hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/release-management/issues/IC9Q31 -------------------------------- When the prefetch state is not XCALL_CACHE_NONE or XCALL_CACHE_READY for a long time, such as XCALL_CACHE_CANCEL or XCALL_CACHE_PREFETCH, the following soft lockup occurs. Fix it by voluntarily yield the CPU when a timeout occurs in the xcall read while loop. watchdog: BUG: soft lockup - CPU#2 stuck for 111s! [syz-fuzzer:467] Modules linked in: CPU: 2 PID: 467 Comm: syz-fuzzer Not tainted 5.10.0-00019-ga473cf168de7 #10 Hardware name: linux,dummy-virt (DT) pstate: 80000005 (Nzcv daif -PAN -UAO -TCO BTYPE=--) pc : check_kcov_mode kernel/kcov.c:165 [inline] pc : __sanitizer_cov_trace_pc+0x64/0x114 kernel/kcov.c:197 lr : __ll_sc__cmpxchg_case_mb_32 arch/arm64/include/asm/atomic_ll_sc.h:292 [inline] lr : __cmpxchg_case_mb_32 arch/arm64/include/asm/cmpxchg.h:129 [inline] lr : __cmpxchg_mb arch/arm64/include/asm/cmpxchg.h:175 [inline] lr : atomic_cmpxchg include/asm-generic/atomic-instrumented.h:655 [inline] lr : transition_state fs/eventpoll.c:907 [inline] lr : xcall_read+0x360/0x960 fs/eventpoll.c:1051 sp : ffffa00017a17c00 x29: ffffa00017a17c00 x28: ffff0000cbbd9600 x27: 0000000000000000 x26: 0000000000000000 x25: 000000400097e000 x24: 0000000000001000 x23: ffff0000cbd11000 x22: 0000000000000000 x21: 0000000000000003 x20: 0000000000000030 x19: ffffa000108e1f24 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: ffff8000197a224e x11: 1fffe000197a224d x10: ffff8000197a224d x9 : dfffa00000000000 x8 : ffff0000cbd1126b x7 : 0000000000000001 x6 : 00007fffe685ddb3 x5 : ffff0000cbd11268 x4 : ffff8000197a224e x3 : ffffa000108e1c18 x2 : 0000000000000001 x1 : ffff0000cbbd9600 x0 : 0000000000000000 Call trace: check_kcov_mode kernel/kcov.c:163 [inline] __sanitizer_cov_trace_pc+0x64/0x114 kernel/kcov.c:197 __ll_sc__cmpxchg_case_mb_32 arch/arm64/include/asm/atomic_ll_sc.h:292 [inline] __cmpxchg_case_mb_32 arch/arm64/include/asm/cmpxchg.h:129 [inline] __cmpxchg_mb arch/arm64/include/asm/cmpxchg.h:175 [inline] atomic_cmpxchg include/asm-generic/atomic-instrumented.h:655 [inline] transition_state fs/eventpoll.c:907 [inline] xcall_read+0x360/0x960 fs/eventpoll.c:1051 xcall_read_begin+0x68/0xa4 fs/eventpoll.c:1100 ksys_read+0xc0/0x240 fs/read_write.c:628 __do_sys_read fs/read_write.c:649 [inline] __se_sys_read fs/read_write.c:647 [inline] __arm64_sys_read+0x54/0x7c fs/read_write.c:647 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline] invoke_syscall+0x84/0x230 arch/arm64/kernel/syscall.c:51 el0_svc_common.constprop.0+0x1f4/0x210 arch/arm64/kernel/syscall.c:211 do_el0_svc+0xa0/0x190 arch/arm64/kernel/syscall.c:309 el0_svc+0x24/0x34 arch/arm64/kernel/entry-common.c:381 el0_sync_handler+0x194/0x1a0 arch/arm64/kernel/entry-common.c:419 fast_work_pending464+0x178/0x19 Fixes: 7e1291339cb5 ("eventpoll: Support xcall async prefetch") Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com> --- fs/eventpoll.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/fs/eventpoll.c b/fs/eventpoll.c index dc6bd16490bc..76309a548044 100644 --- a/fs/eventpoll.c +++ b/fs/eventpoll.c @@ -1030,8 +1030,10 @@ void free_prefetch_item(struct file *file) kfree(pfi); } +#define MAX_READY_WAIT_TIME msecs_to_jiffies(2) static int xcall_read(struct prefetch_item *pfi, char __user *buf, size_t count) { + unsigned long end = jiffies + MAX_READY_WAIT_TIME; ssize_t copy_len = 0; /* @@ -1050,6 +1052,12 @@ static int xcall_read(struct prefetch_item *pfi, char __user *buf, size_t count) */ if (transition_state(pfi, XCALL_CACHE_NONE, XCALL_CACHE_CANCEL)) goto slow_read; + + if (time_after(jiffies, end)) { + pr_warn("xcall read wait prefetch state %d more than 2ms\n", + atomic_read(&pfi->state)); + cond_resched(); + } } copy_len = pfi->len; @@ -1128,7 +1136,7 @@ static int get_async_prefetch_cpu(struct prefetch_item *pfi) return pfi->cpu; } -static void ep_prefetch_item_enqueue(struct eventpoll *ep, struct epitem *epi) +static void ep_prefetch_item_enqueue(struct epitem *epi) { struct prefetch_item *pfi; int cpu, err; @@ -2156,7 +2164,7 @@ static __poll_t ep_send_events_proc(struct eventpoll *ep, struct list_head *head continue; #ifdef CONFIG_XCALL_PREFETCH - ep_prefetch_item_enqueue(ep, epi); + ep_prefetch_item_enqueue(epi); #endif if (__put_user(revents, &uevent->events) || -- 2.34.1