Re: [PATCH 1/1] mm: vmalloc: Fix lockdep warning

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Mar 29, 2024 at 03:44:40PM +0800, Baoquan He wrote:
> On 03/28/24 at 03:03pm, Uladzislau Rezki (Sony) wrote:
> > A lockdep reports a possible deadlock in the find_vmap_area_exceed_addr_lock()
> > function:
> > 
> > ============================================
> > WARNING: possible recursive locking detected
> > 6.9.0-rc1-00060-ged3ccc57b108-dirty #6140 Not tainted
> > --------------------------------------------
> > drgn/455 is trying to acquire lock:
> > ffff0000c00131d0 (&vn->busy.lock/1){+.+.}-{2:2}, at: find_vmap_area_exceed_addr_lock+0x64/0x124
> > 
> > but task is already holding lock:
> > ffff0000c0011878 (&vn->busy.lock/1){+.+.}-{2:2}, at: find_vmap_area_exceed_addr_lock+0x64/0x124
> > 
> > other info that might help us debug this:
> >  Possible unsafe locking scenario:
> > 
> >        CPU0
> >        ----
> >   lock(&vn->busy.lock/1);
> >   lock(&vn->busy.lock/1);
> > 
> >  *** DEADLOCK ***
> > 
> > indeed it can happen if the find_vmap_area_exceed_addr_lock()
> > gets called concurrently because it tries to acquire two nodes
> > locks. It was done to prevent removing a lowest VA found on a
> > previous step.
> > 
> > To address this a lowest VA is found first without holding a
> > node lock where it resides. As a last step we check if a VA
> > still there because it can go away, if removed, proceed with
> > next lowest.
> > 
> > Fixes: 53becf32aec1 ("mm: vmalloc: support multiple nodes in vread_iter")
> > Tested-by: Jens Axboe <axboe@xxxxxxxxx>
> > Tested-by: Omar Sandoval <osandov@xxxxxx>
> > Reported-by: Jens Axboe <axboe@xxxxxxxxx>
> > Signed-off-by: Uladzislau Rezki (Sony) <urezki@xxxxxxxxx>
> > ---
> >  mm/vmalloc.c | 74 +++++++++++++++++++++++++++++++---------------------
> >  1 file changed, 44 insertions(+), 30 deletions(-)
> > 
> > diff --git a/mm/vmalloc.c b/mm/vmalloc.c
> > index e94ce4562805..a5a5dfc3843e 100644
> > --- a/mm/vmalloc.c
> > +++ b/mm/vmalloc.c
> > @@ -989,6 +989,27 @@ unsigned long vmalloc_nr_pages(void)
> >  	return atomic_long_read(&nr_vmalloc_pages);
> >  }
> >  
> > +static struct vmap_area *__find_vmap_area(unsigned long addr, struct rb_root *root)
> > +{
> > +	struct rb_node *n = root->rb_node;
> > +
> > +	addr = (unsigned long)kasan_reset_tag((void *)addr);
> > +
> > +	while (n) {
> > +		struct vmap_area *va;
> > +
> > +		va = rb_entry(n, struct vmap_area, rb_node);
> > +		if (addr < va->va_start)
> > +			n = n->rb_left;
> > +		else if (addr >= va->va_end)
> > +			n = n->rb_right;
> > +		else
> > +			return va;
> > +	}
> > +
> > +	return NULL;
> > +}
> > +
> >  /* Look up the first VA which satisfies addr < va_end, NULL if none. */
> >  static struct vmap_area *
> >  __find_vmap_area_exceed_addr(unsigned long addr, struct rb_root *root)
> > @@ -1025,47 +1046,40 @@ __find_vmap_area_exceed_addr(unsigned long addr, struct rb_root *root)
> >  static struct vmap_node *
> >  find_vmap_area_exceed_addr_lock(unsigned long addr, struct vmap_area **va)
> >  {
> > -	struct vmap_node *vn, *va_node = NULL;
> > -	struct vmap_area *va_lowest;
> > +	unsigned long va_start_lowest;
> > +	struct vmap_node *vn;
> >  	int i;
> >  
> > -	for (i = 0; i < nr_vmap_nodes; i++) {
> > +repeat:
> > +	for (i = 0, va_start_lowest = 0; i < nr_vmap_nodes; i++) {
> >  		vn = &vmap_nodes[i];
> >  
> >  		spin_lock(&vn->busy.lock);
> > -		va_lowest = __find_vmap_area_exceed_addr(addr, &vn->busy.root);
> > -		if (va_lowest) {
> > -			if (!va_node || va_lowest->va_start < (*va)->va_start) {
> > -				if (va_node)
> > -					spin_unlock(&va_node->busy.lock);
> > -
> > -				*va = va_lowest;
> > -				va_node = vn;
> > -				continue;
> > -			}
> > -		}
> > +		*va = __find_vmap_area_exceed_addr(addr, &vn->busy.root);
> > +
> > +		if (*va)
> > +			if (!va_start_lowest || (*va)->va_start < va_start_lowest)
> > +				va_start_lowest = (*va)->va_start;
> 
> How about below change about va_start_lowest? Personal preference, not
> strong opinion.
> 
> diff --git a/mm/vmalloc.c b/mm/vmalloc.c
> index 9b1a41e12d70..bd6a66c54ad2 100644
> --- a/mm/vmalloc.c
> +++ b/mm/vmalloc.c
> @@ -1046,19 +1046,19 @@ __find_vmap_area_exceed_addr(unsigned long addr, struct rb_root *root)
>  static struct vmap_node *
>  find_vmap_area_exceed_addr_lock(unsigned long addr, struct vmap_area **va)
>  {
> -	unsigned long va_start_lowest;
> +	unsigned long va_start_lowest = ULONG_MAX;
>  	struct vmap_node *vn;
>  	int i;
>  
>  repeat:
> -	for (i = 0, va_start_lowest = 0; i < nr_vmap_nodes; i++) {
> +	for (i = 0; i < nr_vmap_nodes; i++) {
>  		vn = &vmap_nodes[i];
>  
>  		spin_lock(&vn->busy.lock);
>  		*va = __find_vmap_area_exceed_addr(addr, &vn->busy.root);
>  
>  		if (*va)
> -			if (!va_start_lowest || (*va)->va_start < va_start_lowest)
> +			if ((*va)->va_start < va_start_lowest)
>  				va_start_lowest = (*va)->va_start;
>  		spin_unlock(&vn->busy.lock);
>  	}
> @@ -1069,7 +1069,7 @@ find_vmap_area_exceed_addr_lock(unsigned long addr, struct vmap_area **va)
>  	 * been removed concurrently thus we need to proceed
>  	 * with next one what is a rare case.
>  	 */
> -	if (va_start_lowest) {
> +	if (va_start_lowest != ULONG_MAX) {
>  		vn = addr_to_node(va_start_lowest);
>  
>  		spin_lock(&vn->busy.lock);
> 
> 
To me it looks as incomplete. The "va_start_lowest" should be initialized
when repeat. Otherwise we can end up with an infinite repeating because
va_start_lowest != ULONG_MAX.

