korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-03 00:54:09 +08:00
Code Issues Packages Projects Releases Wiki Activity
355f074609
linux/net/9p
History
Marco Elver 355f074609 9p/trans_fd: Annotate data-racy writes to file::f_flags 
syzbot reported:

 | BUG: KCSAN: data-race in p9_fd_create / p9_fd_create
 |
 | read-write to 0xffff888130fb3d48 of 4 bytes by task 15599 on cpu 0:
 |  p9_fd_open net/9p/trans_fd.c:842 [inline]
 |  p9_fd_create+0x210/0x250 net/9p/trans_fd.c:1092
 |  p9_client_create+0x595/0xa70 net/9p/client.c:1010
 |  v9fs_session_init+0xf9/0xd90 fs/9p/v9fs.c:410
 |  v9fs_mount+0x69/0x630 fs/9p/vfs_super.c:123
 |  legacy_get_tree+0x74/0xd0 fs/fs_context.c:611
 |  vfs_get_tree+0x51/0x190 fs/super.c:1519
 |  do_new_mount+0x203/0x660 fs/namespace.c:3335
 |  path_mount+0x496/0xb30 fs/namespace.c:3662
 |  do_mount fs/namespace.c:3675 [inline]
 |  __do_sys_mount fs/namespace.c:3884 [inline]
 |  [...]
 |
 | read-write to 0xffff888130fb3d48 of 4 bytes by task 15563 on cpu 1:
 |  p9_fd_open net/9p/trans_fd.c:842 [inline]
 |  p9_fd_create+0x210/0x250 net/9p/trans_fd.c:1092
 |  p9_client_create+0x595/0xa70 net/9p/client.c:1010
 |  v9fs_session_init+0xf9/0xd90 fs/9p/v9fs.c:410
 |  v9fs_mount+0x69/0x630 fs/9p/vfs_super.c:123
 |  legacy_get_tree+0x74/0xd0 fs/fs_context.c:611
 |  vfs_get_tree+0x51/0x190 fs/super.c:1519
 |  do_new_mount+0x203/0x660 fs/namespace.c:3335
 |  path_mount+0x496/0xb30 fs/namespace.c:3662
 |  do_mount fs/namespace.c:3675 [inline]
 |  __do_sys_mount fs/namespace.c:3884 [inline]
 |  [...]
 |
 | value changed: 0x00008002 -> 0x00008802

Within p9_fd_open(), O_NONBLOCK is added to f_flags of the read and
write files. This may happen concurrently if e.g. mounting process
modifies the fd in another thread.

Mark the plain read-modify-writes as intentional data-races, with the
assumption that the result of executing the accesses concurrently will
always result in the same result despite the accesses themselves not
being atomic.

Reported-by: syzbot+e441aeeb422763cc5511@syzkaller.appspotmail.com
Signed-off-by: Marco Elver <elver@google.com>
Link: https://lore.kernel.org/r/ZO38mqkS0TYUlpFp@elver.google.com
Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>
Message-ID: <20231025103445.1248103-1-asmadeus@codewreck.org>
2023-10-26 07:05:42 +09:00
..
client.c 9p: remove dead stores (variable set again without being read) 2023-07-20 19:14:50 +00:00
error.c 9p: fix a bunch of checkpatch warnings 2021-11-04 21:04:25 +09:00
Kconfig 9p: Remove INET dependency 2023-05-04 21:46:57 +01:00
Makefile 9p/trans_fd: split into dedicated module 2022-01-10 09:58:30 +09:00
mod.c net/p9: load default transports 2022-01-10 10:00:09 +09:00
protocol.c net/9p: add p9_msg_buf_size() 2022-10-05 07:05:41 +09:00
protocol.h net/9p: add p9_msg_buf_size() 2022-10-05 07:05:41 +09:00
trans_common.c 9p: fix file headers 2021-11-03 17:45:04 +09:00
trans_common.h 9p: fix a bunch of checkpatch warnings 2021-11-04 21:04:25 +09:00
trans_fd.c 9p/trans_fd: Annotate data-racy writes to file::f_flags 2023-10-26 07:05:42 +09:00
trans_rdma.c 9p/rdma: unmap receive dma buffer in rdma_request()/post_recv() 2023-02-24 13:42:28 +00:00
trans_virtio.c 9p: virtio: skip incrementing unused variable 2023-07-20 19:14:50 +00:00
trans_xen.c 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition 2023-04-02 01:00:31 +00:00