| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Jun 2021 12:48:04 -0600
From: jim.cromie@...il.com
To: Dominique Martinet <asmadeus@...ewreck.org>
Cc: kasan-dev@...glegroups.com, v9fs-developer@...ts.sourceforge.net,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [V9fs-developer] KCSAN BUG report on p9_client_cb / p9_client_rpc
On Tue, Jun 22, 2021 at 3:03 PM Dominique Martinet
<asmadeus@...ewreck.org> wrote:
>
> Hi,
>
> let's keep the lists in Cc :)
>
> jim.cromie@...il.com wrote on Tue, Jun 22, 2021 at 02:55:19PM -0600:
> > heres a fuller report - Im seeing some new stuff here.
>
> Thanks, the one two should be the same as p9_client_cb / p9_client_rpc
> and p9_client_cb / p9_virtio_zc_request are very similar, and also the
> same to the first you had, so the patch didn't really work.
>
> I thought after sending it that it probably needs to be tag =
> READ_ONCE(req->tc.tag) instead of just assigning it... Would you mind
> trying that?
>
I tried it, still getting the reports.
I havent replicated it on a nearby work-tree
and I tried bisecting on the problem work-tree,
got past all my patches and problem remained.
So everything is suspect ...
I'll try to narrow things down.
heres the latest report, for the list
qemu-system-x86_64: warning: 9p: degraded performance: a reasonable
high msize should be chosen on client/guest side (chosen msize is <=
8192). See https://wiki.qemu.org/Documentation/9psetup#msize for
details.
[ 8.566576] VFS: Mounted root (9p filesystem) readonly on device 0:22.
qemu-system-x86_64: warning: 9p: Multiple devices detected in same
VirtFS export, which might lead to file ID collisions and severe
misbehaviours on guest! You should either use a separate export for
each device shared from host or use virtfs option 'multidevs=remap'!
[ 8.573452] devtmpfs: mounted
[ 8.585150] Freeing unused decrypted memory: 2036K
[ 8.589527] Freeing unused kernel image (initmem) memory: 3092K
[ 8.591756] Write protecting the kernel read-only data: 30720k
[ 8.601183] Freeing unused kernel image (text/rodata gap) memory: 2032K
[ 8.604040] Freeing unused kernel image (rodata/data gap) memory: 440K
[ 8.787167] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[ 8.788573] rodata_test: all tests were successful
[ 8.789531] x86/mm: Checking user space page tables
[ 8.968680] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[ 8.969933] Run /bin/sh as init process
[ 9.537655] ==================================================================
[ 9.538731] BUG: KCSAN: data-race in p9_client_cb / p9_virtio_zc_request
[ 9.539873]
[ 9.540113] write to 0xffff888005e5d000 of 4 bytes by interrupt on cpu 0:
[ 9.541192] p9_client_cb+0x27/0x110
[ 9.541858] req_done+0xd3/0x130
[ 9.542482] vring_interrupt+0xac/0x130
[ 9.543171] __handle_irq_event_percpu+0x64/0x260
