From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=9Vx7=A3=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-19.1 required=3.0 tests=BAYES_00,DKIMWL_WL_MED,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,
	USER_AGENT_SANE_1,USER_IN_DEF_DKIM_WL autolearn=unavailable
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id A25F8C433E0
	for <linux-mm@archiver.kernel.org>; Thu, 16 Jul 2020 19:45:47 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 4CFE120657
	for <linux-mm@archiver.kernel.org>; Thu, 16 Jul 2020 19:45:47 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="I44GplYo"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4CFE120657
Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id CE2D48D0007; Thu, 16 Jul 2020 15:45:46 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id C95918D0003; Thu, 16 Jul 2020 15:45:46 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id BA9918D0007; Thu, 16 Jul 2020 15:45:46 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0102.hostedemail.com [216.40.44.102])
	by kanga.kvack.org (Postfix) with ESMTP id A6D2F8D0003
	for <linux-mm@kvack.org>; Thu, 16 Jul 2020 15:45:46 -0400 (EDT)
Received: from smtpin30.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay01.hostedemail.com (Postfix) with ESMTP id 16C79180AD804
	for <linux-mm@kvack.org>; Thu, 16 Jul 2020 19:45:46 +0000 (UTC)
X-FDA: 77044969092.30.salt23_0f01de926f04
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin30.hostedemail.com (Postfix) with ESMTP id C03CA180B3C85
	for <linux-mm@kvack.org>; Thu, 16 Jul 2020 19:45:45 +0000 (UTC)
X-HE-Tag: salt23_0f01de926f04
X-Filterd-Recvd-Size: 5121
Received: from mail-pg1-f193.google.com (mail-pg1-f193.google.com [209.85.215.193])
	by imf40.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Thu, 16 Jul 2020 19:45:45 +0000 (UTC)
Received: by mail-pg1-f193.google.com with SMTP id z5so5368408pgb.6
        for <linux-mm@kvack.org>; Thu, 16 Jul 2020 12:45:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=date:from:to:cc:subject:in-reply-to:message-id:references
         :user-agent:mime-version;
        bh=PBbJ3B2Iuv37oG8/47PDfhI/yLJ9mVHTWuNt+gTVTTQ=;
        b=I44GplYodE9UxGcpyfYikstcQijsqUcicwv+I2V+vVzU3XWDfJ3XvF+atKi8y/fvoN
         mHWrJjad9WLXRmQFGWEbgabJnECRCt9BKuHhYDgMZJ7CKKUkqPbwkrrM6KuTqWukfsY2
         tXCRBF/ZaYuyRYu8P+pDFRrqVQDpmU17zYjfEm8IuzJV8saUJigv8gvpuFJMFWtYkFU9
         guo+EsZX+quDbJ3p0taDe8ma0m+YlFQImZkSouzEEgBjQZxOFJccyg4rEKKbyyOgFnEY
         8V1oGUoVoZQkmc+k1k3hLHT7X9iZcQIMtcI4MjoooQ8S09JP9ATf+ltkkj+NodooZx2i
         J2Ug==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:in-reply-to:message-id
         :references:user-agent:mime-version;
        bh=PBbJ3B2Iuv37oG8/47PDfhI/yLJ9mVHTWuNt+gTVTTQ=;
        b=dklNbxq1vL7ruhrEuhTp6MPMVIUOKfBF+FDbRB8whKRQVBdI2boEgDCRrbqNwxVW4p
         dcmqtPfG2ulmQS5vaU/+OZFCXefkbuJW4Gfc/3eQZoRJ9juVPttiU0b1K4PreK43DWNl
         vuj7Jiw+awYafspDtHXdd5S6+8Jp1fAPs+IUDx1nomsILaAezefGHC9qZSzJRnZH5MBE
         2motFe0i7B+ib6UaS+3tkH4wlm6oI+l2d9GEYVWFB68jcOkMBO+qgBO74jXjhduQhckL
         piJGCfO6lB9C5AnAb6wxud0M5YSPHXoIU6zEDuTrrLCFccrEMD/tpnHOiped2xd2bpDH
         xsEA==
X-Gm-Message-State: AOAM530Djuml03AD4b0tl+rdm16Es9x7j71IF/I91MErbsvPMeliRDSq
	CnR1AO2zXAxdFTeXmV6LaWKKUw==
X-Google-Smtp-Source: ABdhPJyVbcxvZarQElHNqqVU03TTYmJuuWGhuu8gnBu4yPHN275LtLGEo2+pxRgjOGb7r7f13rMdxA==
X-Received: by 2002:a63:c404:: with SMTP id h4mr5529172pgd.336.1594928744061;
        Thu, 16 Jul 2020 12:45:44 -0700 (PDT)
Received: from [2620:15c:17:3:4a0f:cfff:fe51:6667] ([2620:15c:17:3:4a0f:cfff:fe51:6667])
        by smtp.gmail.com with ESMTPSA id m140sm5428771pfd.195.2020.07.16.12.45.42
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 16 Jul 2020 12:45:42 -0700 (PDT)
Date: Thu, 16 Jul 2020 12:45:41 -0700 (PDT)
From: David Rientjes <rientjes@google.com>
X-X-Sender: rientjes@chino.kir.corp.google.com
To: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
cc: Andrew Morton <akpm@linux-foundation.org>, linux-mm <linux-mm@kvack.org>
Subject: Re: [PATCH] mm: Warn mmput() from memory reclaim context.
In-Reply-To: <20200716153034.4935-1-penguin-kernel@I-love.SAKURA.ne.jp>
Message-ID: <alpine.DEB.2.23.453.2007161242370.3086260@chino.kir.corp.google.com>
References: <20200716153034.4935-1-penguin-kernel@I-love.SAKURA.ne.jp>
User-Agent: Alpine 2.23 (DEB 453 2020-06-18)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
X-Rspamd-Queue-Id: C03CA180B3C85
X-Spamd-Result: default: False [0.00 / 100.00]
X-Rspamd-Server: rspam02
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Fri, 17 Jul 2020, Tetsuo Handa wrote:

