Eric Dumazet 00b13445f9 rcu: Avoid data-race in rcu_gp_fqs_check_wake() ... commit 6935c3983b246d5fbfebd3b891c825e65c118f2d upstream. The rcu_gp_fqs_check_wake() function uses rcu_preempt_blocked_readers_cgp() to read ->gp_tasks while other cpus might overwrite this field. We need READ_ONCE()/WRITE_ONCE() pairs to avoid compiler tricks and KCSAN splats like the following : BUG: KCSAN: data-race in rcu_gp_fqs_check_wake / rcu_preempt_deferred_qs_irqrestore write to 0xffffffff85a7f190 of 8 bytes by task 7317 on cpu 0: rcu_preempt_deferred_qs_irqrestore+0x43d/0x580 kernel/rcu/tree_plugin.h:507 rcu_read_unlock_special+0xec/0x370 kernel/rcu/tree_plugin.h:659 __rcu_read_unlock+0xcf/0xe0 kernel/rcu/tree_plugin.h:394 rcu_read_unlock include/linux/rcupdate.h:645 [inline] __ip_queue_xmit+0x3b0/0xa40 net/ipv4/ip_output.c:533 ip_queue_xmit+0x45/0x60 include/net/ip.h:236 __tcp_transmit_skb+0xdeb/0x1cd0 net/ipv4/tcp_output.c:1158 __tcp_send_ack+0x246/0x300 net/ipv4/tcp_output.c:3685 tcp_send_ack+0x34/0x40 net/ipv4/tcp_output.c:3691 tcp_cleanup_rbuf+0x130/0x360 net/ipv4/tcp.c:1575 tcp_recvmsg+0x633/0x1a30 net/ipv4/tcp.c:2179 inet_recvmsg+0xbb/0x250 net/ipv4/af_inet.c:838 sock_recvmsg_nosec net/socket.c:871 [inline] sock_recvmsg net/socket.c:889 [inline] sock_recvmsg+0x92/0xb0 net/socket.c:885 sock_read_iter+0x15f/0x1e0 net/socket.c:967 call_read_iter include/linux/fs.h:1864 [inline] new_sync_read+0x389/0x4f0 fs/read_write.c:414 read to 0xffffffff85a7f190 of 8 bytes by task 10 on cpu 1: rcu_gp_fqs_check_wake kernel/rcu/tree.c:1556 [inline] rcu_gp_fqs_check_wake+0x93/0xd0 kernel/rcu/tree.c:1546 rcu_gp_fqs_loop+0x36c/0x580 kernel/rcu/tree.c:1611 rcu_gp_kthread+0x143/0x220 kernel/rcu/tree.c:1768 kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 10 Comm: rcu_preempt Not tainted 5.3.0+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: syzbot <syzkaller@googlegroups.com> [ paulmck: Added another READ_ONCE() for RCU CPU stall warnings. ] Signed-off-by: Paul E. McKenney <paulmck@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2020-02-11 04:33:55 -08:00
..
Kconfig	rcu: Drive TASKS_RCU directly off of PREEMPT	2017-08-17 07:26:04 -07:00
Kconfig.debug	rcu: Move RCU debug Kconfig options to kernel/rcu	2017-06-08 18:52:44 -07:00
Makefile	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
rcu.h	Merge branches 'fixes1.2018.07.12b' and 'torture1.2018.07.12b' into HEAD	2018-07-12 15:42:41 -07:00
rcu_segcblist.c	rcu: Simplify and inline cpu_needs_another_gp()	2018-05-15 10:30:59 -07:00
rcu_segcblist.h	rcu: Simplify and inline cpu_needs_another_gp()	2018-05-15 10:30:59 -07:00
rcuperf.c	rcuperf: Fix cleanup path for invalid perf_type strings	2019-05-31 06:46:30 -07:00
rcutorture.c	rcutorture: Fix cleanup path for invalid torture_type strings	2019-05-31 06:46:30 -07:00
srcutiny.c	sched/swait: Rename to exclusive	2018-06-20 11:35:56 +02:00
srcutree.c	srcu: Lock srcu_data structure in srcu_gp_start()	2019-01-13 09:51:06 +01:00
sync.c	doc: Fix various RCU docbook comment-header problems	2017-10-19 22:26:11 -04:00
tiny.c	rcu: Improve rcu_note_voluntary_context_switch() reporting	2018-07-12 15:39:12 -07:00
tree.c	rcu: Do RCU GP kthread self-wakeup from softirq and interrupt	2019-03-23 20:10:12 +01:00
tree.h	rcu: Remove unused rcu_kick_nohz_cpu() function	2018-07-12 15:39:17 -07:00
tree_exp.h	Merge branch 'sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip	2018-08-13 11:25:07 -07:00
tree_plugin.h	rcu: Avoid data-race in rcu_gp_fqs_check_wake()	2020-02-11 04:33:55 -08:00
update.c	kprobes: Prohibit probing on RCU debug routine	2019-04-05 22:33:08 +02:00