> >  	}
> >  
> > -	return va_node;
> > -}
> > -
> > -static struct vmap_area *__find_vmap_area(unsigned long addr, struct rb_root *root)
> > -{
> > -	struct rb_node *n = root->rb_node;
> > +	/*
> > +	 * Check if found VA exists, it might it is gone away.
>                                         ~~~~ grammer mistake?
> > +	 * In this case we repeat the search because a VA has
> > +	 * been removed concurrently thus we need to proceed
> > +	 * with next one what is a rare case.
>                          ~~~~ typo, which?
> > +	 */
> > +	if (va_start_lowest) {
> > +		vn = addr_to_node(va_start_lowest);
> >  
> > -	addr = (unsigned long)kasan_reset_tag((void *)addr);
> > +		spin_lock(&vn->busy.lock);
> > +		*va = __find_vmap_area(va_start_lowest, &vn->busy.root);
> >  
> > -	while (n) {
> > -		struct vmap_area *va;
> > +		if (*va)
> > +			return vn;
> >  
> > -		va = rb_entry(n, struct vmap_area, rb_node);
> > -		if (addr < va->va_start)
> > -			n = n->rb_left;
> > -		else if (addr >= va->va_end)
> > -			n = n->rb_right;
> > -		else
> > -			return va;
> > +		spin_unlock(&vn->busy.lock);
> > +		goto repeat;
> >  	}
> 
> Other than above nickpick concerns, this looks good to me.
> 
> Reviewed-by: Baoquan He <bhe@xxxxxxxxxx>
> 
Thank you!

--
Uladzislau Rezki




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux