Message ID | 20240429100437.3487432-1-leitao@debian.org (mailing list archive) |
---|---|
State | Accepted |
Commit | c2e6a872bde9912f1a7579639c5ca3adf1003916 |
Delegated to: | Netdev Maintainers |
Headers | show |
Series | [net-next] netpoll: Fix race condition in netpoll_owner_active | expand |
Hello: This patch was applied to netdev/net-next.git (main) by Jakub Kicinski <kuba@kernel.org>: On Mon, 29 Apr 2024 03:04:33 -0700 you wrote: > KCSAN detected a race condition in netpoll: > > BUG: KCSAN: data-race in net_rx_action / netpoll_send_skb > write (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10: > net_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822) > <snip> > read to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2: > netpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393) > netpoll_send_udp (net/core/netpoll.c:?) > <snip> > value changed: 0x0000000a -> 0xffffffff > > [...] Here is the summary with links: - [net-next] netpoll: Fix race condition in netpoll_owner_active https://git.kernel.org/netdev/net-next/c/c2e6a872bde9 You are awesome, thank you!
diff --git a/net/core/netpoll.c b/net/core/netpoll.c index 543007f159f9..55bcacf67df3 100644 --- a/net/core/netpoll.c +++ b/net/core/netpoll.c @@ -316,7 +316,7 @@ static int netpoll_owner_active(struct net_device *dev) struct napi_struct *napi; list_for_each_entry_rcu(napi, &dev->napi_list, dev_list) { - if (napi->poll_owner == smp_processor_id()) + if (READ_ONCE(napi->poll_owner) == smp_processor_id()) return 1; } return 0;
KCSAN detected a race condition in netpoll: BUG: KCSAN: data-race in net_rx_action / netpoll_send_skb write (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10: net_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822) <snip> read to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2: netpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393) netpoll_send_udp (net/core/netpoll.c:?) <snip> value changed: 0x0000000a -> 0xffffffff This happens because netpoll_owner_active() needs to check if the current CPU is the owner of the lock, touching napi->poll_owner non atomically. The ->poll_owner field contains the current CPU holding the lock. Use an atomic read to check if the poll owner is the current CPU. Signed-off-by: Breno Leitao <leitao@debian.org> --- net/core/netpoll.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)