On Sun, Mar 28, 2021 at 08:56:17AM +0200, Greg Kroah-Hartman wrote:
> On Sat, Mar 27, 2021 at 03:51:10PM +0000, Matthew Wilcox wrote:
> > On Sat, Mar 27, 2021 at 03:31:18PM +0100, Greg Kroah-Hartman wrote:
> > > On Sat, Mar 27, 2021 at 10:25:20PM +0800, Du Cheng wrote:
> > > > On Sat, Mar 27, 2021 at 03:12:14PM +0100, Greg Kroah-Hartman wrote:
> > > > > Adding the xarray maintainer...
> > > > > 
> > > > > On Sat, Mar 27, 2021 at 10:07:02PM +0800, Du Cheng wrote:
> > > > > > add idr_preload() and idr_preload_end() around 
> > > > > > idr_alloc_u32(GFP_ATOMIC)
> > > > > > due to internal use of per_cpu variables, which requires preemption
> > > > > > disabling/enabling.
> > > > > > 
> > > > > > reported as "BUG: "using smp_processor_id() in preemptible" by 
> > > > > > syzkaller
> > > > > > 
> > > > > > Reported-by: syzbot+3eec59e770685e3dc...@syzkaller.appspotmail.com
> > > > > > Signed-off-by: Du Cheng <duche...@gmail.com>
> > > > > > ---
> > > > > > changelog
> > > > > > v1: change to GFP_KERNEL for idr_alloc_u32() but might sleep
> > > > > > v2: revert to GFP_ATOMIC but add preemption disable/enable 
> > > > > > protection
> > > > > > 
> > > > > >  net/qrtr/qrtr.c | 6 ++++++
> > > > > >  1 file changed, 6 insertions(+)
> > > > > > 
> > > > > > diff --git a/net/qrtr/qrtr.c b/net/qrtr/qrtr.c
> > > > > > index edb6ac17ceca..6361f169490e 100644
> > > > > > --- a/net/qrtr/qrtr.c
> > > > > > +++ b/net/qrtr/qrtr.c
> > > > > > @@ -722,17 +722,23 @@ static int qrtr_port_assign(struct qrtr_sock 
> > > > > > *ipc, int *port)
> > > > > >     mutex_lock(&qrtr_port_lock);
> > > > > >     if (!*port) {
> > > > > >             min_port = QRTR_MIN_EPH_SOCKET;
> > > > > > +           idr_preload(GFP_ATOMIC);
> > > > > >             rc = idr_alloc_u32(&qrtr_ports, ipc, &min_port, 
> > > > > > QRTR_MAX_EPH_SOCKET, GFP_ATOMIC);
> > > > > > +           idr_preload_end();
> > > > > 
> > > > > This seems "odd" to me.  We are asking idr_alloc_u32() to abide by
> > > > > GFP_ATOMIC, so why do we need to "preload" it with the same type of
> > > > > allocation?
> > > > > 
> > > > > Is there something in the idr/radix/xarray code that can't really 
> > > > > handle
> > > > > GFP_ATOMIC during a "normal" idr allocation that is causing this 
> > > > > warning
> > > > > to be hit?  Why is this change the "correct" one?
> > > > > 
> > > > > thanks,
> > > > > 
> > > > > greg k-h
> > > > 
> > > > 
> > > > >From the comment above idr_preload() in lib/radix-tree.c:1460
> > > > /**
> > > >  * idr_preload - preload for idr_alloc()
> > > >  * @gfp_mask: allocation mask to use for preloading
> > > >  *
> > > >  * Preallocate memory to use for the next call to idr_alloc().  This 
> > > > function
> > > >  * returns with preemption disabled.  It will be enabled by 
> > > > idr_preload_end().
> > > >  */
> > > > 
> > > > idr_alloc is a very simple wrapper around idr_alloc_u32().
> > > > 
> > > > On top of radix_tree_node_alloc() which is called by idr_alloc_u32(), 
> > > > there is
> > > > this comment at line 244 in the same radix-tree.c
> > > > /*
> > > >  * This assumes that the caller has performed appropriate 
> > > > preallocation, and
> > > >  * that the caller has pinned this thread of control to the current CPU.
> > > >  */
> > > > 
> > > > Therefore the preload/preload_end are necessary, or at least should have
> > > > preemption disabled
> > > 
> > > Ah, so it's disabling preemption that is the key here.  Still odd, why
> > > is GFP_ATOMIC not sufficient in a normal idr_alloc() call to keep things
> > > from doing stuff like this?  Feels like a lot of "internal knowledge" is
> > > needed here to use this api properly...
> > > 
> > > Matthew, is the above change really correct?
> > 
> > No.
> > 
> > https://lore.kernel.org/netdev/20200605112922.gb19...@bombadil.infradead.org/
> > https://lore.kernel.org/netdev/20200605120037.17427-1-wi...@infradead.org/
> > https://lore.kernel.org/netdev/20200914192655.gw6...@casper.infradead.org/
> > 
> 
> Ok, it looks like this code is just abandonded, should we remove it
> entirely as no one wants to maintain it?

Fine by me.  I don't use it.  Better to get rid of abandonware than keep
a potential source of security holes.

Reply via email to