lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 6 Feb 2020 15:31:38 -0500
From:   Qian Cai <cai@....pw>
To:     Andrew Morton <akpm@...ux-foundation.org>
Cc:     linux-mm@...ck.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH -next] mm/swap_state: mark an intentional data race

Please disregard this patch. I found more data races in this file, so will send a new
patch to have them at once.

> On Feb 5, 2020, at 10:55 PM, Qian Cai <cai@....pw> wrote:
> 
> swap_cache_info.find_total could be accessed concurrently as noticed by
> KCSAN,
> 
> BUG: KCSAN: data-race in lookup_swap_cache / lookup_swap_cache
> 
> write to 0xffffffff85517318 of 8 bytes by task 94138 on cpu 101:
>  lookup_swap_cache+0x12e/0x460
>  lookup_swap_cache at mm/swap_state.c:322
>  do_swap_page+0x112/0xeb0
>  __handle_mm_fault+0xc7a/0xd00
>  handle_mm_fault+0xfc/0x2f0
>  do_page_fault+0x263/0x6f9
>  page_fault+0x34/0x40
> 
> read to 0xffffffff85517318 of 8 bytes by task 91655 on cpu 100:
>  lookup_swap_cache+0x117/0x460
>  lookup_swap_cache at mm/swap_state.c:322
>  shmem_swapin_page+0xc7/0x9e0
>  shmem_getpage_gfp+0x2ca/0x16c0
>  shmem_fault+0xef/0x3c0
>  __do_fault+0x9e/0x220
>  do_fault+0x4a0/0x920
>  __handle_mm_fault+0xc69/0xd00
>  handle_mm_fault+0xfc/0x2f0
>  do_page_fault+0x263/0x6f9
>  page_fault+0x34/0x40
> 
> Reported by Kernel Concurrency Sanitizer on:
> CPU: 100 PID: 91655 Comm: systemd-journal Tainted: G        W  O L 5.5.0-next-20200204+ #6
> Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 07/10/2019
> 
> Both the read and write are done as lockless. Since INC_CACHE_INFO() is
> only used for swap_cache_info.find_total and
> swap_cache_info.find_success which both are information counters, even
> if any of them missed a few incremental due to data races, it will be
> harmless, so just mark it as an intentional data race using the
> data_race() macro.
> 
> While at it, fix a checkpatch.pl warning,
> 
> WARNING: Single statement macros should not use a do {} while (0) loop
> 
> Signed-off-by: Qian Cai <cai@....pw>
> ---
> mm/swap_state.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/mm/swap_state.c b/mm/swap_state.c
> index 8e7ce9a9bc5e..b964c1391362 100644
> --- a/mm/swap_state.c
> +++ b/mm/swap_state.c
> @@ -58,8 +58,8 @@ static bool enable_vma_readahead __read_mostly = true;
> #define GET_SWAP_RA_VAL(vma)					\
> 	(atomic_long_read(&(vma)->swap_readahead_info) ? : 4)
> 
> -#define INC_CACHE_INFO(x)	do { swap_cache_info.x++; } while (0)
> -#define ADD_CACHE_INFO(x, nr)	do { swap_cache_info.x += (nr); } while (0)
> +#define INC_CACHE_INFO(x)	data_race(swap_cache_info.x++)
> +#define ADD_CACHE_INFO(x, nr)	(swap_cache_info.x += (nr))
> 
> static struct {
> 	unsigned long add_total;
> -- 
> 2.21.0 (Apple Git-122.2)
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