lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <f17dcce0-d510-a112-3127-984e8e73f480@huaweicloud.com>
Date:   Tue, 24 Jan 2023 15:57:55 +0100
From:   Hernan Ponce de Leon <hernan.poncedeleon@...weicloud.com>
To:     paulmck@...nel.org
Cc:     Arjan van de Ven <arjan@...ux.intel.com>, peterz@...radead.org,
        mingo@...hat.com, will@...nel.org, longman@...hat.com,
        boqun.feng@...il.com, akpm@...l.org, tglx@...utronix.de,
        joel@...lfernandes.org, stern@...land.harvard.edu,
        diogo.behrens@...wei.com, jonas.oberhauser@...wei.com,
        linux-kernel@...r.kernel.org,
        Hernan Ponce de Leon <hernanl.leon@...wei.com>,
        stable@...r.kernel.org
Subject: Re: [PATCH] Fix data race in mark_rt_mutex_waiters

On 1/23/2023 5:40 PM, Paul E. McKenney wrote:
> On Sun, Jan 22, 2023 at 04:24:21PM +0100, Hernan Ponce de Leon wrote:
>> On 1/20/2023 4:54 PM, Paul E. McKenney wrote:
>>> On Fri, Jan 20, 2023 at 06:58:20AM -0800, Arjan van de Ven wrote:
>>>> On 1/20/2023 5:55 AM, Hernan Ponce de Leon wrote:
>>>>> From: Hernan Ponce de Leon <hernanl.leon@...wei.com>
>>>>>
>>>>
>>>>>     kernel/locking/rtmutex.c | 2 +-
>>>>>     1 file changed, 1 insertion(+), 1 deletion(-)
>>>>>
>>>>> diff --git a/kernel/locking/rtmutex.c b/kernel/locking/rtmutex.c
>>>>> index 010cf4e6d0b8..7ed9472edd48 100644
>>>>> --- a/kernel/locking/rtmutex.c
>>>>> +++ b/kernel/locking/rtmutex.c
>>>>> @@ -235,7 +235,7 @@ static __always_inline void mark_rt_mutex_waiters(struct rt_mutex_base *lock)
>>>>>     	unsigned long owner, *p = (unsigned long *) &lock->owner;
>>>>>     	do {
>>>>> -		owner = *p;
>>>>> +		owner = READ_ONCE(*p);
>>>>>     	} while (cmpxchg_relaxed(p, owner,
>>>>
>>>>
>>>> I don't see how this makes any difference at all.
>>>> *p can be read a dozen times and it's fine; cmpxchg has barrier semantics for compilers afaics
>>>
>>> Doing so does suppress a KCSAN warning.  You could also use data_race()
>>> if it turns out that the volatile semantics would prevent a valuable
>>> compiler optimization.
>>
>> I think the import question is "is this a harmful data race (and needs to be
>> fixed as proposed by the patch) or a harmless one (and we should use
>> data_race() to silence tools)?".
>>
>> In https://lkml.org/lkml/2023/1/22/160 I describe how this data race can
>> affect important ordering guarantees for the rest of the code. For this
>> reason I consider it a harmful one. If this is not the case, I would
>> appreciate some feedback or pointer to resources about what races care to
>> avoid spamming the mailing list in the future.
> 
> In the case, the value read is passed into cmpxchg_relaxed(), which
> checks the value against memory.  In this case, as Arjan noted, the only
> compiler-and-silicon difference between data_race() and READ_ONCE()
> is that use of data_race() might allow the compiler to do things like
> tear the load, thus forcing the occasional spurious cmpxchg_relaxed()
> failure.  In contrast, LKMM (by design) throws up its hands when it sees
> a data race.  Something about not being eager to track the idiosyncrasies
> of many compiler versions.
> 
> My approach in my own code is to use *_ONCE() unless it causes a visible
> performance regression or if it confuses KCSAN.  An example of the latter
> can be debug code, in which case use of data_race() avoids suppressing
> KCSAN warnings (and also false positives, depending).

I understand that *_ONCE() might avoid some compiler optimization and 
reduce performance in the general case. However, if I understand your 
first paragraph correctly, in this particular case data_race() could 
allow the CAS to fail more often, resulting in more spinning iterations 
and degraded performance. Am I right?

> 
> Except that your other email seems to also be arguing that additional
> ordering is required.  So is https://lkml.org/lkml/2023/1/20/702 really
> sufficient just by itself, or is additional ordering required?

I do not claim that we need to mark the read to add the ordering that is 
needed for correctness (mutual exclusion). What I claim in this patch is 
that there is a data race, and since it can affect ordering constrains 
in subtle ways, I consider it harmful and thus I want to fix it.

What I explain in the other email is that if we fix the data race, 
either the fence or the acquire store might be relaxed (because marking 
the read gives us some extra ordering guarantees). If the race is not 
fixed, both the fence and the acquire are needed according to LKMM. The 
situation is different wrt hardware models. In that case the tool cannot 
find any violation even if we don't fix the race and we relax the store 
/ remove the fence.

Hernan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