From: Baokun Li <libaokun1@huawei.com>
To: <viro@zeniv.linux.org.uk>, <linux-fsdevel@vger.kernel.org>,
<linux-kernel@vger.kernel.org>
Cc: <weiyongjun1@huawei.com>, <yuehaibing@huawei.com>,
<yangjihong1@huawei.com>, <yukuai3@huawei.com>,
<libaokun1@huawei.com>, "Hulk Robot" <hulkci@huawei.com>
Subject: [PATCH] poll: mark racy accesses on pwq->triggered
Date: Tue, 15 Jun 2021 22:08:57 +0800 [thread overview]
Message-ID: <20210615140857.3804405-1-libaokun1@huawei.com> (raw)
Fix data races to pwq->triggered by using READ_ONCE and WRITE_ONCE.
These accesses are expected to be racy per comment.
Original KCSAN report:
==================================================================
BUG: KCSAN: data-race in do_sys_poll / pollwake
write to 0xffffc90000883c70 of 4 bytes by task 9351 on cpu 1:
__pollwake fs/select.c:197 [inline]
pollwake+0xa7/0xf0 fs/select.c:217
__wake_up_common+0xbc/0x130 kernel/sched/wait.c:93
__wake_up_common_lock kernel/sched/wait.c:123 [inline]
__wake_up_sync_key+0x83/0xc0 kernel/sched/wait.c:190
pipe_write+0x88b/0xd20 fs/pipe.c:580
call_write_iter include/linux/fs.h:1903 [inline]
new_sync_write fs/read_write.c:518 [inline]
vfs_write+0x6d2/0x7c0 fs/read_write.c:605
ksys_write+0xce/0x180 fs/read_write.c:658
__do_sys_write fs/read_write.c:670 [inline]
__se_sys_write fs/read_write.c:667 [inline]
__x64_sys_write+0x3e/0x50 fs/read_write.c:667
do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
read to 0xffffc90000883c70 of 4 bytes by task 9353 on cpu 3:
poll_schedule_timeout fs/select.c:242 [inline]
do_poll fs/select.c:961 [inline]
do_sys_poll+0x940/0xb80 fs/select.c:1011
__do_sys_poll fs/select.c:1069 [inline]
__se_sys_poll+0xce/0x1c0 fs/select.c:1057
__x64_sys_poll+0x3f/0x50 fs/select.c:1057
do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Reported by Kernel Concurrency Sanitizer on:
CPU: 3 PID: 9353 Comm: scp Not tainted 5.10.0-rc5-csan #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
==================================================================
Reported-by: Hulk Robot <hulkci@huawei.com>
Fixes: 5f820f648c92a ("poll: allow f_op->poll to sleep")
Signed-off-by: Baokun Li <libaokun1@huawei.com>
---
fs/select.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/select.c b/fs/select.c
index 945896d0ac9e..e71b4d1a2606 100644
--- a/fs/select.c
+++ b/fs/select.c
@@ -194,7 +194,7 @@ static int __pollwake(wait_queue_entry_t *wait, unsigned mode, int sync, void *k
* and is paired with smp_store_mb() in poll_schedule_timeout.
*/
smp_wmb();
- pwq->triggered = 1;
+ WRITE_ONCE(pwq->triggered, 1);
/*
* Perform the default wake up operation using a dummy
@@ -239,7 +239,7 @@ static int poll_schedule_timeout(struct poll_wqueues *pwq, int state,
int rc = -EINTR;
set_current_state(state);
- if (!pwq->triggered)
+ if (!READ_ONCE(pwq->triggered))
rc = schedule_hrtimeout_range(expires, slack, HRTIMER_MODE_ABS);
__set_current_state(TASK_RUNNING);
--
2.31.1
reply other threads:[~2021-06-15 14:00 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210615140857.3804405-1-libaokun1@huawei.com \
--to=libaokun1@huawei.com \
--cc=hulkci@huawei.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
--cc=weiyongjun1@huawei.com \
--cc=yangjihong1@huawei.com \
--cc=yuehaibing@huawei.com \
--cc=yukuai3@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.