GjbPTEEoo76uQu@google.com/T/#m6ccc248da7= 5acb73b75c9bf05c90c40d626b12c9 Tested-by: Nhat Pham