Re: [PATCH 1/1] mm: vmalloc: Fix lockdep warning

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 03/28/24 at 03:03pm, Uladzislau Rezki (Sony) wrote:
> A lockdep reports a possible deadlock in the find_vmap_area_exceed_addr_lock()
> function:
> 
> ============================================
> WARNING: possible recursive locking detected
> 6.9.0-rc1-00060-ged3ccc57b108-dirty #6140 Not tainted
> --------------------------------------------
> drgn/455 is trying to acquire lock:
> ffff0000c00131d0 (&vn->busy.lock/1){+.+.}-{2:2}, at: find_vmap_area_exceed_addr_lock+0x64/0x124
> 
> but task is already holding lock:
> ffff0000c0011878 (&vn->busy.lock/1){+.+.}-{2:2}, at: find_vmap_area_exceed_addr_lock+0x64/0x124
> 
> other info that might help us debug this:
>  Possible unsafe locking scenario:
> 
>        CPU0
>        ----
>   lock(&vn->busy.lock/1);
>   lock(&vn->busy.lock/1);
> 
>  *** DEADLOCK ***
> 
> indeed it can happen if the find_vmap_area_exceed_addr_lock()
> gets called concurrently because it tries to acquire two nodes
> locks. It was done to prevent removing a lowest VA found on a
> previous step.
> 
> To address this a lowest VA is found first without holding a
> node lock where it resides. As a last step we check if a VA
> still there because it can go away, if removed, proceed with
> next lowest.
> 
> Fixes: 53becf32aec1 ("mm: vmalloc: support multiple nodes in vread_iter")
> Tested-by: Jens Axboe <axboe@xxxxxxxxx>
> Tested-by: Omar Sandoval <osandov@xxxxxx>
> Reported-by: Jens Axboe <axboe@xxxxxxxxx>
> Signed-off-by: Uladzislau Rezki (Sony) <urezki@xxxxxxxxx>
> ---
>  mm/vmalloc.c | 74 +++++++++++++++++++++++++++++++---------------------
>  1 file changed, 44 insertions(+), 30 deletions(-)
> 
> diff --git a/mm/vmalloc.c b/mm/vmalloc.c
> index e94ce4562805..a5a5dfc3843e 100644
> --- a/mm/vmalloc.c
> +++ b/mm/vmalloc.c
> @@ -989,6 +989,27 @@ unsigned long vmalloc_nr_pages(void)
>  	return atomic_long_read(&nr_vmalloc_pages);
>  }
>  
> +static struct vmap_area *__find_vmap_area(unsigned long addr, struct rb_root *root)
> +{
> +	struct rb_node *n = root->rb_node;
> +
> +	addr = (unsigned long)kasan_reset_tag((void *)addr);
> +
> +	while (n) {
> +		struct vmap_area *va;
> +
> +		va = rb_entry(n, struct vmap_area, rb_node);
> +		if (addr < va->va_start)
> +			n = n->rb_left;
> +		else if (addr >= va->va_end)
> +			n = n->rb_right;
> +		else
> +			return va;
> +	}
> +
> +	return NULL;
> +}
> +
>  /* Look up the first VA which satisfies addr < va_end, NULL if none. */
>  static struct vmap_area *
>  __find_vmap_area_exceed_addr(unsigned long addr, struct rb_root *root)
> @@ -1025,47 +1046,40 @@ __find_vmap_area_exceed_addr(unsigned long addr, struct rb_root *root)
>  static struct vmap_node *
>  find_vmap_area_exceed_addr_lock(unsigned long addr, struct vmap_area **va)
>  {
> -	struct vmap_node *vn, *va_node = NULL;
> -	struct vmap_area *va_lowest;
> +	unsigned long va_start_lowest;
> +	struct vmap_node *vn;
>  	int i;
>  
> -	for (i = 0; i < nr_vmap_nodes; i++) {
> +repeat:
> +	for (i = 0, va_start_lowest = 0; i < nr_vmap_nodes; i++) {
>  		vn = &vmap_nodes[i];
>  
>  		spin_lock(&vn->busy.lock);
> -		va_lowest = __find_vmap_area_exceed_addr(addr, &vn->busy.root);
> -		if (va_lowest) {
> -			if (!va_node || va_lowest->va_start < (*va)->va_start) {
> -				if (va_node)
> -					spin_unlock(&va_node->busy.lock);
> -
> -				*va = va_lowest;
> -				va_node = vn;
> -				continue;
> -			}
> -		}
> +		*va = __find_vmap_area_exceed_addr(addr, &vn->busy.root);
> +
> +		if (*va)
> +			if (!va_start_lowest || (*va)->va_start < va_start_lowest)
> +				va_start_lowest = (*va)->va_start;

