From nobody Mon Jun 8 12:13:35 2026 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 525543BA232 for ; Fri, 29 May 2026 08:59:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780045153; cv=none; b=fA/nJZOrhVFaI4yjIuw0x8WCceFAhpfYsW+sDAiTGR9U0UPSb8poEN1qdml3cnhKxsFuVbumr0K7lNxvoQD/zCmHDdhrRvoWEo2eCJdyAHi2YE0alt0rHZxLq/YojQNYsoWGI9iOup+i4vGXSzxJbKePDf5pg8bEOxiJDkrdyn0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780045153; c=relaxed/simple; bh=m/L1ZtfHfN1Jpm6Lq1hBLlWuMs+lyJI3Q26LUtM6MAc=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=RqSeCgmGpLk04fHqraKvh/31xKVipaEpzpAUJydKU+oKinfQA+Cxcc9P17rsfZSUPw9Euq7FRNdkFUqFveeDdsr6I+OOClJBbcJL47yBTKvr9Mk5MTYPThAJb4e1fWynzJVnLn1bIdjS5UTdB97T0tDtnFJP3MtC5Qg8UZP/61s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com; spf=pass smtp.mailfrom=arm.com; dkim=pass (1024-bit key) header.d=arm.com header.i=@arm.com header.b=ZKmboJkf; arc=none smtp.client-ip=217.140.110.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=arm.com header.i=@arm.com header.b="ZKmboJkf" Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 876D42103; Fri, 29 May 2026 01:59:04 -0700 (PDT) Received: from entos-yitian-01.Arm.com (unknown [10.168.197.69]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 7D7883F632; Fri, 29 May 2026 01:59:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=arm.com; s=foss; t=1780045149; bh=m/L1ZtfHfN1Jpm6Lq1hBLlWuMs+lyJI3Q26LUtM6MAc=; h=From:To:Cc:Subject:Date:From; b=ZKmboJkfgY6+cPaAoOjSPK5DlNqGWSSieysOPsmPYga/S/r/nlwCJTxXdgysRP26V bogrd8dY39HUaGyzqH77WF8oRq/8lzo4LHjiZeKfiE0FtLnI9RXOYFIQ1v7m42wy1S e1OXtY1clspneBgj3KmxSmHWFw8Un3ygKvLZDEtk= From: Jia He To: "Paul E. McKenney" , Petr Mladek , Kees Cook Cc: linux-kernel@vger.kernel.org, Jia He Subject: [PATCH v3] lib/tests: test_ratelimit: fix stress test thread lifecycle and leak Date: Fri, 29 May 2026 08:58:55 +0000 Message-Id: <20260529085855.1810870-1-justin.he@arm.com> X-Mailer: git-send-email 2.34.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The stress test's WARN_ON_ONCE(!sktp->tp) check in the child thread is racy and unnecessary: since kthread_run() wakes the thread before returning, the child can run before sktp[i].tp has been assigned. Moreover, sktp->tp is never actually used in the child function, so the check serves no purpose. Remove it and keep the original kthread_run() Also add a common cleanup path for thread creation failures. If creating one of the later threads fails, stop all threads that were already started and free the allocated array instead of leaving orphan kthreads and leaked memory behind. Finally, replace the module-static doneflag with kthread_should_stop(). With the doneflag, child threads may exit before the parent calls kthread_stop(), so the task lifetime is no longer guaranteed when the parent later tries to stop them. Using kthread_should_stop() keeps each child alive until kthread_stop() synchronously terminates it. Suggested-by: Petr Mladek Signed-off-by: Jia He --- v3: keep kthread_run() and remove the racy WARN_ON_ONCE(!sktp->tp) check instead, as suggested by Petr Mladek v2: replace the module-static doneflag with kthread_should_stop() to avoid UAF (sashiko-bot). lib/tests/test_ratelimit.c | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/lib/tests/test_ratelimit.c b/lib/tests/test_ratelimit.c index 33cea5f3d28b..e244f8cd47d7 100644 --- a/lib/tests/test_ratelimit.c +++ b/lib/tests/test_ratelimit.c @@ -68,7 +68,6 @@ static void test_ratelimit_smoke(struct kunit *test) static struct ratelimit_state stressrl =3D RATELIMIT_STATE_INIT_FLAGS("str= essrl", HZ / 10, 3, RATELIMIT_MSG_ON_RELEASE); =20 -static int doneflag; static const int stress_duration =3D 2 * HZ; =20 struct stress_kthread { @@ -84,9 +83,8 @@ static int test_ratelimit_stress_child(void *arg) struct stress_kthread *sktp =3D arg; =20 set_user_nice(current, MAX_NICE); - WARN_ON_ONCE(!sktp->tp); =20 - while (!READ_ONCE(doneflag)) { + while (!kthread_should_stop()) { sktp->nattempts++; if (___ratelimit(&stressrl, __func__)) sktp->nunlimited++; @@ -105,26 +103,37 @@ static void test_ratelimit_stress(struct kunit *test) const int n_stress_kthread =3D cpumask_weight(cpu_online_mask); struct stress_kthread skt =3D { 0 }; struct stress_kthread *sktp =3D kzalloc_objs(*sktp, n_stress_kthread); + int n_started =3D 0; =20 - KUNIT_EXPECT_NOT_NULL_MSG(test, sktp, "Memory allocation failure"); + KUNIT_ASSERT_NOT_NULL_MSG(test, sktp, "Memory allocation failure"); for (i =3D 0; i < n_stress_kthread; i++) { sktp[i].tp =3D kthread_run(test_ratelimit_stress_child, &sktp[i], "%s/%i= ", "test_ratelimit_stress_child", i); - KUNIT_EXPECT_NOT_NULL_MSG(test, sktp, "kthread creation failure"); + if (IS_ERR(sktp[i].tp)) { + KUNIT_FAIL(test, "kthread_run failed: %ld", PTR_ERR(sktp[i].tp)); + goto out_stop; + } + n_started++; pr_alert("Spawned test_ratelimit_stress_child %d\n", i); } schedule_timeout_idle(stress_duration); - WRITE_ONCE(doneflag, 1); - for (i =3D 0; i < n_stress_kthread; i++) { + +out_stop: + for (i =3D 0; i < n_started; i++) { kthread_stop(sktp[i].tp); skt.nattempts +=3D sktp[i].nattempts; skt.nunlimited +=3D sktp[i].nunlimited; skt.nlimited +=3D sktp[i].nlimited; skt.nmissed +=3D sktp[i].nmissed; } - KUNIT_ASSERT_EQ_MSG(test, skt.nunlimited + skt.nlimited, skt.nattempts, - "Outcomes not equal to attempts"); - KUNIT_ASSERT_EQ_MSG(test, skt.nlimited, skt.nmissed, "Misses not equal to= limits"); + if (n_started =3D=3D n_stress_kthread) { + KUNIT_ASSERT_EQ_MSG(test, skt.nunlimited + skt.nlimited, skt.nattempts, + "Outcomes not equal to attempts"); + KUNIT_ASSERT_EQ_MSG(test, skt.nlimited, skt.nmissed, + "Misses not equal to limits"); + } + + kfree(sktp); } =20 static struct kunit_case ratelimit_test_cases[] =3D { --=20 2.34.1