Re: [PATCH] Input: mousedev - add a schedule point in mousedev_write()

From: Eric Dumazet
Date: Thu Oct 04 2018 - 15:45:44 EST

Next message: Miguel Ojeda: "Re: [PATCH v2] mm: Introduce new function vm_insert_kmem_page"
Previous message: Peter Zijlstra: "Re: [patch 00/11] x86/vdso: Cleanups, simmplifications and CLOCK_TAI support"
In reply to: Dmitry Torokhov: "Re: [PATCH] Input: mousedev - add a schedule point in mousedev_write()"
Next in thread: Paul E. McKenney: "Re: [PATCH] Input: mousedev - add a schedule point in mousedev_write()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Oct 4, 2018 at 12:38 PM Dmitry Torokhov
<dmitry.torokhov@xxxxxxxxx> wrote:
>
> On October 4, 2018 12:28:56 PM PDT, Eric Dumazet <edumazet@xxxxxxxxxx> wrote:
> >On Thu, Oct 4, 2018 at 11:59 AM Dmitry Torokhov
> ><dmitry.torokhov@xxxxxxxxx> wrote:
> >>
> >> Hi Eric,
> >>
> >> On Thu, Oct 04, 2018 at 08:47:49AM -0700, Eric Dumazet wrote:
> >> > syzbot was able to trigger rcu stalls by calling write()
> >> > with large number of bytes.
> >> >
> >> > Add a cond_resched() in the loop to avoid this.
> >>
> >> I think this simply masks a deeper issue. The code fetches characters
> >> from userspace in a loop, takes a lock, quickly places response in an
> >> output buffer, and releases interrupt. I do not see why this should
> >> cause stalls as we do not hold spinlock/interrupts off for extended
> >> period of time.
> >>
> >> Adding Paul so he can straighten me out...
> >>
> >
> >Well...
> >
> >write(fd, buffer, 0x7FFF0000);
> >
> >Takes between 20 seconds and 2 minutes depending on CONFIG options ....
>
> That's fine even if it takes a couple of years. We are not holding spinlock for the entirety of this time, so we should get bumped off CPU at some point.

Well, you are saying that we could get rid of all cond_resched() calls
in the kernel.

You should send patches asap ;)

>
> >
> >So either apply my patch, or add a limit on the max count, and
> >possibly break legitimate user space ?
>
> Legitimate users write a single character at a time and read response, so exciting after, let's say, 32 bytes would be fine. But I still want to understand why we have to do that.
>
> >
> >I dunno...
> >
> >> >
> >> > Link: https://lkml.org/lkml/2018/8/23/1106
> >> > Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>
> >> > Reported-by: syzbot+9436b02171ac0894d33e@xxxxxxxxxxxxxxxxxxxxxxxxx
> >> > Cc: Dmitry Torokhov <dmitry.torokhov@xxxxxxxxx>
> >> > Cc: linux-input@xxxxxxxxxxxxxxx
> >> > ---
> >> > drivers/input/mousedev.c | 1 +
> >> > 1 file changed, 1 insertion(+)
> >> >
> >> > diff --git a/drivers/input/mousedev.c b/drivers/input/mousedev.c
> >> > index
> >e08228061bcdd2f97aaadece31d6c83eb7539ae5..412fa71245afe26a7a8ad75705566f83633ba347
> >100644
> >> > --- a/drivers/input/mousedev.c
> >> > +++ b/drivers/input/mousedev.c
> >> > @@ -707,6 +707,7 @@ static ssize_t mousedev_write(struct file
> >*file, const char __user *buffer,
> >> > mousedev_generate_response(client, c);
> >> >
> >> > spin_unlock_irq(&client->packet_lock);
> >> > + cond_resched();
> >> > }
> >> >
> >> > kill_fasync(&client->fasync, SIGIO, POLL_IN);
> >> > --
> >> > 2.19.0.605.g01d371f741-goog
> >> >
> >>
> >> Thanks.
> >>
> >> --
> >> Dmitry
>
>
> Thanks.
>
> --
> Dmitry

Next message: Miguel Ojeda: "Re: [PATCH v2] mm: Introduce new function vm_insert_kmem_page"
Previous message: Peter Zijlstra: "Re: [patch 00/11] x86/vdso: Cleanups, simmplifications and CLOCK_TAI support"
In reply to: Dmitry Torokhov: "Re: [PATCH] Input: mousedev - add a schedule point in mousedev_write()"
Next in thread: Paul E. McKenney: "Re: [PATCH] Input: mousedev - add a schedule point in mousedev_write()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]