Re: [PATCH 1/2] pipe: Make poll_usage boolean and annotate its access.

From: Marco Elver <elver@google.com>
To: Kuniyuki Iwashima <kuniyu@amazon.co.jp>
Cc: Al Viro <viro@zeniv.linux.org.uk>,
	Andrew Morton <akpm@linux-foundation.org>,
	Kuniyuki Iwashima <kuni1840@gmail.com>,
	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
	Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH 1/2] pipe: Make poll_usage boolean and annotate its access.
Date: Tue, 29 Mar 2022 19:03:20 +0200	[thread overview]
Message-ID: <YkM72JuG0mEoaGoE@elver.google.com> (raw)
In-Reply-To: <20220322002653.33865-2-kuniyu@amazon.co.jp>

On Tue, Mar 22, 2022 at 09:26AM +0900, Kuniyuki Iwashima wrote:
> pipe_poll() runs locklessly and assigns 1 to poll_usage.  Once poll_usage
> is set to 1, it never changes in other places.  However, concurrent writes
> of a value trigger KCSAN, so let's make KCSAN happy.
> 
> BUG: KCSAN: data-race in pipe_poll / pipe_poll
> 
> write to 0xffff8880042f6678 of 4 bytes by task 174 on cpu 3:
>  pipe_poll (fs/pipe.c:656)
>  ep_item_poll.isra.0 (./include/linux/poll.h:88 fs/eventpoll.c:853)
>  do_epoll_wait (fs/eventpoll.c:1692 fs/eventpoll.c:1806 fs/eventpoll.c:2234)
>  __x64_sys_epoll_wait (fs/eventpoll.c:2246 fs/eventpoll.c:2241 fs/eventpoll.c:2241)
>  do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
>  entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:113)
> 
> write to 0xffff8880042f6678 of 4 bytes by task 177 on cpu 1:
>  pipe_poll (fs/pipe.c:656)
>  ep_item_poll.isra.0 (./include/linux/poll.h:88 fs/eventpoll.c:853)
>  do_epoll_wait (fs/eventpoll.c:1692 fs/eventpoll.c:1806 fs/eventpoll.c:2234)
>  __x64_sys_epoll_wait (fs/eventpoll.c:2246 fs/eventpoll.c:2241 fs/eventpoll.c:2241)
>  do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
>  entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:113)
> 
> Reported by Kernel Concurrency Sanitizer on:
> CPU: 1 PID: 177 Comm: epoll_race Not tainted 5.17.0-58927-gf443e374ae13 #6
> Hardware name: Red Hat KVM, BIOS 1.11.0-2.amzn2 04/01/2014
> 
> Fixes: 3b844826b6c6 ("pipe: avoid unnecessary EPOLLET wakeups under normal loads")
> Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.co.jp>
> ---
> CC: Linus Torvalds <torvalds@linux-foundation.org>
> 
> Note that the message is false positive for now, so the Fixes tag might not
> be necessary.
> ---
>  fs/pipe.c                 | 2 +-
>  include/linux/pipe_fs_i.h | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/pipe.c b/fs/pipe.c
> index 9648ac151..e9f8290f8 100644
> --- a/fs/pipe.c
> +++ b/fs/pipe.c
> @@ -653,7 +653,7 @@ pipe_poll(struct file *filp, poll_table *wait)
>  	unsigned int head, tail;
>  
>  	/* Epoll has some historical nasty semantics, this enables them */
> -	pipe->poll_usage = 1;
> +	WRITE_ONCE(pipe->poll_usage, true);

This reminds me of [1] (look for "idempotent write").

I'm not sure what KCSAN config you're using, but it looks like it's not
a default config (you seem to have KCSAN_REPORT_VALUE_CHANGE_ONLY off).
My guess is you can't see this data race with the default config, which
was a choice made from discussion in [1].

[1] https://lore.kernel.org/linux-fsdevel/CAHk-=wh_-1pj0vsAHiHf_FVardKkN7AZGX73QwGpViMyF7_mvQ@mail.gmail.com/T/

It's your choice to change the default of course, but if the report/fix
is picked up is anyone's guess (if you are not the code's maintainer).

Also see https://lwn.net/Articles/816854/

Thanks,

--Marco