> syzbot is reporting that mmput() from shrinker function has a risk of
> deadlock [1], for delayed_uprobe_add() from update_ref_ctr() calls
> kzalloc(GFP_KERNEL) with delayed_uprobe_lock held, and
> uprobe_clear_state() from __mmput() also holds delayed_uprobe_lock.
> 
> However, it took 18 months to hit this race for the third time, for
> mmput() invokes __mmput() only when ->mm_users dropped to 0. If we
> always warn like might_sleep(), we can detect the possibility of
> deadlock more easier.
> 
> For now, I inlined the check under CONFIG_PROVE_LOCKING. If we find
> more locations, we could introduce a macro like might_sleep().
> 

Hi Tetsuo,

It looks like this is one issue where mmput() interacted poorly while in 
direct reclaim because of a uprobes issue, I'm not sure that we can make a 
generalization that mmput() is *always* problematic when PF_MEMALLOC is 
set.  I'm also mindful of the (ab)use of PF_MEMALLOC outside just the 
direct reclaim path.  Or maybe there is a way you can show that mmput() 
while PF_MEMALLOC is set is always concerning?

> [1] https://syzkaller.appspot.com/bug?id=bc9e7303f537c41b2b0cc2dfcea3fc42964c2d45
> 

I wasn't familiar with this particular report, but it seems like the fix 
is simply to do the kzalloc() before taking delayed_uprobe_lock and 
freeing it if delayed_uprobe_check() already finds one for that uprobe?

> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> ---
>  kernel/fork.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/kernel/fork.c b/kernel/fork.c
> index efc5493203ae..8717ce50ff0d 100644
> --- a/kernel/fork.c
> +++ b/kernel/fork.c
> @@ -1109,6 +1109,10 @@ static inline void __mmput(struct mm_struct *mm)
>  void mmput(struct mm_struct *mm)
>  {
>  	might_sleep();
> +#ifdef CONFIG_PROVE_LOCKING
> +	/* Calling mmput() from shrinker context can deadlock. */
> +	WARN_ON(current->flags & PF_MEMALLOC);
> +#endif
>  
>  	if (atomic_dec_and_test(&mm->mm_users))
>  		__mmput(mm);