| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Jan 2023 08:40:14 -0800
From: "Paul E. McKenney" <paulmck@...nel.org>
To: Hernan Ponce de Leon <hernan.poncedeleon@...weicloud.com>
Cc: Arjan van de Ven <arjan@...ux.intel.com>, peterz@...radead.org,
mingo@...hat.com, will@...nel.org, longman@...hat.com,
boqun.feng@...il.com, akpm@...l.org, tglx@...utronix.de,
joel@...lfernandes.org, stern@...land.harvard.edu,
diogo.behrens@...wei.com, jonas.oberhauser@...wei.com,
linux-kernel@...r.kernel.org,
Hernan Ponce de Leon <hernanl.leon@...wei.com>,
stable@...r.kernel.org
Subject: Re: [PATCH] Fix data race in mark_rt_mutex_waiters
On Sun, Jan 22, 2023 at 04:24:21PM +0100, Hernan Ponce de Leon wrote:
> On 1/20/2023 4:54 PM, Paul E. McKenney wrote:
> > On Fri, Jan 20, 2023 at 06:58:20AM -0800, Arjan van de Ven wrote:
> > > On 1/20/2023 5:55 AM, Hernan Ponce de Leon wrote:
> > > > From: Hernan Ponce de Leon <hernanl.leon@...wei.com>
> > > >
> > >
> > > > kernel/locking/rtmutex.c | 2 +-
> > > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > > >
> > > > diff --git a/kernel/locking/rtmutex.c b/kernel/locking/rtmutex.c
> > > > index 010cf4e6d0b8..7ed9472edd48 100644
> > > > --- a/kernel/locking/rtmutex.c
> > > > +++ b/kernel/locking/rtmutex.c
> > > > @@ -235,7 +235,7 @@ static __always_inline void mark_rt_mutex_waiters(struct rt_mutex_base *lock)
> > > > unsigned long owner, *p = (unsigned long *) &lock->owner;
> > > > do {
> > > > - owner = *p;
> > > > + owner = READ_ONCE(*p);
> > > > } while (cmpxchg_relaxed(p, owner,
> > >
> > >
> > > I don't see how this makes any difference at all.
> > > *p can be read a dozen times and it's fine; cmpxchg has barrier semantics for compilers afaics
> >
> > Doing so does suppress a KCSAN warning. You could also use data_race()
> > if it turns out that the volatile semantics would prevent a valuable
> > compiler optimization.
>
> I think the import question is "is this a harmful data race (and needs to be
> fixed as proposed by the patch) or a harmless one (and we should use
> data_race() to silence tools)?".
>
> In https://lkml.org/lkml/2023/1/22/160 I describe how this data race can
> affect important ordering guarantees for the rest of the code. For this
> reason I consider it a harmful one. If this is not the case, I would
> appreciate some feedback or pointer to resources about what races care to
> avoid spamming the mailing list in the future.
In the case, the value read is passed into cmpxchg_relaxed(), which
checks the value against memory. In this case, as Arjan noted, the only
compiler-and-silicon difference between data_race() and READ_ONCE()
is that use of data_race() might allow the compiler to do things like
tear the load, thus forcing the occasional spurious cmpxchg_relaxed()
failure. In contrast, LKMM (by design) throws up its hands when it sees
a data race. Something about not being eager to track the idiosyncrasies
of many compiler versions.
My approach in my own code is to use *_ONCE() unless it causes a visible
performance regression or if it confuses KCSAN. An example of the latter
can be debug code, in which case use of data_race() avoids suppressing
KCSAN warnings (and also false positives, depending).
Except that your other email seems to also be arguing that additional
ordering is required. So is https://lkml.org/lkml/2023/1/20/702 really
sufficient just by itself, or is additional ordering required?
Thanx, Paul
Powered by blists - more mailing lists