[for-linus,13/15] ring-buffer: Fix 32-bit rb_time_read() race with rb_time_cmpxchg()
| Message ID | 20231216042245.415755764@goodmis.org |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel+bounces-2056-ouuuleilei=gmail.com@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:7300:24d3:b0:fb:cd0c:d3e with SMTP id r19csp30625dyi;
Fri, 15 Dec 2023 20:25:38 -0800 (PST)
X-Google-Smtp-Source:
AGHT+IEV9K+6rfxAYPonGR4aYfcrNlDcDbdi+Hbcdhhdu48VA7O4oPIsHf90gw4FiUuGv5cyfR/d
X-Received: by 2002:a05:620a:22c1:b0:77f:26:18fd with SMTP id
o1-20020a05620a22c100b0077f002618fdmr13112526qki.6.1702700738790;
Fri, 15 Dec 2023 20:25:38 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1702700738; cv=none;
d=google.com; s=arc-20160816;
b=DBGJnGdowRCl7ez5GBDygZr+6lvF7DJYppdLJ1QvLjnsdmM/sh6/J3eGa2o9gSGHGz
5huQ0VKaRBvRbKu3KVqxA9n4NFh0TchBbjzxEeJchtHhGFOA/CcKR3GxTEyBsrF6XJaZ
xzypJI87VrAtvWYpVMq9TbP5BW2Pnz3/OtIPkP0WEBuXg2wXaXS8rIAIVQ6NHhTvZ+9o
2GtY7fa97h8CBpt7QGF2FxAtW0RPAgA8e817Yf8rDTR7vKzXicVfzrdKBlC0BRx+Ll3Z
GV7qDXUtSJ1LJwH+9MnW/GwFSpacK9QvCEzeqgNiQCaCq45E2XCL+X45M+D+/LfDJjLO
mGxg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=mime-version:list-unsubscribe:list-subscribe:list-id:precedence
:references:subject:cc:to:from:date:user-agent:message-id;
bh=5Bo0lovkUOr3TbYahxU5Ri+BxAPVcaqm6Z1QP6CmUno=;
fh=mTYg3JJ8i2GBNLFt8qb4bgYwOyk0kmrOzICLbi6qJ1c=;
b=y3D/PfIVNkQATcV5X+Pnd7xZr2spdg7Rpt5PPmFrwQp56qqFoVmhgawlzBzUb8EwXc
MDosb8A6j+jKz1zzRYQ4UenrvoV3RyeVD5MbOuZqis4yZzNzMy5EBTivuuGKC+/PxPVf
iFrGmLikvD9xJrGdH8PrnV6a2jmlscPB+ohlwCscyI258W7Xy9qY4kgXZW5qJqPQTHpY
+JMG+EkaDrAPdrWz1kC+bIVZT3YzXAeu3wDOPHIUWsaJ0rvKIPKeQY1dEilG8Tw8nXDk
9MFfT9xgLkES5HDnMIPH/ChRg4vUcNefKri+OKVOYgUL7TxRJehcxZjnlbcgR7q0dG/a
nP+A==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of
linux-kernel+bounces-2056-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:45d1:ec00::1 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-2056-ouuuleilei=gmail.com@vger.kernel.org"
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org.
[2604:1380:45d1:ec00::1])
by mx.google.com with ESMTPS id
bn34-20020a05620a2ae200b0077f4e80e131si18172981qkb.692.2023.12.15.20.25.38
for <ouuuleilei@gmail.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Fri, 15 Dec 2023 20:25:38 -0800 (PST)
Received-SPF: pass (google.com: domain of
linux-kernel+bounces-2056-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of
linux-kernel+bounces-2056-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:45d1:ec00::1 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-2056-ouuuleilei=gmail.com@vger.kernel.org"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
[52.25.139.140])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ny.mirrors.kernel.org (Postfix) with ESMTPS id 8EBA81C24618
for <ouuuleilei@gmail.com>; Sat, 16 Dec 2023 04:25:38 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
by smtp.subspace.kernel.org (Postfix) with ESMTP id 568D8341BD;
Sat, 16 Dec 2023 04:21:56 +0000 (UTC)
X-Original-To: linux-kernel@vger.kernel.org
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
[10.30.226.201])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id AED5B1E493
for <linux-kernel@vger.kernel.org>; Sat, 16 Dec 2023 04:21:54 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8D64DC433CA;
Sat, 16 Dec 2023 04:21:54 +0000 (UTC)
Received: from rostedt by gandalf with local (Exim 4.97)
(envelope-from <rostedt@goodmis.org>)
id 1rEMCL-00000002yGk-2eXm;
Fri, 15 Dec 2023 23:22:45 -0500
Message-ID: <20231216042245.415755764@goodmis.org>
User-Agent: quilt/0.67
Date: Fri, 15 Dec 2023 23:22:27 -0500
From: Steven Rostedt <rostedt@goodmis.org>
To: linux-kernel@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>,
Mark Rutland <mark.rutland@arm.com>,
Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
Andrew Morton <akpm@linux-foundation.org>
Subject: [for-linus][PATCH 13/15] ring-buffer: Fix 32-bit rb_time_read() race
with rb_time_cmpxchg()
References: <20231216042214.905262999@goodmis.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1785411129822974756
X-GMAIL-MSGID: 1785411129822974756
|
| Series |
tracing: Fixes for 6.7-rc5
|
|
Commit Message
Steven Rostedt
Dec. 16, 2023, 4:22 a.m. UTC
From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> The following race can cause rb_time_read() to observe a corrupted time stamp: rb_time_cmpxchg() [...] if (!rb_time_read_cmpxchg(&t->msb, msb, msb2)) return false; if (!rb_time_read_cmpxchg(&t->top, top, top2)) return false; <interrupted before updating bottom> __rb_time_read() [...] do { c = local_read(&t->cnt); top = local_read(&t->top); bottom = local_read(&t->bottom); msb = local_read(&t->msb); } while (c != local_read(&t->cnt)); *cnt = rb_time_cnt(top); /* If top and msb counts don't match, this interrupted a write */ if (*cnt != rb_time_cnt(msb)) return false; ^ this check fails to catch that "bottom" is still not updated. So the old "bottom" value is returned, which is wrong. Fix this by checking that all three of msb, top, and bottom 2-bit cnt values match. The reason to favor checking all three fields over requiring a specific update order for both rb_time_set() and rb_time_cmpxchg() is because checking all three fields is more robust to handle partial failures of rb_time_cmpxchg() when interrupted by nested rb_time_set(). Link: https://lore.kernel.org/lkml/20231211201324.652870-1-mathieu.desnoyers@efficios.com/ Link: https://lore.kernel.org/linux-trace-kernel/20231212193049.680122-1-mathieu.desnoyers@efficios.com Fixes: f458a1453424e ("ring-buffer: Test last update in 32bit version of __rb_time_read()") Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> --- kernel/trace/ring_buffer.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index b8ab0557bd1b..f22a849da179 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -644,8 +644,8 @@ static inline bool __rb_time_read(rb_time_t *t, u64 *ret, unsigned long *cnt) *cnt = rb_time_cnt(top); - /* If top and msb counts don't match, this interrupted a write */ - if (*cnt != rb_time_cnt(msb)) + /* If top, msb or bottom counts don't match, this interrupted a write */ + if (*cnt != rb_time_cnt(msb) || *cnt != rb_time_cnt(bottom)) return false; /* The shift to msb will lose its cnt bits */