[ 9.544042] handle_irq_event+0x93/0x120
[ 9.544717] handle_edge_irq+0x123/0x400
[ 9.545429] __common_interrupt+0x3e/0xa0
[ 9.546001] common_interrupt+0x7e/0xa0
[ 9.546518] asm_common_interrupt+0x1e/0x40
[ 9.547127] native_safe_halt+0xe/0x10
[ 9.547846] default_idle+0xa/0x10
[ 9.548348] default_idle_call+0x38/0xc0
[ 9.548991] do_idle+0x1e7/0x270
[ 9.549548] cpu_startup_entry+0x19/0x20
[ 9.550180] rest_init+0xd0/0xd2
[ 9.550740] arch_call_rest_init+0xa/0x11
[ 9.551493] start_kernel+0xacb/0xadd
[ 9.552035] secondary_startup_64_no_verify+0xc2/0xcb
[ 9.552739]
[ 9.552954] read to 0xffff888005e5d000 of 4 bytes by task 185 on cpu 1:
[ 9.553986] p9_virtio_zc_request+0x449/0x7b0
[ 9.554586] p9_client_zc_rpc.constprop.0+0x175/0x770
[ 9.555421] p9_client_read_once+0x24d/0x330
[ 9.556013] p9_client_read+0x81/0xa0
[ 9.556518] v9fs_fid_readpage+0xca/0x310
[ 9.557084] v9fs_vfs_readpage+0x28/0x30
[ 9.557785] filemap_read_page+0x6e/0x1a0
[ 9.558337] filemap_fault+0xc2a/0x1010
[ 9.558874] __do_fault+0x76/0x210
[ 9.559343] __handle_mm_fault+0x16fe/0x2010
[ 9.559934] handle_mm_fault+0x129/0x410
[ 9.560472] do_user_addr_fault+0x1b7/0x670
[ 9.561052] exc_page_fault+0x78/0x160
[ 9.561569] asm_exc_page_fault+0x1e/0x30
[ 9.562122]
[ 9.562336] Reported by Kernel Concurrency Sanitizer on:
[ 9.563054] CPU: 1 PID: 185 Comm: mount Not tainted
5.13.0-rc7-dd7i-00040-g07a2fabfd89c-dirty #131
[ 9.564368] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.14.0-3.fc34 04/01/2014
[ 9.565543] ==================================================================
[ 9.842861] virtme-init: basic initialization done
[ 9.870984] virtme-init: running systemd-tmpfiles
[ 10.371613] ==================================================================
[ 10.372752] BUG: KCSAN: data-race in p9_client_cb / p9_client_rpc
[ 10.373617]
[ 10.373832] write to 0xffff888005e5d000 of 4 bytes by interrupt on cpu 0:
[ 10.374753] p9_client_cb+0x27/0x110
[ 10.375252] req_done+0xd3/0x130
[ 10.375749] vring_interrupt+0xac/0x130
[ 10.376282] __handle_irq_event_percpu+0x64/0x260
[ 10.376927] handle_irq_event+0x93/0x120
[ 10.377465] handle_edge_irq+0x123/0x400
[ 10.378035] __common_interrupt+0x3e/0xa0
[ 10.378611] common_interrupt+0x7e/0xa0
[ 10.379126] asm_common_interrupt+0x1e/0x40
[ 10.379720] native_safe_halt+0xe/0x10
[ 10.380271] default_idle+0xa/0x10
[ 10.380770] default_idle_call+0x38/0xc0
[ 10.381328] do_idle+0x1e7/0x270
[ 10.381835] cpu_startup_entry+0x19/0x20
[ 10.382358] rest_init+0xd0/0xd2
[ 10.382832] arch_call_rest_init+0xa/0x11
[ 10.383414] start_kernel+0xacb/0xadd
[ 10.383944] secondary_startup_64_no_verify+0xc2/0xcb
[ 10.384660]
[ 10.384869] read to 0xffff888005e5d000 of 4 bytes by task 194 on cpu 1:
[ 10.385832] p9_client_rpc+0x1cf/0x860
[ 10.386398] p9_client_readlink+0x3b/0x110
