lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <39fbceb9a794b7c412b17c4ac6c2dd285d1bd3e5.1726152335.git.mst@redhat.com>
Date: Thu, 12 Sep 2024 10:45:44 -0400
From: "Michael S. Tsirkin" <mst@...hat.com>
To: linux-kernel@...r.kernel.org
Cc: Marco Elver <elver@...gle.com>,
	syzbot+8a02104389c2e0ef5049@...kaller.appspotmail.com,
	Jason Wang <jasowang@...hat.com>,
	Xuan Zhuo <xuanzhuo@...ux.alibaba.com>,
	Eugenio PĂ©rez <eperezma@...hat.com>,
	virtualization@...ts.linux.dev
Subject: [PATCH] virtio_ring: tag event_triggered as racy for KCSAN

event_triggered is fundamentally racy. There are races of 2 types:
1. vq processing can read false value while interrupt
   triggered and set it to true.
   result will be a bit of extra work when disabling cbs, no big deal.

1. vq processing can set false value then interrupt
   immediately sets true value
   since interrupt then triggers a callback which will
   process buffers, this is also not an issue.

However, looks like KCSAN isn't smart enough to figure this out.
Tag the field __data_racy for now.
We should probably look at ways to make this more straight-forwardly
correct.

Cc: Marco Elver <elver@...gle.com>
Reported-by: syzbot+8a02104389c2e0ef5049@...kaller.appspotmail.com
Signed-off-by: Michael S. Tsirkin <mst@...hat.com>
---
 drivers/virtio/virtio_ring.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c
index be7309b1e860..724aa9c27c6b 100644
--- a/drivers/virtio/virtio_ring.c
+++ b/drivers/virtio/virtio_ring.c
@@ -194,7 +194,7 @@ struct vring_virtqueue {
 	u16 last_used_idx;
 
 	/* Hint for event idx: already triggered no need to disable. */
-	bool event_triggered;
+	bool __data_racy event_triggered;
 
 	union {
 		/* Available for split ring */
-- 
MST

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