How about below change about va_start_lowest? Personal preference, not
strong opinion.

diff --git a/mm/vmalloc.c b/mm/vmalloc.c
index 9b1a41e12d70..bd6a66c54ad2 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -1046,19 +1046,19 @@ __find_vmap_area_exceed_addr(unsigned long addr, struct rb_root *root)
 static struct vmap_node *
 find_vmap_area_exceed_addr_lock(unsigned long addr, struct vmap_area **va)
 {
-	unsigned long va_start_lowest;
+	unsigned long va_start_lowest = ULONG_MAX;
 	struct vmap_node *vn;
 	int i;
 
 repeat:
-	for (i = 0, va_start_lowest = 0; i < nr_vmap_nodes; i++) {
+	for (i = 0; i < nr_vmap_nodes; i++) {
 		vn = &vmap_nodes[i];
 
 		spin_lock(&vn->busy.lock);
 		*va = __find_vmap_area_exceed_addr(addr, &vn->busy.root);
 
 		if (*va)
-			if (!va_start_lowest || (*va)->va_start < va_start_lowest)
+			if ((*va)->va_start < va_start_lowest)
 				va_start_lowest = (*va)->va_start;
 		spin_unlock(&vn->busy.lock);
 	}
@@ -1069,7 +1069,7 @@ find_vmap_area_exceed_addr_lock(unsigned long addr, struct vmap_area **va)
 	 * been removed concurrently thus we need to proceed
 	 * with next one what is a rare case.
 	 */
-	if (va_start_lowest) {
+	if (va_start_lowest != ULONG_MAX) {
 		vn = addr_to_node(va_start_lowest);
 
 		spin_lock(&vn->busy.lock);


>  		spin_unlock(&vn->busy.lock);
>  	}
>  
> -	return va_node;
> -}
> -
> -static struct vmap_area *__find_vmap_area(unsigned long addr, struct rb_root *root)
> -{
> -	struct rb_node *n = root->rb_node;
> +	/*
> +	 * Check if found VA exists, it might it is gone away.
                                        ~~~~ grammer mistake?
> +	 * In this case we repeat the search because a VA has
> +	 * been removed concurrently thus we need to proceed
> +	 * with next one what is a rare case.
                         ~~~~ typo, which?
> +	 */
> +	if (va_start_lowest) {
> +		vn = addr_to_node(va_start_lowest);
>  
> -	addr = (unsigned long)kasan_reset_tag((void *)addr);
> +		spin_lock(&vn->busy.lock);
> +		*va = __find_vmap_area(va_start_lowest, &vn->busy.root);
>  
> -	while (n) {
> -		struct vmap_area *va;
> +		if (*va)
> +			return vn;
>  
> -		va = rb_entry(n, struct vmap_area, rb_node);
> -		if (addr < va->va_start)
> -			n = n->rb_left;
> -		else if (addr >= va->va_end)
> -			n = n->rb_right;
> -		else
> -			return va;
> +		spin_unlock(&vn->busy.lock);
> +		goto repeat;
>  	}

Other than above nickpick concerns, this looks good to me.

Reviewed-by: Baoquan He <bhe@xxxxxxxxxx>





[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux