mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-11-01 17:08:10 +00:00
Code Issues Releases Wiki Activity
linux-stable/lib
History
Marco Elver 84255fe86d debugobjects: Fix various data races 
[ Upstream commit 35fd7a637c ]

The counters obj_pool_free, and obj_nr_tofree, and the flag obj_freeing are
read locklessly outside the pool_lock critical sections. If read with plain
accesses, this would result in data races.

This is addressed as follows:

 * reads outside critical sections become READ_ONCE()s (pairing with
   WRITE_ONCE()s added);

 * writes become WRITE_ONCE()s (pairing with READ_ONCE()s added); since
   writes happen inside critical sections, only the write and not the read
   of RMWs needs to be atomic, thus WRITE_ONCE(var, var +/- X) is
   sufficient.

The data races were reported by KCSAN:

  BUG: KCSAN: data-race in __free_object / fill_pool

  write to 0xffffffff8beb04f8 of 4 bytes by interrupt on cpu 1:
   __free_object+0x1ee/0x8e0 lib/debugobjects.c:404
   __debug_check_no_obj_freed+0x199/0x330 lib/debugobjects.c:969
   debug_check_no_obj_freed+0x3c/0x44 lib/debugobjects.c:994
   slab_free_hook mm/slub.c:1422 [inline]

  read to 0xffffffff8beb04f8 of 4 bytes by task 1 on cpu 2:
   fill_pool+0x3d/0x520 lib/debugobjects.c:135
   __debug_object_init+0x3c/0x810 lib/debugobjects.c:536
   debug_object_init lib/debugobjects.c:591 [inline]
   debug_object_activate+0x228/0x320 lib/debugobjects.c:677
   debug_rcu_head_queue kernel/rcu/rcu.h:176 [inline]

  BUG: KCSAN: data-race in __debug_object_init / fill_pool

  read to 0xffffffff8beb04f8 of 4 bytes by task 10 on cpu 6:
   fill_pool+0x3d/0x520 lib/debugobjects.c:135
   __debug_object_init+0x3c/0x810 lib/debugobjects.c:536
   debug_object_init_on_stack+0x39/0x50 lib/debugobjects.c:606
   init_timer_on_stack_key kernel/time/timer.c:742 [inline]

  write to 0xffffffff8beb04f8 of 4 bytes by task 1 on cpu 3:
   alloc_object lib/debugobjects.c:258 [inline]
   __debug_object_init+0x717/0x810 lib/debugobjects.c:544
   debug_object_init lib/debugobjects.c:591 [inline]
   debug_object_activate+0x228/0x320 lib/debugobjects.c:677
   debug_rcu_head_queue kernel/rcu/rcu.h:176 [inline]

  BUG: KCSAN: data-race in free_obj_work / free_object

  read to 0xffffffff9140c190 of 4 bytes by task 10 on cpu 6:
   free_object+0x4b/0xd0 lib/debugobjects.c:426
   debug_object_free+0x190/0x210 lib/debugobjects.c:824
   destroy_timer_on_stack kernel/time/timer.c:749 [inline]

  write to 0xffffffff9140c190 of 4 bytes by task 93 on cpu 1:
   free_obj_work+0x24f/0x480 lib/debugobjects.c:313
   process_one_work+0x454/0x8d0 kernel/workqueue.c:2264
   worker_thread+0x9a/0x780 kernel/workqueue.c:2410

Reported-by: Qian Cai <cai@lca.pw>
Signed-off-by: Marco Elver <elver@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/r/20200116185529.11026-1-elver@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-02-24 08:36:52 +01:00
..
842
crypto
dim
fonts
livepatch
lz4
lzo lib/lzo/lzo1x_compress.c: fix alignment bug in lzo-rle 2019-09-25 17:51:41 -07:00
math
mpi
raid6 raid6/test: fix a compilation warning 2020-02-24 08:36:47 +01:00
reed_solomon
vdso lib/vdso: Make clock_getres() POSIX compliant again 2019-10-23 14:48:23 +02:00
xz lib/xz: fix XZ_DYNALLOC to avoid useless memory reallocations 2019-11-15 18:34:00 -08:00
zlib_deflate
zlib_inflate
zstd
.gitignore
argv_split.c
ashldi3.c
ashrdi3.c
asn1_decoder.c
assoc_array.c
atomic64.c
atomic64_test.c
audit.c
bcd.c
bch.c
bitmap.c
bitrev.c
bsearch.c
btree.c
bucket_locks.c
bug.c bug: move WARN_ON() "cut here" into exception handler 2019-09-25 17:51:41 -07:00
build_OID_registry
bust_spinlocks.c
chacha.c
check_signature.c
checksum.c
clz_ctz.c
clz_tab.c
cmdline.c
cmpdi2.c
compat_audit.c
cpu_rmap.c
cpumask.c
crc-ccitt.c
crc-itu-t.c
crc-t10dif.c
crc4.c
crc7.c
crc8.c
crc16.c
crc32.c
crc32defs.h
crc32test.c
crc64.c
ctype.c
debug_info.c
debug_locks.c
debugobjects.c debugobjects: Fix various data races 2020-02-24 08:36:52 +01:00
dec_and_lock.c
decompress.c
decompress_bunzip2.c
decompress_inflate.c
decompress_unlz4.c
decompress_unlzma.c
decompress_unlzo.c
decompress_unxz.c
devres.c
digsig.c
dump_stack.c dump_stack: avoid the livelock of the dump_lock 2019-11-06 08:47:50 -08:00
dynamic_debug.c
dynamic_queue_limits.c
earlycpio.c
error-inject.c
errseq.c
extable.c lib/extable.c: add missing prototypes 2019-09-25 17:51:39 -07:00
fault-inject.c
fdt.c
fdt_empty_tree.c
fdt_ro.c
fdt_rw.c
fdt_strerror.c
fdt_sw.c
fdt_wip.c
find_bit.c
find_bit_benchmark.c
flex_proportions.c
gen_crc32table.c
gen_crc64table.c
genalloc.c
generic-radix-tree.c lib/generic-radix-tree.c: add kmemleak annotations 2019-10-14 15:04:00 -07:00
glob.c
globtest.c
hexdump.c lib/hexdump: make print_hex_dump_bytes() a nop on !DEBUG builds 2019-09-25 17:51:39 -07:00
hweight.c
idr.c idr: Fix idr_get_next_ul race with idr_remove 2019-11-01 22:26:34 -04:00
inflate.c
interval_tree.c
interval_tree_test.c
iomap.c
iomap_copy.c
iommu-helper.c
ioremap.c
iov_iter.c mm: introduce page_size() 2019-09-24 15:54:08 -07:00
irq_poll.c
irq_regs.c
is_single_threaded.c
kasprintf.c
Kconfig lib: Remove select of inexistant GENERIC_IO 2019-11-10 10:38:43 -08:00
Kconfig.debug compiler: enable CONFIG_OPTIMIZE_INLINING forcibly 2019-09-25 17:51:40 -07:00
Kconfig.kasan kasan: add memory corruption identification for software tag-based mode 2019-09-24 15:54:07 -07:00
Kconfig.kgdb
Kconfig.ubsan
kfifo.c
klist.c
kobject.c
kobject_uevent.c
kstrtox.c
kstrtox.h
libcrc32c.c
list_debug.c
list_sort.c
llist.c
locking-selftest-hardirq.h
locking-selftest-mutex.h
locking-selftest-rlock-hardirq.h
locking-selftest-rlock-softirq.h
locking-selftest-rlock.h
locking-selftest-rsem.h
locking-selftest-rtmutex.h
locking-selftest-softirq.h
locking-selftest-spin-hardirq.h
locking-selftest-spin-softirq.h
locking-selftest-spin.h
locking-selftest-wlock-hardirq.h
locking-selftest-wlock-softirq.h
locking-selftest-wlock.h
locking-selftest-wsem.h
locking-selftest.c
lockref.c
logic_pio.c
lru_cache.c
lshrdi3.c
Makefile
memcat_p.c
memory-notifier-error-inject.c
memweight.c
muldi3.c
net_utils.c
netdev-notifier-error-inject.c
nlattr.c
nmi_backtrace.c
nodemask.c
notifier-error-inject.c
notifier-error-inject.h
objagg.c
of-reconfig-notifier-error-inject.c
oid_registry.c
once.c
packing.c
parman.c
parser.c
pci_iomap.c
percpu-refcount.c
percpu_counter.c
percpu_test.c
plist.c
pm-notifier-error-inject.c
radix-tree.c idr: Fix idr_alloc_u32 on 32-bit systems 2019-11-03 06:36:50 -05:00
random32.c
ratelimit.c
rbtree.c
rbtree_test.c augmented rbtree: add new RB_DECLARE_CALLBACKS_MAX macro 2019-09-25 17:51:39 -07:00
refcount.c
rhashtable.c
sbitmap.c sbitmap: only queue kyber's wait callback if not already active 2020-01-12 12:21:44 +01:00
scatterlist.c
seq_buf.c
sg_pool.c
sg_split.c
sha1.c
show_mem.c mm: remove quicklist page table caches 2019-09-24 15:54:09 -07:00
siphash.c
smp_processor_id.c
sort.c
stackdepot.c
stmp_device.c
string.c lib/string: Make memzero_explicit() inline instead of external 2019-10-08 13:27:05 +02:00
string_helpers.c
strncpy_from_user.c lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user() 2020-01-29 16:45:29 +01:00
strnlen_user.c lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user() 2020-01-29 16:45:29 +01:00
syscall.c
test-kstrtox.c
test-string_helpers.c
test_bitfield.c
test_bitmap.c
test_blackhole_dev.c
test_bpf.c
test_debug_virtual.c
test_firmware.c
test_hash.c
test_hexdump.c
test_ida.c
test_kasan.c lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more() 2020-02-11 04:35:14 -08:00
test_kmod.c
test_list_sort.c
test_memcat_p.c
test_meminit.c lib/test_meminit: add a kmem_cache_alloc_bulk() test 2019-10-14 15:04:01 -07:00
test_module.c
test_objagg.c
test_overflow.c
test_parman.c
test_printf.c
test_rhashtable.c
test_siphash.c
test_sort.c
test_stackinit.c
test_static_key_base.c
test_static_keys.c
test_string.c
test_strscpy.c
test_sysctl.c
test_ubsan.c
test_user_copy.c usercopy: Avoid soft lockups in test_check_nonzero_user() 2019-10-16 14:56:21 +02:00
test_uuid.c
test_vmalloc.c
test_xarray.c XArray: Fix xas_pause at ULONG_MAX 2020-02-05 21:22:47 +00:00
textsearch.c lib: textsearch: fix escapes in example code 2019-10-03 12:12:23 -04:00
timerqueue.c
ts_bm.c
ts_fsm.c
ts_kmp.c
ubsan.c lib/ubsan: don't serialize UBSAN report 2020-01-09 10:20:07 +01:00
ubsan.h
ucmpdi2.c
ucs2_string.c
usercopy.c lib: introduce copy_struct_from_user() helper 2019-10-01 15:45:03 +02:00
uuid.c
vsprintf.c
win_minmax.c
xarray.c XArray: Fix xas_pause at ULONG_MAX 2020-02-05 21:22:47 +00:00
xxhash.c