From: Will Deacon <will@kernel.org>
To: Anders Roxell <anders.roxell@linaro.org>
Cc: catalin.marinas@arm.com, mark.rutland@arm.com,
james.morse@arm.com, ebiederm@xmission.com, elver@google.com,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, arnd@arndb.de
Subject: Re: BUG: KCSAN: data-race in do_page_fault / spectre_v4_enable_task_mitigation
Date: Fri, 6 Jan 2023 17:38:15 +0000 [thread overview]
Message-ID: <20230106173814.GA5169@willie-the-truck> (raw)
In-Reply-To: <20221221145436.GF69385@mutt>
On Wed, Dec 21, 2022 at 03:54:36PM +0100, Anders Roxell wrote:
> Hey,
>
> I'm building an allmodconfig kernel on yesterdays linux-next (tag:
> next-20221220) and I see a
> "BUG: KCSAN: data-race in do_page_fault / spectre_v4_enable_task_mitigation"
> when I boot up in QEMU. I ran the output via
> scripts/decode_stacktrace.sh and this is what I see:
>
>
> [ 2105.261121][ T154] ==================================================================
> [ 2105.266067][ T154] BUG: KCSAN: data-race in do_page_fault / spectre_v4_enable_task_mitigation
> [ 2105.271577][ T154]
> [ 2105.273121][ T154] write to 0xffff8000210b3fb8 of 8 bytes by task 136 on cpu 0:
> [ 2105.277743][ T154] spectre_v4_enable_task_mitigation (/home/anders/src/kernel/next/arch/arm64/kernel/proton-pack.c:651 /home/anders/src/kernel/next/arch/arm64/kernel/proton-pack.c:664)
> [ 2105.281802][ T154] __switch_to (/home/anders/src/kernel/next/arch/arm64/kernel/process.c:459 /home/anders/src/kernel/next/arch/arm64/kernel/process.c:532)
> [ 2105.284670][ T154] __schedule (/home/anders/src/kernel/next/kernel/sched/core.c:5247 /home/anders/src/kernel/next/kernel/sched/core.c:6555)
> [ 2105.287555][ T154] preempt_schedule_irq (/home/anders/src/kernel/next/arch/arm64/include/asm/irqflags.h:70 /home/anders/src/kernel/next/arch/arm64/include/asm/irqflags.h:98 /home/anders/src/kernel/next/kernel/sched/core.c:6868)
> [ 2105.290857][ T154] arm64_preempt_schedule_irq (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:237)
> [ 2105.294433][ T154] el1_interrupt (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:476 /home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:486)
> [ 2105.297433][ T154] el1h_64_irq_handler (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:492)
> [ 2105.300718][ T154] el1h_64_irq (/home/anders/src/kernel/next/arch/arm64/kernel/entry.S:580)
> [ 2105.303497][ T154] arch_local_irq_restore (/home/anders/src/kernel/next/arch/arm64/include/asm/jump_label.h:21 /home/anders/src/kernel/next/arch/arm64/include/asm/irqflags.h:130)
> [ 2105.306750][ T154] fs_reclaim_acquire (/home/anders/src/kernel/next/mm/page_alloc.c:4691)
> [ 2105.310118][ T154] slab_pre_alloc_hook.constprop.0 (/home/anders/src/kernel/next/include/linux/sched/mm.h:272 /home/anders/src/kernel/next/mm/slab.h:720)
> [ 2105.313966][ T154] slab_alloc_node.isra.0 (/home/anders/src/kernel/next/mm/slub.c:3434)
> [ 2105.317343][ T154] __kmem_cache_alloc_lru (/home/anders/src/kernel/next/mm/slub.c:3469)
> [ 2105.320659][ T154] kmem_cache_alloc (/home/anders/src/kernel/next/mm/slub.c:3477)
> [ 2105.323673][ T154] getname_flags (/home/anders/src/kernel/next/fs/namei.c:139)
> [ 2105.326703][ T154] getname (/home/anders/src/kernel/next/fs/namei.c:218)
> [ 2105.329377][ T154] do_sys_openat2 (/home/anders/src/kernel/next/fs/open.c:1304)
> [ 2105.332352][ T154] __arm64_sys_openat (/home/anders/src/kernel/next/fs/open.c:1326)
