Re: [PATCH] list: Fix another data-race around ep->rdllist.

From: Davidlohr Bueso
Date: Sun Mar 27 2022 - 13:15:45 EST

Next message: Marco Elver: "Re: [PATCH 2/2] mm: kfence: fix objcgs vector allocation"
Previous message: kernel test robot: "drivers/gpu/drm/gma500/intel_bios.c:547:42: sparse: sparse: incorrect type in argument 1 (different address spaces)"
In reply to: Soheil Hassas Yeganeh: "Re: [PATCH] list: Fix another data-race around ep->rdllist."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 26 Mar 2022, Kuniyuki Iwashima wrote:

syzbot had reported another race around ep->rdllist. ep_poll() calls
list_empty_careful() locklessly to check if the list is empty or not
by testing rdllist->prev == rdllist->next.

When the list does not have any nodes, the next and prev arguments of
__list_add() is the same head pointer. Thus the write to head->prev
there is racy with lockless list_empty_careful() and needs WRITE_ONCE()
to avoid store-tearing.

Note that the reader side is already fixed in the patch [0].

[0]: https://lore.kernel.org/mm-commits/20220326031647.DD24EC004DD@xxxxxxxxxxxxxxx/

BUG: KCSAN: data-race in do_epoll_ctl / do_epoll_wait

I think this needs to be part of the same list-fix-a-data-race-around-ep-rdllist.patch

Thanks,
Davidlohr

Next message: Marco Elver: "Re: [PATCH 2/2] mm: kfence: fix objcgs vector allocation"
Previous message: kernel test robot: "drivers/gpu/drm/gma500/intel_bios.c:547:42: sparse: sparse: incorrect type in argument 1 (different address spaces)"
In reply to: Soheil Hassas Yeganeh: "Re: [PATCH] list: Fix another data-race around ep->rdllist."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]