lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <65bfe6b1-3bfa-469d-aada-8e79d1101d5d@paulmck-laptop>
Date: Wed, 6 Nov 2024 12:18:25 -0800
From: "Paul E. McKenney" <paulmck@...nel.org>
To: Zilin Guan <zilinguan811@...il.com>
Cc: frederic@...nel.org, neeraj.upadhyay@...nel.org, joel@...lfernandes.org,
	josh@...htriplett.org, boqun.feng@...il.com, urezki@...il.com,
	rostedt@...dmis.org, mathieu.desnoyers@...icios.com,
	jiangshanlai@...il.com, qiang.zhang1211@...il.com,
	rcu@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] rcu: Use READ_ONCE() for rdp->gpwrap access in
 __note_gp_changes()

On Mon, Nov 04, 2024 at 03:12:30PM +0000, Zilin Guan wrote:
> In function __note_gp_changes(), rdp->gpwrap is read using READ_ONCE()
> in line 1307:
> 
> 1307    if (IS_ENABLED(CONFIG_PROVE_RCU) && READ_ONCE(rdp->gpwrap))
> 1308            WRITE_ONCE(rdp->last_sched_clock, jiffies);
> 
> while read directly in line 1305:
> 
> 1305    if (ULONG_CMP_LT(rdp->gp_seq_needed, rnp->gp_seq_needed) ||
> 	    rdp->gpwrap)
> 1306            WRITE_ONCE(rdp->gp_seq_needed, rnp->gp_seq_needed);
> 
> In the same environment, reads in two places should have the same
> protection.
> 
> Signed-off-by: Zilin Guan <zilinguan811@...il.com>

Good eyes!!!

But did you find this with KCSAN, or by visual inspection?

The reason that I ask is that the __note_gp_changes() should be
invoked with the leaf rnp->lock held, which should exclude writes to
the rdp->gpwrap fields for all CPUs corresponding to that leaf rcu_node
structure.

Note the raw_lockdep_assert_held_rcu_node(rnp) call at the beginning of
this function.

So I believe that the proper fix is to *remove* READ_ONCE() from accesses
to rdp->gpwrap in this function.

Or am I missing something here?

							Thanx, Paul

> ---
>  kernel/rcu/tree.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c
> index b1f883fcd918..d3e2b420dce5 100644
> --- a/kernel/rcu/tree.c
> +++ b/kernel/rcu/tree.c
> @@ -1302,7 +1302,7 @@ static bool __note_gp_changes(struct rcu_node *rnp, struct rcu_data *rdp)
>  		zero_cpu_stall_ticks(rdp);
>  	}
>  	rdp->gp_seq = rnp->gp_seq;  /* Remember new grace-period state. */
> -	if (ULONG_CMP_LT(rdp->gp_seq_needed, rnp->gp_seq_needed) || rdp->gpwrap)
> +	if (ULONG_CMP_LT(rdp->gp_seq_needed, rnp->gp_seq_needed) || READ_ONCE(rdp->gpwrap))
>  		WRITE_ONCE(rdp->gp_seq_needed, rnp->gp_seq_needed);
>  	if (IS_ENABLED(CONFIG_PROVE_RCU) && READ_ONCE(rdp->gpwrap))
>  		WRITE_ONCE(rdp->last_sched_clock, jiffies);
> -- 
> 2.34.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