> [ 2105.335573][ T154] el0_svc_common.constprop.0 (/home/anders/src/kernel/next/arch/arm64/kernel/syscall.c:38 /home/anders/src/kernel/next/arch/arm64/kernel/syscall.c:52 /home/anders/src/kernel/next/arch/arm64/kernel/syscall.c:142)
> [ 2105.339272][ T154] do_el0_svc (/home/anders/src/kernel/next/arch/arm64/kernel/syscall.c:197)
> [ 2105.342025][ T154] el0_svc (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:133 /home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:142 /home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:638)
> [ 2105.344687][ T154] el0t_64_sync_handler (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:656)
> [ 2105.348089][ T154] el0t_64_sync (/home/anders/src/kernel/next/arch/arm64/kernel/entry.S:584)
> [ 2105.350998][ T154]
> [ 2105.352567][ T154] read to 0xffff8000210b3fb8 of 8 bytes by task 154 on cpu 0:
> [ 2105.357117][ T154] do_page_fault (/home/anders/src/kernel/next/arch/arm64/mm/fault.c:517 /home/anders/src/kernel/next/arch/arm64/mm/fault.c:558)
> [ 2105.360110][ T154] do_translation_fault (/home/anders/src/kernel/next/arch/arm64/mm/fault.c:695)
> [ 2105.363400][ T154] do_mem_abort (/home/anders/src/kernel/next/arch/arm64/mm/fault.c:831)
> [ 2105.366400][ T154] el0_ia (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:133 /home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:142 /home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:534)
> [ 2105.369059][ T154] el0t_64_sync_handler (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:662)
> [ 2105.372445][ T154] el0t_64_sync (/home/anders/src/kernel/next/arch/arm64/kernel/entry.S:584)
> [ 2105.375404][ T154]
> [ 2105.376935][ T154] no locks held by systemd/154.
> [ 2105.379935][ T154] irq event stamp: 385
> [ 2105.382448][ T154] hardirqs last enabled at (385): local_daif_restore (/home/anders/src/kernel/next/arch/arm64/include/asm/daifflags.h:71 (discriminator 1))
> [ 2105.388413][ T154] hardirqs last disabled at (384): el0t_64_sync_handler (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:662)
> [ 2105.394436][ T154] softirqs last enabled at (352): fpsimd_restore_current_state (/home/anders/src/kernel/next/arch/arm64/kernel/fpsimd.c:264 /home/anders/src/kernel/next/arch/arm64/kernel/fpsimd.c:1780)
> [ 2105.400932][ T154] softirqs last disabled at (350): fpsimd_restore_current_state (/home/anders/src/kernel/next/include/linux/bottom_half.h:20 /home/anders/src/kernel/next/arch/arm64/kernel/fpsimd.c:242 /home/anders/src/kernel/next/arch/arm64/kernel/fpsimd.c:1773)
> [ 2105.407394][ T154]
> [ 2105.408909][ T154] value changed: 0x0000000060000000 -> 0x0000000060001000
> [ 2105.413225][ T154]
> [ 2105.414746][ T154] Reported by Kernel Concurrency Sanitizer on:
> [ 2105.426169][ T154] Hardware name: linux,dummy-virt (DT)
> [ 2105.429528][ T154] ==================================================================
>
>
> The prctl case, which only gets called on 'current'. However, assuming
> the kernel could be preempted while accessing current->pt_regs->pstate,
> and then it races against the task switch.
>
> Any idea what happens and how to fix it?
I can't quite decipher this against mainline, as the line numbers above in
do_page_fault() seem to correlate with reads of the esr, which is either
a register or a stack read. I also think everything in the stacktraces
is running in the context of 'current', so I can't see how we could really
race here.
:/
Will
WARNING: multiple messages have this Message-ID (diff)
From: Will Deacon <will@kernel.org>
To: Anders Roxell <anders.roxell@linaro.org>
Cc: catalin.marinas@arm.com, mark.rutland@arm.com,
james.morse@arm.com, ebiederm@xmission.com, elver@google.com,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, arnd@arndb.de
Subject: Re: BUG: KCSAN: data-race in do_page_fault / spectre_v4_enable_task_mitigation
Date: Fri, 6 Jan 2023 17:38:15 +0000 [thread overview]
Message-ID: <20230106173814.GA5169@willie-the-truck> (raw)
In-Reply-To: <20221221145436.GF69385@mutt>
On Wed, Dec 21, 2022 at 03:54:36PM +0100, Anders Roxell wrote:
> Hey,
>
> I'm building an allmodconfig kernel on yesterdays linux-next (tag:
> next-20221220) and I see a
> "BUG: KCSAN: data-race in do_page_fault / spectre_v4_enable_task_mitigation"
> when I boot up in QEMU. I ran the output via
> scripts/decode_stacktrace.sh and this is what I see:
>
>
> [ 2105.261121][ T154] ==================================================================
> [ 2105.266067][ T154] BUG: KCSAN: data-race in do_page_fault / spectre_v4_enable_task_mitigation
> [ 2105.271577][ T154]
> [ 2105.273121][ T154] write to 0xffff8000210b3fb8 of 8 bytes by task 136 on cpu 0:
> [ 2105.277743][ T154] spectre_v4_enable_task_mitigation (/home/anders/src/kernel/next/arch/arm64/kernel/proton-pack.c:651 /home/anders/src/kernel/next/arch/arm64/kernel/proton-pack.c:664)
> [ 2105.281802][ T154] __switch_to (/home/anders/src/kernel/next/arch/arm64/kernel/process.c:459 /home/anders/src/kernel/next/arch/arm64/kernel/process.c:532)
> [ 2105.284670][ T154] __schedule (/home/anders/src/kernel/next/kernel/sched/core.c:5247 /home/anders/src/kernel/next/kernel/sched/core.c:6555)
> [ 2105.287555][ T154] preempt_schedule_irq (/home/anders/src/kernel/next/arch/arm64/include/asm/irqflags.h:70 /home/anders/src/kernel/next/arch/arm64/include/asm/irqflags.h:98 /home/anders/src/kernel/next/kernel/sched/core.c:6868)
> [ 2105.290857][ T154] arm64_preempt_schedule_irq (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:237)
> [ 2105.294433][ T154] el1_interrupt (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:476 /home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:486)
> [ 2105.297433][ T154] el1h_64_irq_handler (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:492)
> [ 2105.300718][ T154] el1h_64_irq (/home/anders/src/kernel/next/arch/arm64/kernel/entry.S:580)
> [ 2105.303497][ T154] arch_local_irq_restore (/home/anders/src/kernel/next/arch/arm64/include/asm/jump_label.h:21 /home/anders/src/kernel/next/arch/arm64/include/asm/irqflags.h:130)
> [ 2105.306750][ T154] fs_reclaim_acquire (/home/anders/src/kernel/next/mm/page_alloc.c:4691)
> [ 2105.310118][ T154] slab_pre_alloc_hook.constprop.0 (/home/anders/src/kernel/next/include/linux/sched/mm.h:272 /home/anders/src/kernel/next/mm/slab.h:720)
> [ 2105.313966][ T154] slab_alloc_node.isra.0 (/home/anders/src/kernel/next/mm/slub.c:3434)
> [ 2105.317343][ T154] __kmem_cache_alloc_lru (/home/anders/src/kernel/next/mm/slub.c:3469)
> [ 2105.320659][ T154] kmem_cache_alloc (/home/anders/src/kernel/next/mm/slub.c:3477)
> [ 2105.323673][ T154] getname_flags (/home/anders/src/kernel/next/fs/namei.c:139)
> [ 2105.326703][ T154] getname (/home/anders/src/kernel/next/fs/namei.c:218)
> [ 2105.329377][ T154] do_sys_openat2 (/home/anders/src/kernel/next/fs/open.c:1304)
> [ 2105.332352][ T154] __arm64_sys_openat (/home/anders/src/kernel/next/fs/open.c:1326)
> [ 2105.335573][ T154] el0_svc_common.constprop.0 (/home/anders/src/kernel/next/arch/arm64/kernel/syscall.c:38 /home/anders/src/kernel/next/arch/arm64/kernel/syscall.c:52 /home/anders/src/kernel/next/arch/arm64/kernel/syscall.c:142)
> [ 2105.339272][ T154] do_el0_svc (/home/anders/src/kernel/next/arch/arm64/kernel/syscall.c:197)
