From patchwork Tue Dec 12 19:30:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mathieu Desnoyers X-Patchwork-Id: 177531 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:bcd1:0:b0:403:3b70:6f57 with SMTP id r17csp7954379vqy; Tue, 12 Dec 2023 11:31:09 -0800 (PST) X-Google-Smtp-Source: AGHT+IGVN+QuJ/yEsmo7lrF8OJimHIOKUedqhJWu7z/fTFr4VEfQbpiqTOdcJA5noVoK27uB+UgO X-Received: by 2002:a17:902:e88f:b0:1d0:6ffd:e2da with SMTP id w15-20020a170902e88f00b001d06ffde2damr7770262plg.116.1702409469309; Tue, 12 Dec 2023 11:31:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702409469; cv=none; d=google.com; s=arc-20160816; b=qMlilfLfKOILfRF2lcq0kIwwzLZlAsyOKaj3nFp+Lyss6XIQPgr3Ug6rwUFzX7qav/ Aqja3iQwJIgqcsg4kCTtdlqU9EJMv1QzZS+IydomEfYs2vEmoDLidyiWldvXntER6tvk COXYH4LU2TTXHATkDlK+uCfB1B3nUtnu2yyGENdwuxbDlfH8SkFS+kxJkjxOX+Qu23fc dE0QIHthG2otH2aUXR9eV2skhH+qsQvgzIQ+RpOsaqoEB92R3zPiM7pk4Un8FHamuKXa dW1GNunxvBeG1CrqDxqpWsXvPAVaxVeF1CfP8CtNB6cPhZn24i9MemOktA/R64pxWWGl jptg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=xack+fjW99l9NkYnTdmNhlGRBtRvk2a4U7Q8VQnRwIY=; fh=swEFr3N7o5ccg6p3NtRiiO/WVpY3DB85Xlxg6OZMFig=; b=CDlgikxhpmYd7O459+iPD37kLw0KvnAHn4lptZZUYzhNe00ccdVvS4RHC/aNZor4ZL 5jDYokuEtna4SjsUhvrlHpMMvv1ADs+9SGfkNGmShEzw25BCzAzTYHxJkzLQ8zAIs9k1 e7WrFHmxFJQDmflArsixNZDPc1JZoP++R+Sqi9WS4fYbbFQwIx1SmSREQbbXGyc5f8Td 9ELsYhHKH2ssxE6RMUBt/F6FqspFg0eC+2zwEjreCk6UZZtGsEgpi2wALr/gSnH1SSqn qrvwq3fxujqKm4DPuEIalnihxWJpS6cr0WwKp4FtUX8QTB9fVXvxnWZR8P/LcECH6D5k Robw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@efficios.com header.s=smtpout1 header.b=ZWoJVipT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=efficios.com Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2]) by mx.google.com with ESMTPS id q2-20020a170902dac200b001cfee4c128asi8702505plx.356.2023.12.12.11.31.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Dec 2023 11:31:09 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2; Authentication-Results: mx.google.com; dkim=pass header.i=@efficios.com header.s=smtpout1 header.b=ZWoJVipT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=efficios.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 4AAC6804C4B7; Tue, 12 Dec 2023 11:31:06 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1376765AbjLLTax (ORCPT + 99 others); Tue, 12 Dec 2023 14:30:53 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59548 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232488AbjLLTau (ORCPT ); Tue, 12 Dec 2023 14:30:50 -0500 Received: from smtpout.efficios.com (unknown [IPv6:2607:5300:203:b2ee::31e5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 365509B; Tue, 12 Dec 2023 11:30:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=efficios.com; s=smtpout1; t=1702409453; bh=JC9adTWZwBSZVelSEFs2mzk1j8rxdsp3rdKp4J6yU38=; h=From:To:Cc:Subject:Date:From; b=ZWoJVipTq1MIF0HapIaNLUU7o2LalgeTONDkP3Ud7TG+/QLgmYQTHuWwA/2ih/ixi 35ap4wQyoXdBSuyHfPstlXeD83mhuZatwL0bhGi1Sq7bEbbKSC3GGFGFjtqrJ+LF1z +tQ98gDpW7DZmiSGr5BX9G175h7r/6H6/SYUCi3Xdp2QYoAd32dV7g33Pyu2M0FEWs aCMOOPjpI0od3vTKk01tVvLdCqMDXKAs2hIwBtV64zBNN4OYIQnobYvrT1hISDlcvN 0Z3whjVSOjf0fXFenZHxFPoQvR/Za4jy7vECXByW/KDhvp9QdVbG0exzUwaRt3J6A1 faWFbhokkwZiQ== Received: from thinkos.internal.efficios.com (192-222-143-198.qc.cable.ebox.net [192.222.143.198]) by smtpout.efficios.com (Postfix) with ESMTPSA id 4SqTHJ6x6LzGKJ; Tue, 12 Dec 2023 14:30:52 -0500 (EST) From: Mathieu Desnoyers To: Steven Rostedt Cc: linux-kernel@vger.kernel.org, Mathieu Desnoyers , Masami Hiramatsu , linux-trace-kernel@vger.kernel.org Subject: [PATCH] ring-buffer: Fix 32-bit rb_time_read() race with rb_time_cmpxchg() Date: Tue, 12 Dec 2023 14:30:49 -0500 Message-Id: <20231212193049.680122-1-mathieu.desnoyers@efficios.com> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Tue, 12 Dec 2023 11:31:06 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785105711493052864 X-GMAIL-MSGID: 1785105711493052864 The following race can cause rb_time_read() to observe a corrupted time stamp: rb_time_cmpxchg() [...] if (!rb_time_read_cmpxchg(&t->msb, msb, msb2)) return false; if (!rb_time_read_cmpxchg(&t->top, top, top2)) return false; __rb_time_read() [...] do { c = local_read(&t->cnt); top = local_read(&t->top); bottom = local_read(&t->bottom); msb = local_read(&t->msb); } while (c != local_read(&t->cnt)); *cnt = rb_time_cnt(top); /* If top and msb counts don't match, this interrupted a write */ if (*cnt != rb_time_cnt(msb)) return false; ^ this check fails to catch that "bottom" is still not updated. So the old "bottom" value is returned, which is wrong. Fix this by checking that all three of msb, top, and bottom 2-bit cnt values match. The reason to favor checking all three fields over requiring a specific update order for both rb_time_set() and rb_time_cmpxchg() is because checking all three fields is more robust to handle partial failures of rb_time_cmpxchg() when interrupted by nested rb_time_set(). Link: https://lore.kernel.org/lkml/20231211201324.652870-1-mathieu.desnoyers@efficios.com/ Fixes: f458a1453424e ("ring-buffer: Test last update in 32bit version of __rb_time_read()") Signed-off-by: Mathieu Desnoyers Cc: Steven Rostedt Cc: Masami Hiramatsu Cc: linux-trace-kernel@vger.kernel.org --- kernel/trace/ring_buffer.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 8d2a4f00eca9..71c225ca2a2b 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -644,8 +644,8 @@ static inline bool __rb_time_read(rb_time_t *t, u64 *ret, unsigned long *cnt) *cnt = rb_time_cnt(top); - /* If top and msb counts don't match, this interrupted a write */ - if (*cnt != rb_time_cnt(msb)) + /* If top, msb or bottom counts don't match, this interrupted a write */ + if (*cnt != rb_time_cnt(msb) || *cnt != rb_time_cnt(bottom)) return false; /* The shift to msb will lose its cnt bits */