[ 10.386972] v9fs_vfs_get_link_dotl+0x37/0x80
[ 10.387568] step_into+0xa7c/0xb60
[ 10.388042] walk_component+0x8a/0x270
[ 10.388558] path_lookupat+0xca/0x340
[ 10.389065] filename_lookup+0x134/0x2a0
[ 10.389628] user_path_at_empty+0x6d/0x90
[ 10.390187] vfs_statx+0x79/0x1a0
[ 10.390681] __do_sys_newfstatat+0x1e/0x40
[ 10.391237] __x64_sys_newfstatat+0x4e/0x60
[ 10.391845] do_syscall_64+0x42/0x80
[ 10.392373] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 10.393082]
[ 10.393310] Reported by Kernel Concurrency Sanitizer on:
[ 10.394106] CPU: 1 PID: 194 Comm: systemd-tmpfile Not tainted
5.13.0-rc7-dd7i-00040-g07a2fabfd89c-dirty #131
[ 10.395779] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.14.0-3.fc34 04/01/2014
[ 10.397131] ==================================================================
Failed to create directory or subvolume "/var/spool/cups/tmp": Permission denied
[ 10.720448] virtme-init: starting udevd
[ 10.784768] ==================================================================
[ 10.785855] BUG: KCSAN: data-race in p9_client_cb / p9_client_rpc
[ 10.786937]
[ 10.787152] write to 0xffff888005e5d000 of 4 bytes by interrupt on cpu 0:
[ 10.788185] p9_client_cb+0x27/0x110
[ 10.788687] req_done+0xd3/0x130
[ 10.789133] vring_interrupt+0xac/0x130
[ 10.789669] __handle_irq_event_percpu+0x64/0x260
[ 10.790306] handle_irq_event+0x93/0x120
[ 10.790845] handle_edge_irq+0x123/0x400
[ 10.791384] __common_interrupt+0x3e/0xa0
[ 10.791933] common_interrupt+0x7e/0xa0
[ 10.792460] asm_common_interrupt+0x1e/0x40
[ 10.793052] native_safe_halt+0xe/0x10
[ 10.793674] default_idle+0xa/0x10
[ 10.794293] default_idle_call+0x38/0xc0
[ 10.794914] do_idle+0x1e7/0x270
[ 10.795366] cpu_startup_entry+0x19/0x20
[ 10.795909] rest_init+0xd0/0xd2
[ 10.796353] arch_call_rest_init+0xa/0x11
[ 10.796911] start_kernel+0xacb/0xadd
[ 10.797459] secondary_startup_64_no_verify+0xc2/0xcb
[ 10.798153]
[ 10.798367] read to 0xffff888005e5d000 of 4 bytes by task 196 on cpu 1:
[ 10.799256] p9_client_rpc+0x185/0x860
[ 10.799776] p9_client_clunk+0x99/0x150
[ 10.800300] v9fs_dentry_release+0x38/0x60
[ 10.800863] __dentry_kill+0x203/0x2b0
[ 10.801374] dput+0x217/0x480
[ 10.801788] path_openat+0x803/0x1860
[ 10.802573] do_filp_open+0x116/0x1f0
[ 10.803322] do_sys_openat2+0x91/0x190
[ 10.804215] __x64_sys_openat+0x9b/0xd0
[ 10.805003] do_syscall_64+0x42/0x80
[ 10.805838] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 10.806854]
[ 10.807226] Reported by Kernel Concurrency Sanitizer on:
[ 10.808460] CPU: 1 PID: 196 Comm: systemd-udevd Not tainted
5.13.0-rc7-dd7i-00040-g07a2fabfd89c-dirty #131
[ 10.810544] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.14.0-3.fc34 04/01/2014
[ 10.812337] ==================================================================
...