> [ 2105.342025][ T154] el0_svc (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:133 /home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:142 /home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:638)
> [ 2105.344687][ T154] el0t_64_sync_handler (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:656)
> [ 2105.348089][ T154] el0t_64_sync (/home/anders/src/kernel/next/arch/arm64/kernel/entry.S:584)
> [ 2105.350998][ T154]
> [ 2105.352567][ T154] read to 0xffff8000210b3fb8 of 8 bytes by task 154 on cpu 0:
> [ 2105.357117][ T154] do_page_fault (/home/anders/src/kernel/next/arch/arm64/mm/fault.c:517 /home/anders/src/kernel/next/arch/arm64/mm/fault.c:558)
> [ 2105.360110][ T154] do_translation_fault (/home/anders/src/kernel/next/arch/arm64/mm/fault.c:695)
> [ 2105.363400][ T154] do_mem_abort (/home/anders/src/kernel/next/arch/arm64/mm/fault.c:831)
> [ 2105.366400][ T154] el0_ia (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:133 /home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:142 /home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:534)
> [ 2105.369059][ T154] el0t_64_sync_handler (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:662)
> [ 2105.372445][ T154] el0t_64_sync (/home/anders/src/kernel/next/arch/arm64/kernel/entry.S:584)
> [ 2105.375404][ T154]
> [ 2105.376935][ T154] no locks held by systemd/154.
> [ 2105.379935][ T154] irq event stamp: 385
> [ 2105.382448][ T154] hardirqs last enabled at (385): local_daif_restore (/home/anders/src/kernel/next/arch/arm64/include/asm/daifflags.h:71 (discriminator 1))
> [ 2105.388413][ T154] hardirqs last disabled at (384): el0t_64_sync_handler (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:662)
> [ 2105.394436][ T154] softirqs last enabled at (352): fpsimd_restore_current_state (/home/anders/src/kernel/next/arch/arm64/kernel/fpsimd.c:264 /home/anders/src/kernel/next/arch/arm64/kernel/fpsimd.c:1780)
> [ 2105.400932][ T154] softirqs last disabled at (350): fpsimd_restore_current_state (/home/anders/src/kernel/next/include/linux/bottom_half.h:20 /home/anders/src/kernel/next/arch/arm64/kernel/fpsimd.c:242 /home/anders/src/kernel/next/arch/arm64/kernel/fpsimd.c:1773)
> [ 2105.407394][ T154]
> [ 2105.408909][ T154] value changed: 0x0000000060000000 -> 0x0000000060001000
> [ 2105.413225][ T154]
> [ 2105.414746][ T154] Reported by Kernel Concurrency Sanitizer on:
> [ 2105.426169][ T154] Hardware name: linux,dummy-virt (DT)
> [ 2105.429528][ T154] ==================================================================
>
>
> The prctl case, which only gets called on 'current'. However, assuming
> the kernel could be preempted while accessing current->pt_regs->pstate,
> and then it races against the task switch.
>
> Any idea what happens and how to fix it?
I can't quite decipher this against mainline, as the line numbers above in
do_page_fault() seem to correlate with reads of the esr, which is either
a register or a stack read. I also think everything in the stacktraces
is running in the context of 'current', so I can't see how we could really
race here.
:/
Will
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2023-01-06 17:38 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-21 14:54 BUG: KCSAN: data-race in do_page_fault / spectre_v4_enable_task_mitigation Anders Roxell
2022-12-21 14:54 ` Anders Roxell
2023-01-06 17:38 ` Will Deacon [this message]
2023-01-06 17:38 ` Will Deacon
-- strict thread matches above, loose matches on Subject: below --
2022-12-15 7:32 Naresh Kamboju
2022-12-15 8:32 ` Marco Elver
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230106173814.GA5169@willie-the-truck \
--to=will@kernel.org \
--cc=anders.roxell@linaro.org \
--cc=arnd@arndb.de \
--cc=catalin.marinas@arm.com \
--cc=ebiederm@xmission.com \
--cc=elver@google.com \
--cc=james.morse@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.