Report: suspicious RCU usage in security code

From: John Garry
Date: Mon Dec 23 2019 - 06:22:21 EST

Next message: Vinod Koul: "Re: [PATCH v7 09/12] dmaengine: ti: New driver for K3 UDMA"
Previous message: Jonathan Cameron: "Re: [PATCH 04/10] rtc: at91rm9200: use of_platform_populate as return value"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi guys,

I have noticed this WARN on Kernel v5.5-rc3 on my arm64 system:

[ 25.952600] =============================
[ 25.952602] WARNING: suspicious RCU usage
[ 25.952606] 5.5.0-rc3-dirty #816 Not tainted
[ 25.952609] -----------------------------
[ 25.952613] security/device_cgroup.c:355 RCU-list traversed in non-reader section!!
[ 25.952615]
other info that might help us debug this:

[ 25.952618]
rcu_scheduler_active = 2, debug_locks = 1
[ 25.952621] 4 locks held by systemd/1:
[ 25.952624] #0: ffff0023de3c4410 (sb_writers#8){.+.+}, at: vfs_write+0x1c0/0x1e0
[ 25.952637] #1: ffff0023e732f880 (&of->mutex){+.+.}, at: kernfs_fop_write+0x12c/0x250
[ 25.952648] #2: ffff0023e45c4288 (kn->count#30){++++}, at: kernfs_fop_write+0x134/0x250
[ 25.952656] #3: ffff800011c4e098 (devcgroup_mutex){+.+.}, at: devcgroup_access_write+0x4c/0x6d0
[ 25.952663]
stack backtrace:
[ 25.952668] CPU: 6 PID: 1 Comm: systemd Not tainted 5.5.0-rc3-dirty #816
[ 25.952670] Hardware name: Huawei D06 /D06, BIOS Hisilicon D06 UEFI RC0 - V1.16.01 03/15/2019
[ 25.952672] Call trace:
[ 25.952675] dump_backtrace+0x0/0x1a0
[ 25.952678] show_stack+0x14/0x20
[ 25.952681] dump_stack+0xe8/0x150
[ 25.952685] lockdep_rcu_suspicious+0xcc/0x110
[ 25.952689] match_exception_partial+0x118/0x120
[ 25.952691] verify_new_ex+0x64/0xf0
[ 25.952694] devcgroup_access_write+0x3c8/0x6d0
[ 25.952697] cgroup_file_write+0x88/0x1e0
[ 25.952700] kernfs_fop_write+0x15c/0x250
[ 25.952703] __vfs_write+0x18/0x38
[ 25.952705] vfs_write+0xb4/0x1e0
[ 25.952708] ksys_write+0x68/0xf8
[ 25.952711] __arm64_sys_write+0x18/0x20
[ 25.952715] el0_svc_common.constprop.2+0x74/0x170
[ 25.952717] el0_svc_handler+0x20/0x80
[ 25.952720] el0_sync_handler+0x114/0x1d0
[ 25.952722] el0_sync+0x140/0x180
john@ubuntu:~$
john@ubuntu:~$

RCU Kconfig options:

more .config | grep RCU
# RCU Subsystem
CONFIG_PREEMPT_RCU=y
CONFIG_RCU_EXPERT=y
CONFIG_SRCU=y
CONFIG_TREE_SRCU=y
CONFIG_TASKS_RCU=y
CONFIG_RCU_STALL_COMMON=y
CONFIG_RCU_NEED_SEGCBLIST=y
CONFIG_RCU_FANOUT=64
CONFIG_RCU_FANOUT_LEAF=16
# CONFIG_RCU_FAST_NO_HZ is not set
# CONFIG_RCU_BOOST is not set
# CONFIG_RCU_NOCB_CPU is not set
# end of RCU Subsystem
CONFIG_HAVE_RCU_TABLE_FREE=y
# RCU Debugging
CONFIG_PROVE_RCU=y
CONFIG_PROVE_RCU_LIST=y
# CONFIG_RCU_PERF_TEST is not set
# CONFIG_RCU_TORTURE_TEST is not set
CONFIG_RCU_CPU_STALL_TIMEOUT=21
# CONFIG_RCU_TRACE is not set
# CONFIG_RCU_EQS_DEBUG is not set
# end of RCU Debugging
john@john-ThinkCentre-M93p:~/kernel-dev$

I notice that verfiy_new_ex() has a RCU lockdep check warning, so the condition may just need to be extended to the match_exception_partial() RCU list iterator just to remove the WARN.

Note: I am finishing for Christmas vacation today, so can't help further ATM.

Cheers,
John

Next message: Vinod Koul: "Re: [PATCH v7 09/12] dmaengine: ti: New driver for K3 UDMA"
Previous message: Jonathan Cameron: "Re: [PATCH 04/10] rtc: at91rm9200: use of_platform_populate as return value"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]