lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 11 Jun 2024 02:18:12 -0700
From: Breno Leitao <leitao@...ian.org>
To: Thomas Gleixner <tglx@...utronix.de>,
	Andrew Morton <akpm@...ux-foundation.org>
Cc: paulmck@...nel.org,
	linux-kernel@...r.kernel.org (open list:DEBUGOBJECTS:)
Subject: [PATCH v2] [PATCH] debugobjects: Annotate racy debug variables

KCSAN has identified a potential data race in debugobjects, where the
global variable debug_objects_maxchain is accessed for both reading and
writing simultaneously in separate and parallel data paths. This results
in the following splat printed by KCSAN:

       	BUG: KCSAN: data-race in debug_check_no_obj_freed / debug_object_activate

       	write to 0xffffffff847ccfc8 of 4 bytes by task 734 on cpu 41:
       	debug_object_activate (lib/debugobjects.c:199
                               lib/debugobjects.c:564 lib/debugobjects.c:710)
       	call_rcu (kernel/rcu/rcu.h:227
                  kernel/rcu/tree.c:2719 kernel/rcu/tree.c:2838)
       	security_inode_free (security/security.c:1626)
       	__destroy_inode (./include/linux/fsnotify.h:222 fs/inode.c:287)
<snip>

       	read to 0xffffffff847ccfc8 of 4 bytes by task 384 on cpu 31:
       	debug_check_no_obj_freed (lib/debugobjects.c:1000
				  lib/debugobjects.c:1019)
       	kfree (mm/slub.c:2081 mm/slub.c:4280 mm/slub.c:4390)
       	percpu_ref_exit (lib/percpu-refcount.c:147)
       	css_free_rwork_fn (kernel/cgroup/cgroup.c:5357)
<snip>
       	value changed: 0x00000070 -> 0x00000071

The data race is actually harmless as this is just used for debugfs
statistics, as all other debug variables.

Annotate the debug variables as racy explicitly, since these variables
are known to be racy and harmless.

Signed-off-by: Breno Leitao <leitao@...ian.org>
---
Changelog:

v2:
	* Annotate all the debug variables instead of only
	  debug_objects_maxchain, as suggested by Thomas Gleixner
v1:
	* https://lore.kernel.org/all/20240509110612.768196-1-leitao@debian.org/
---
 lib/debugobjects.c | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/lib/debugobjects.c b/lib/debugobjects.c
index fb12a9bacd2f..7cea91e193a8 100644
--- a/lib/debugobjects.c
+++ b/lib/debugobjects.c
@@ -78,16 +78,17 @@ static bool			obj_freeing;
 /* The number of objs on the global free list */
 static int			obj_nr_tofree;
 
-static int			debug_objects_maxchain __read_mostly;
-static int __maybe_unused	debug_objects_maxchecked __read_mostly;
-static int			debug_objects_fixups __read_mostly;
-static int			debug_objects_warnings __read_mostly;
-static int			debug_objects_enabled __read_mostly
-				= CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT;
-static int			debug_objects_pool_size __read_mostly
-				= ODEBUG_POOL_SIZE;
-static int			debug_objects_pool_min_level __read_mostly
-				= ODEBUG_POOL_MIN_LEVEL;
+static int __data_racy			debug_objects_maxchain __read_mostly;
+static int __data_racy __maybe_unused	debug_objects_maxchecked __read_mostly;
+static int __data_racy			debug_objects_fixups __read_mostly;
+static int __data_racy			debug_objects_warnings __read_mostly;
+static int __data_racy			debug_objects_enabled __read_mostly
+					= CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT;
+static int __data_racy			debug_objects_pool_size __read_mostly
+					= ODEBUG_POOL_SIZE;
+static int __data_racy			debug_objects_pool_min_level __read_mostly
+					= ODEBUG_POOL_MIN_LEVEL;
+
 static const struct debug_obj_descr *descr_test  __read_mostly;
 static struct kmem_cache	*obj_cache __ro_after_init;
 
-- 
2.43.0


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