lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20191105182746.217864-1-elver@google.com>
Date:   Tue,  5 Nov 2019 19:27:47 +0100
From:   Marco Elver <elver@...gle.com>
To:     elver@...gle.com
Cc:     axboe@...nel.dk, linux-block@...r.kernel.org,
        linux-kernel@...r.kernel.org,
        syzbot+ba8947364367f96fe16b@...kaller.appspotmail.com
Subject: [PATCH] blk-wbt: Fix data race and avoid possible false sharing

The pattern here is to avoid possible false sharing. However, due to
compiler optimizations the code may simply collapse to the write if we
omit READ_ONCE/WRITE_ONCE:
https://github.com/google/ktsan/wiki/READ_ONCE-and-WRITE_ONCE#it-may-improve-performance

==================================================================
BUG: KCSAN: data-race in wbt_wait / wbt_wait

read to 0xffff88821aa6d140 of 8 bytes by task 10372 on cpu 1:
 wb_timestamp block/blk-wbt.c:88 [inline]
 wb_timestamp block/blk-wbt.c:83 [inline]
 wbt_wait+0x1f9/0x250 block/blk-wbt.c:587
 __rq_qos_throttle+0x47/0x70 block/blk-rq-qos.c:72
 rq_qos_throttle block/blk-rq-qos.h:185 [inline]
 blk_mq_make_request+0x29c/0xf60 block/blk-mq.c:1971
 generic_make_request block/blk-core.c:1064 [inline]
 generic_make_request+0x196/0x740 block/blk-core.c:1006
 submit_bio+0x96/0x3c0 block/blk-core.c:1190
 submit_bh_wbc+0x40f/0x460 fs/buffer.c:3095
 submit_bh fs/buffer.c:3101 [inline]
 __bread_slow fs/buffer.c:1177 [inline]
 __bread_gfp+0xe7/0x1e0 fs/buffer.c:1359
 sb_bread include/linux/buffer_head.h:307 [inline]
 fat__get_entry+0x35e/0x4f0 fs/fat/dir.c:100
 fat_get_entry fs/fat/dir.c:128 [inline]
 fat_get_short_entry+0x103/0x200 fs/fat/dir.c:877
 fat_subdirs+0x6b/0x110 fs/fat/dir.c:943
 fat_read_root fs/fat/inode.c:1416 [inline]
 fat_fill_super+0x1552/0x1f50 fs/fat/inode.c:1862
 vfat_fill_super+0x3b/0x50 fs/fat/namei_vfat.c:1050
 mount_bdev+0x262/0x2d0 fs/super.c:1415
 vfat_mount+0x3e/0x60 fs/fat/namei_vfat.c:1057

write to 0xffff88821aa6d140 of 8 bytes by task 10375 on cpu 0:
 wb_timestamp block/blk-wbt.c:89 [inline]
 wb_timestamp block/blk-wbt.c:83 [inline]
 wbt_wait+0x21e/0x250 block/blk-wbt.c:587
 __rq_qos_throttle+0x47/0x70 block/blk-rq-qos.c:72
 rq_qos_throttle block/blk-rq-qos.h:185 [inline]
 blk_mq_make_request+0x29c/0xf60 block/blk-mq.c:1971
 generic_make_request block/blk-core.c:1064 [inline]
 generic_make_request+0x196/0x740 block/blk-core.c:1006
 submit_bio+0x96/0x3c0 block/blk-core.c:1190
 mpage_bio_submit fs/mpage.c:66 [inline]
 mpage_readpages+0x36c/0x3c0 fs/mpage.c:410
 blkdev_readpages+0x36/0x50 fs/block_dev.c:620
 read_pages+0xa2/0x2d0 mm/readahead.c:126
 __do_page_cache_readahead+0x353/0x390 mm/readahead.c:212
 force_page_cache_readahead+0x13a/0x1f0 mm/readahead.c:243
 page_cache_sync_readahead+0x1cf/0x1e0 mm/readahead.c:522
 generic_file_buffered_read mm/filemap.c:2050 [inline]
 generic_file_read_iter+0xeb6/0x1440 mm/filemap.c:2323
 blkdev_read_iter+0xb2/0xe0 fs/block_dev.c:2010

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 10375 Comm: blkid Not tainted 5.4.0-rc3+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Reported-by: syzbot+ba8947364367f96fe16b@...kaller.appspotmail.com
Signed-off-by: Marco Elver <elver@...gle.com>
---
 block/blk-wbt.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/block/blk-wbt.c b/block/blk-wbt.c
index 8641ba9793c5..ce281a9007a6 100644
--- a/block/blk-wbt.c
+++ b/block/blk-wbt.c
@@ -85,8 +85,8 @@ static void wb_timestamp(struct rq_wb *rwb, unsigned long *var)
 	if (rwb_enabled(rwb)) {
 		const unsigned long cur = jiffies;
 
-		if (cur != *var)
-			*var = cur;
+		if (cur != READ_ONCE(*var))
+			WRITE_ONCE(*var, cur);
 	}
 }
 
-- 
2.24.0.rc1.363.gb1bccd3e3d-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