[ 12.579025] ==================================================================
[ 12.580064] BUG: KCSAN: data-race in p9_client_cb / p9_virtio_zc_request
[ 12.580978]
[ 12.581193] write to 0xffff888005e5d900 of 4 bytes by interrupt on cpu 0:
[ 12.582107] p9_client_cb+0x27/0x110
[ 12.582647] req_done+0xd3/0x130
[ 12.583080] vring_interrupt+0xac/0x130
[ 12.583632] __handle_irq_event_percpu+0x64/0x260
[ 12.584335] handle_irq_event+0x93/0x120
[ 12.584899] handle_edge_irq+0x123/0x400
[ 12.585456] __common_interrupt+0x3e/0xa0
[ 12.586028] common_interrupt+0x43/0xa0
[ 12.586537] asm_common_interrupt+0x1e/0x40
[ 12.587179]
[ 12.587387] read to 0xffff888005e5d900 of 4 bytes by task 238 on cpu 1:
[ 12.588322] p9_virtio_zc_request+0x449/0x7b0
[ 12.588942] p9_client_zc_rpc.constprop.0+0x175/0x770
[ 12.589645] p9_client_read_once+0x24d/0x330
[ 12.590417] p9_client_read+0x81/0xa0
[ 12.590946] v9fs_fid_readpage+0xca/0x310
[ 12.591712] v9fs_vfs_readpage+0x28/0x30
[ 12.592470] filemap_read_page+0x6e/0x1a0
[ 12.593218] filemap_fault+0xc2a/0x1010
[ 12.593922] __do_fault+0x76/0x210
[ 12.594590] __handle_mm_fault+0x16fe/0x2010
[ 12.595219] handle_mm_fault+0x129/0x410
[ 12.596017] do_user_addr_fault+0x1b7/0x670
[ 12.596902] exc_page_fault+0x78/0x160
[ 12.597449] asm_exc_page_fault+0x1e/0x30
[ 12.597999]
[ 12.598212] Reported by Kernel Concurrency Sanitizer on:
[ 12.598927] CPU: 1 PID: 238 Comm: modprobe Not tainted
5.13.0-rc7-dd7i-00040-g07a2fabfd89c-dirty #131
[ 12.600153] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.14.0-3.fc34 04/01/2014
[ 12.601318] ==================================================================
...
[ 12.861485] ==================================================================
[ 12.862516] BUG: KCSAN: data-race in virtqueue_get_buf_ctx_split+0x62/0x250
[ 12.863531]
[ 12.863796] race at unknown origin, with read to 0xffff888005dcb942
of 2 bytes by interrupt on cpu 0:
[ 12.865289] virtqueue_get_buf_ctx_split+0x62/0x250
[ 12.866190] virtqueue_get_buf+0x33/0x40
[ 12.866890] req_done+0x6c/0x130
[ 12.867376] vring_interrupt+0xac/0x130
[ 12.867913] __handle_irq_event_percpu+0x64/0x260
[ 12.868559] handle_irq_event+0x93/0x120
[ 12.869109] handle_edge_irq+0x123/0x400
[ 12.869663] __common_interrupt+0x3e/0xa0
[ 12.870213] common_interrupt+0x7e/0xa0
[ 12.870840] asm_common_interrupt+0x1e/0x40
[ 12.871444] native_safe_halt+0xe/0x10
[ 12.872046] default_idle+0xa/0x10
[ 12.872628] default_idle_call+0x38/0xc0
[ 12.873214] do_idle+0x1e7/0x270
[ 12.873756] cpu_startup_entry+0x19/0x20
[ 12.874301] rest_init+0xd0/0xd2
[ 12.874855] arch_call_rest_init+0xa/0x11
[ 12.875418] start_kernel+0xacb/0xadd
[ 12.875950] secondary_startup_64_no_verify+0xc2/0xcb
[ 12.876683]
[ 12.876893] Reported by Kernel Concurrency Sanitizer on:
[ 12.877630] CPU: 0 PID: 0 Comm: swapper/0 Not tainted
5.13.0-rc7-dd7i-00040-g07a2fabfd89c-dirty #131
[ 12.878962] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.14.0-3.fc34 04/01/2014
> > Im running in a vm, using virtme, which uses 9p to share host filesystems
> > since 1st report to you, Ive added --smp 2 to my testing, it seems to
> > have increased reporting
>
> I'm ashamed to say I've just never tried KCSAN... I can give it a try over
> the next few weeks* if that patch + READ_ONCE doesn't cut it
>
> (*sorry)
>
> Thanks,
> --
> Dominique
Powered by blists - more mailing lists