From patchwork Fri Feb 1 19:34:13 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marcelo Henrique Cerri X-Patchwork-Id: 1035078 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 43rnNp4q5Lz9s6w; Sat, 2 Feb 2019 06:34:34 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1gpea5-00014z-Qk; Fri, 01 Feb 2019 19:34:29 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1gpea1-00012Q-A8 for kernel-team@lists.ubuntu.com; Fri, 01 Feb 2019 19:34:25 +0000 Received: from mail-qk1-f198.google.com ([209.85.222.198]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1gpea1-0001kW-0O for kernel-team@lists.ubuntu.com; Fri, 01 Feb 2019 19:34:25 +0000 Received: by mail-qk1-f198.google.com with SMTP id x125so8176460qka.17 for ; Fri, 01 Feb 2019 11:34:24 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=l2mu3mQ9o4eWmNeYDau9tn/CPPFbyr+bQ3LwUJ2z9z0=; b=VbeEWlNuTMtaHH5g16rizuknd6a1ltnyCPHjd24rWo5b8+IgDBmyzKc1+ICywkLiXz qYHXLyic3v4QrC6/YRo69EbH06G+FlVy7zOe9ld9s/NXfAde3LHGgoDlBjsZ+vIe8Js5 15sMwXGB6CL4TrHIICcsQrS/mgfn4Dbkv9q7h8FZ5Dh7Gqh+CqPXeg6zXR/Xc7U1qUCn nIWMeR5J33xOlwqLFZcJp8DMDPFXQCOqTd2qzyKJMPlH/R5K0TFRTmXbpjJuyA2NGrS+ YrW8ZoU/xaeC6pyU8UN4h7go6M3OVqJcdcKF6HcBqPoPqDZu+jG4LgoBawgO7tmIWWbx ZOfA== X-Gm-Message-State: AHQUAubcHmZwvge7A/DlgyYhb4rMNcr812n5OWfKqUUC/FPGiYFhv55M xWYwi/AB8sm0+oNjijYSmNX05A8GlKDSz+EY5w4WD7wjV5lA8MqKguBg94EaRkbg3si/JHUvKcU 3KTXLccVR+8/qXuEBYyq3AcSP/h3GBJb1hfGHvnka X-Received: by 2002:a37:a9d3:: with SMTP id s202mr3136487qke.270.1549049663770; Fri, 01 Feb 2019 11:34:23 -0800 (PST) X-Google-Smtp-Source: AHgI3IbE6zRrHv0+dlrFQ7ByDuzsU51aoiwRh/hCzwzgh1Jz6hu5M2DdqUO7nJlZcbstM/ez0VWb8w== X-Received: by 2002:a37:a9d3:: with SMTP id s202mr3136471qke.270.1549049663512; Fri, 01 Feb 2019 11:34:23 -0800 (PST) Received: from gallifrey.lan ([189.61.208.219]) by smtp.gmail.com with ESMTPSA id q17sm9158489qtc.19.2019.02.01.11.34.21 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 01 Feb 2019 11:34:22 -0800 (PST) From: Marcelo Henrique Cerri To: kernel-team@lists.ubuntu.com Subject: [cosmic/linux-azure][PATCH] srcu: Lock srcu_data structure in srcu_gp_start() Date: Fri, 1 Feb 2019 17:34:13 -0200 Message-Id: <20190201193413.8028-4-marcelo.cerri@canonical.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190201193413.8028-1-marcelo.cerri@canonical.com> References: <20190201193413.8028-1-marcelo.cerri@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Dennis Krein BugLink: http://bugs.launchpad.net/bugs/1802021 The srcu_gp_start() function is called with the srcu_struct structure's ->lock held, but not with the srcu_data structure's ->lock. This is problematic because this function accesses and updates the srcu_data structure's ->srcu_cblist, which is protected by that lock. Failing to hold this lock can result in corruption of the SRCU callback lists, which in turn can result in arbitrarily bad results. This commit therefore makes srcu_gp_start() acquire the srcu_data structure's ->lock across the calls to rcu_segcblist_advance() and rcu_segcblist_accelerate(), thus preventing this corruption. Reported-by: Bart Van Assche Reported-by: Christoph Hellwig Reported-by: Sebastian Kuzminsky Signed-off-by: Dennis Krein Signed-off-by: Paul E. McKenney Tested-by: Dennis Krein Cc: # 4.16.x (cherry picked from commit eb4c2382272ae7ae5d81fdfa5b7a6c86146eaaa4) Signed-off-by: Marcelo Henrique Cerri --- kernel/rcu/srcutree.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/rcu/srcutree.c b/kernel/rcu/srcutree.c index d5cea81378cc..b3e5e9873582 100644 --- a/kernel/rcu/srcutree.c +++ b/kernel/rcu/srcutree.c @@ -441,10 +441,12 @@ static void srcu_gp_start(struct srcu_struct *sp) lockdep_assert_held(&sp->lock); WARN_ON_ONCE(ULONG_CMP_GE(sp->srcu_gp_seq, sp->srcu_gp_seq_needed)); + spin_lock_rcu_node(sdp); /* Interrupts already disabled. */ rcu_segcblist_advance(&sdp->srcu_cblist, rcu_seq_current(&sp->srcu_gp_seq)); (void)rcu_segcblist_accelerate(&sdp->srcu_cblist, rcu_seq_snap(&sp->srcu_gp_seq)); + spin_unlock_rcu_node(sdp); /* Interrupts remain disabled. */ smp_mb(); /* Order prior store to ->srcu_gp_seq_needed vs. GP start. */ rcu_seq_start(&sp->srcu_gp_seq); state = rcu_seq_state(READ_ONCE(sp->srcu_gp_seq));