| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 8 Nov 2019 10:02:22 -0800
From: Eric Dumazet <edumazet@...gle.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Eric Dumazet <eric.dumazet@...il.com>,
syzbot <syzbot+3ef049d50587836c0606@...kaller.appspotmail.com>,
Marco Elver <elver@...gle.com>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
syzkaller-bugs <syzkaller-bugs@...glegroups.com>,
Al Viro <viro@...iv.linux.org.uk>
Subject: Re: KCSAN: data-race in __alloc_file / __alloc_file
On Fri, Nov 8, 2019 at 9:55 AM Eric Dumazet <edumazet@...gle.com> wrote:
>
> On Fri, Nov 8, 2019 at 9:53 AM Eric Dumazet <edumazet@...gle.com> wrote:
> >
> > On Fri, Nov 8, 2019 at 9:39 AM Linus Torvalds
> > <torvalds@...ux-foundation.org> wrote:
> >
> > > I'd hope that there is some way to mark the cases we know about where
> > > we just have a flag. I'm not sure what KCSAN uses right now - is it
> > > just the "volatile" that makes KCSAN ignore it, or are there other
> > > ways to do it?
> >
> > I dunno, Marco will comment on this.
> >
> > I personally like WRITE_ONCE() since it adds zero overhead on generated code,
> > and is the facto accessor we used for many years (before KCSAN was conceived)
> >
>
> BTW, I would love an efficient ADD_ONCE(variable, value)
>
> Using WRITE_ONCE(variable, variable + value) is not good, since it can
> not use the
> optimized instructions operating directly on memory.
Another interesting KCSAN report :
static inline s64 percpu_counter_read_positive(struct percpu_counter *fbc)
{
s64 ret = fbc->count; // data-race ....
barrier(); /* Prevent reloads of fbc->count */
if (ret >= 0)
return ret;
return 0;
}
How was this code supposed to work at all on 32bit arches ???
Using READ_ONCE(fbc->count) alone will not help.
BUG: KCSAN: data-race in ip6_dst_gc / ip6_dst_gc
read to 0xffff88811dd6298c of 4 bytes by task 10060 on cpu 1:
dst_entries_get_fast include/net/dst_ops.h:47 [inline]
ip6_dst_gc+0xf6/0x220 net/ipv6/route.c:3167
dst_alloc+0x104/0x149 net/core/dst.c:85
ip6_dst_alloc+0x3d/0x80 net/ipv6/route.c:353
ip6_rt_cache_alloc+0x8d/0x340 net/ipv6/route.c:1338
ip6_pol_route+0x4ec/0x5c0 net/ipv6/route.c:2217
ip6_pol_route_output+0x48/0x60 net/ipv6/route.c:2452
fib6_rule_lookup+0x95/0x470 net/ipv6/fib6_rules.c:113
ip6_route_output_flags_noref+0x16b/0x230 net/ipv6/route.c:2484
ip6_route_output_flags+0x50/0x1a0 net/ipv6/route.c:2497
ip6_dst_lookup_tail+0x25d/0xc30 net/ipv6/ip6_output.c:1052
ip6_dst_lookup_flow+0x68/0x120 net/ipv6/ip6_output.c:1153
rawv6_sendmsg+0x82c/0x21e0 net/ipv6/raw.c:928
inet_sendmsg+0x6d/0x90 net/ipv4/af_inet.c:807
sock_sendmsg_nosec net/socket.c:637 [inline]
sock_sendmsg+0x9f/0xc0 net/socket.c:657
kernel_sendmsg+0x4d/0x70 net/socket.c:677
sock_no_sendpage+0xda/0x110 net/core/sock.c:2742
kernel_sendpage+0x7b/0xc0 net/socket.c:3682
sock_sendpage+0x6c/0x90 net/socket.c:935
pipe_to_sendpage+0x102/0x180 fs/splice.c:449
splice_from_pipe_feed fs/splice.c:500 [inline]
__splice_from_pipe+0x248/0x480 fs/splice.c:624
splice_from_pipe+0xbb/0x100 fs/splice.c:659
generic_splice_sendpage+0x45/0x60 fs/splice.c:829
do_splice_from fs/splice.c:848 [inline]
direct_splice_actor+0xa0/0xc0 fs/splice.c:1020
splice_direct_to_actor+0x215/0x510 fs/splice.c:975
do_splice_direct+0x161/0x1e0 fs/splice.c:1063
do_sendfile+0x384/0x7f0 fs/read_write.c:1464
__do_sys_sendfile64 fs/read_write.c:1525 [inline]
__se_sys_sendfile64 fs/read_write.c:1511 [inline]
__x64_sys_sendfile64+0x12a/0x140 fs/read_write.c:1511
do_syscall_64+0xcc/0x370 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Powered by blists - more mailing lists