lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Tue, 22 Sep 2015 06:45:56 -0700
From:	tip-bot for Dmitry Vyukov <tipbot@...or.com>
To:	linux-tip-commits@...r.kernel.org
Cc:	dvyukov@...gle.com, hpa@...or.com, tglx@...utronix.de,
	mingo@...nel.org, linux-kernel@...r.kernel.org
Subject: [tip:timers/core] timers:
  Fix data race in timer_stats_account_timer()

Commit-ID:  3ed769bdb2a2484fd7f9f7f3047413053aacbe21
Gitweb:     http://git.kernel.org/tip/3ed769bdb2a2484fd7f9f7f3047413053aacbe21
Author:     Dmitry Vyukov <dvyukov@...gle.com>
AuthorDate: Fri, 18 Sep 2015 15:54:23 +0200
Committer:  Thomas Gleixner <tglx@...utronix.de>
CommitDate: Tue, 22 Sep 2015 15:43:18 +0200

timers: Fix data race in timer_stats_account_timer()

timer_stats_account_timer() reads timer->start_site, then checks it
for NULL and then re-reads it again, while
timer_stats_timer_clear_start_info() can concurrently reset
timer->start_site to NULL. This should not lead to crashes, but can
double number of entries in timer stats as start_site is used during
comparison, the doubled entries will have unuseful NULL start_site.

Read timer->start_site only once in timer_stats_account_timer().

The data race was found with KernelThreadSanitizer (KTSAN).

Signed-off-by: Dmitry Vyukov <dvyukov@...gle.com>
Cc: andreyknvl@...gle.com
Cc: glider@...gle.com
Cc: kcc@...gle.com
Cc: ktsan@...glegroups.com
Cc: john.stultz@...aro.org
Link: http://lkml.kernel.org/r/1442584463-69553-1-git-send-email-dvyukov@google.com
Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
---
 kernel/time/timer.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/kernel/time/timer.c b/kernel/time/timer.c
index 84190f0..d3f5e92 100644
--- a/kernel/time/timer.c
+++ b/kernel/time/timer.c
@@ -461,10 +461,17 @@ void __timer_stats_timer_set_start_info(struct timer_list *timer, void *addr)
 
 static void timer_stats_account_timer(struct timer_list *timer)
 {
-	if (likely(!timer->start_site))
+	void *site;
+
+	/*
+	 * start_site can be concurrently reset by
+	 * timer_stats_timer_clear_start_info()
+	 */
+	site = READ_ONCE(timer->start_site);
+	if (likely(!site))
 		return;
 
-	timer_stats_update_stats(timer, timer->start_pid, timer->start_site,
+	timer_stats_update_stats(timer, timer->start_pid, site,
 				 timer->function, timer->start_comm,
 				 timer->flags);
 }
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