[PATCH v7] KEYS: Add a list for unreferenced keys
Marek Szyprowski
m.szyprowski at samsung.com
Mon Apr 7 12:42:34 UTC 2025
On 07.04.2025 14:08, Jarkko Sakkinen wrote:
> On Mon, Apr 07, 2025 at 02:23:49PM +0300, Jarkko Sakkinen wrote:
>> On Mon, Apr 07, 2025 at 12:25:11PM +0200, Marek Szyprowski wrote:
>>> On 07.04.2025 04:39, Jarkko Sakkinen wrote:
>>>> From: Jarkko Sakkinen <jarkko.sakkinen at opinsys.com>
>>>>
>>>> Add an isolated list of unreferenced keys to be queued for deletion, and
>>>> try to pin the keys in the garbage collector before processing anything.
>>>> Skip unpinnable keys.
>>>>
>>>> Use this list for blocking the reaping process during the teardown:
>>>>
>>>> 1. First off, the keys added to `keys_graveyard` are snapshotted, and the
>>>> list is flushed. This the very last step in `key_put()`.
>>>> 2. `key_put()` reaches zero. This will mark key as busy for the garbage
>>>> collector.
>>>> 3. `key_garbage_collector()` will try to increase refcount, which won't go
>>>> above zero. Whenever this happens, the key will be skipped.
>>>>
>>>> Cc: stable at vger.kernel.org # v6.1+ Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen at opinsys.com>
>>> This patch landed in today's linux-next as commit b0d023797e3e ("keys:
>>> Add a list for unreferenced keys"). In my tests I found that it triggers
>>> the following lockdep issue:
>>>
>>> ================================
>>> WARNING: inconsistent lock state
>>> 6.15.0-rc1-next-20250407 #15630 Not tainted
>>> --------------------------------
>>> inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
>>> ksoftirqd/3/32 [HC0[0]:SC1[1]:HE1:SE0] takes:
>>> c13fdd68 (key_serial_lock){+.?.}-{2:2}, at: key_put+0x74/0x128
>>> {SOFTIRQ-ON-W} state was registered at:
>>> lock_acquire+0x134/0x384
>>> _raw_spin_lock+0x38/0x48
>>> key_alloc+0x2fc/0x4d8
>>> keyring_alloc+0x40/0x90
>>> system_trusted_keyring_init+0x50/0x7c
>>> do_one_initcall+0x68/0x314
>>> kernel_init_freeable+0x1c0/0x224
>>> kernel_init+0x1c/0x12c
>>> ret_from_fork+0x14/0x28
>>> irq event stamp: 234
>>> hardirqs last enabled at (234): [<c0cb7060>]
>>> _raw_spin_unlock_irqrestore+0x5c/0x60
>>> hardirqs last disabled at (233): [<c0cb6dd0>]
>>> _raw_spin_lock_irqsave+0x64/0x68
>>> softirqs last enabled at (42): [<c013bcd8>] handle_softirqs+0x328/0x520
>>> softirqs last disabled at (47): [<c013bf10>] run_ksoftirqd+0x40/0x68
>> OK what went to -next went there by accident and has been removed,
>> sorry. I think it was like the very first version of this patch.
>>
>> Thanks for informing anyhow!
>
> Testing branch: https://web.git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/log/?h=keys-graveyard
>
> I updated my next this morning so should be fixed soon...
I've just checked that branch and it still triggers lockdep issue. The
following change is needed to get it fixed:
diff --git a/security/keys/gc.c b/security/keys/gc.c
index 0a3beb68633c..b22dc93eb4b4 100644
--- a/security/keys/gc.c
+++ b/security/keys/gc.c
@@ -302,9 +302,9 @@ static void key_garbage_collector(struct work_struct
*work)
key_schedule_gc(new_timer);
}
- spin_lock(&key_graveyard_lock);
+ spin_lock_irqsave(&key_graveyard_lock, flags);
list_splice_init(&key_graveyard, &graveyard);
- spin_unlock(&key_graveyard_lock);
+ spin_unlock_irqrestore(&key_graveyard_lock, flags);
if (unlikely(gc_state & KEY_GC_REAPING_DEAD_2) ||
!list_empty(&graveyard)) {
Best regards
--
Marek Szyprowski, PhD
Samsung R&D Institute Poland
More information about the Linux-security-module-archive
mailing list