Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp2626760imm; Wed, 3 Oct 2018 06:52:44 -0700 (PDT) X-Google-Smtp-Source: ACcGV62hHBYkvQXbVpcDFHj0vMK7llLhFBa2wpqrAuF0hKyW3w+6v32ylFe3RKoII3S7DaG2d1uA X-Received: by 2002:a63:5153:: with SMTP id r19-v6mr1475352pgl.419.1538574764467; Wed, 03 Oct 2018 06:52:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538574764; cv=none; d=google.com; s=arc-20160816; b=svpDpw+XS6t21zeeQWxwbPKTtz8cmrMhjTzK8vJGhwOSSBTWcXcJLQF/yW7t69oa/T 1QnQ6sWb1qI0bFS7t/om+DiSCK4rF1DS3bNtX9mSYEte4r7CsAficm01xJcFdgbbhnn3 k4fgllIZiCnZFxKVeL5LuiZG2FKflXn85hrZslU/+CRBIxueo3ggEiFUrEqgF+iWmQdG 8HjlIYT8/UnB1qickadyZ1g2afNOiiC81Q9gcdDmjlV2SzSoaG4XZsrhCOpI5NiZ9f2F knB1LjNeVIC4fXLeju+yVDYHEAa9pDYpsZlClKer4quOBBn5ZmZb8h5IdSML5VSftHLU /8Zg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:mime-version:user-agent:date:message-id :cc:to:subject:from:dkim-signature; bh=xf1diMsDU7S5RDV2E4iPoPvrscEAvyH+XqECqIiN0KE=; b=IjYHR61Sh+gTi6HL+EXf292MQs+9n94a7XCBE/DdOZiW4VFXqubb/tdPedfrqAq6S3 Rh/ReMfsEdibyIWURC6vzDYEMGp1z//DsS0HvMLeVPdlaOuN2zGBZDf8Et0QtrxWhtpT aw3cW/AJIllrh58ysxHWPcjdmW6mlU+rFKjc0wr73EV35w0EpAtxbu27wkzhPj7lJt8H 47EbgV3p3NMHSN1ekYZ3q1mDc1C8GXNXp5tB+ziMOFywAnCZsR5vWxWQ2y5cnoqVdqKc S1EX3QhcxPZSyou+9eYc69nRjpHp5BhSooMQJ2rbHpZQKl9vka8utYhrALA7izBpqvLb KWyg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=NUpTuqTc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f1-v6si1727850pln.317.2018.10.03.06.52.26; Wed, 03 Oct 2018 06:52:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=NUpTuqTc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726893AbeJCUku (ORCPT + 99 others); Wed, 3 Oct 2018 16:40:50 -0400 Received: from mail-pl1-f175.google.com ([209.85.214.175]:46622 "EHLO mail-pl1-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726801AbeJCUkt (ORCPT ); Wed, 3 Oct 2018 16:40:49 -0400 Received: by mail-pl1-f175.google.com with SMTP id v5-v6so3517924plz.13; Wed, 03 Oct 2018 06:52:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:cc:message-id:date:user-agent:mime-version :content-transfer-encoding:content-language; bh=xf1diMsDU7S5RDV2E4iPoPvrscEAvyH+XqECqIiN0KE=; b=NUpTuqTc9rAn3OMYgX/EB290/NXeZyxVZFu69OLmVmLj20VARZXtPotcFnevpfJRQr 4GHJw5YcL/2KQuCSTKV/RRT2Y7dZv0m4QXVgSU9F705YGDfFqw8OaxMdiqUwwoouWYzI 6DylNRhYRq2VBQ1Ko8mYJoC995+gLnxg/U1Z0Nh5mUD6wlvURe5Q0wDE+BT2TypzeLig r6drEvEi4hvYN9BpkRmcHdnL6ShEI7Jwpg7E7qv+nlVFywKfS/Ch6ermFToVDDHMPbAq LhifSvrpivmO+E1CyaJXFujR0iBcu0KGM7MxmwcmPlXBNKqxCNKBS0i9Gmc5XbWeYo/n LDDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:cc:message-id:date:user-agent :mime-version:content-transfer-encoding:content-language; bh=xf1diMsDU7S5RDV2E4iPoPvrscEAvyH+XqECqIiN0KE=; b=WZoZs1bIKPPrmgOJa0LGgxy6jamlh4SK17L2xIjqyvkRtcxCHAI8j5IMJRrCOlNrrv fq1wbyhJYHwBcmoZ5YHPDt9/1hm1yeq4ORCGReBl+8kY2hcq5xMmSqNu488IOeRCgIrC gtnIPdmdhsNJwghEkMQ3QsyxGTkI9F/qQsMxyOQy0w/xdxDMqEFpVtGaP6IGKgLLWINz 1r0j8FJgKmLZzB313HnZlwcfSZikNmcGIHVvTTkae8lniD5iXDcUzP/TdvDzETWVjoDT mWXgHRkpLpxzouDttW7DCRKQxKpXBAtfwTkcO+HXnM+V6N8swwT7ig2JTijVmLwxsmSI fihA== X-Gm-Message-State: ABuFfogvaZjjNIDRCXbS2f7XREQkxqncvDyUEB+eQEjGdmr62fUnmeLh jjN6twxRPepRYlUs/rM7cZm2ghyl X-Received: by 2002:a17:902:bd4b:: with SMTP id b11-v6mr1818445plx.0.1538574739482; Wed, 03 Oct 2018 06:52:19 -0700 (PDT) Received: from ?IPv6:2402:f000:1:1501:200:5efe:166.111.71.3? ([2402:f000:1:1501:200:5efe:a66f:4703]) by smtp.gmail.com with ESMTPSA id h130-v6sm2350103pgc.88.2018.10.03.06.52.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 03 Oct 2018 06:52:18 -0700 (PDT) From: Jia-Ju Bai Subject: [REPORT] net: 3com: 3c59x: Possible data races To: klassert@kernel.org, davem@davemloft.net, anna-maria@linutronix.de, bigeasy@linutronix.de, nhorman@tuxdriver.com, keescook@chromium.org Cc: netdev@vger.kernel.org, Linux Kernel Mailing List Message-ID: <412162cd-8fab-104b-ce73-6f70f108218f@gmail.com> Date: Wed, 3 Oct 2018 21:52:14 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org ****** Possible race0 ****** CPU0: vortex_boomerang_interrupt line 2510: spin_lock_irqsave() _boomerang_interrupt line 2432: vp->tx_skbuff[entry] [READ] line 2433: vp->tx_skbuff[entry] [READ] line 2453: vp->tx_skbuff[entry] = NULL [WRITE] CPU1: boomerang_start_xmit line 2145: vp->tx_skbuff[entry] = skb [WRITE] As for vp->tx_skbuff[entry], the WRITE and READ operations in CPU0 are performed with holding a spinlock, but the WRITE operation in CPU1 is performed without holding this spinlock, so there may exist data races. ****** Possible race1 ****** CPU0: vortex_boomerang_interrupt line 2510: spin_lock_irqsave() _boomerang_interrupt line 2421: vp->dirty_tx = dirty_tx [WRITE] CPU1: boomerang_start_xmit line 2137: vp->dirty_tx [READ] As for vp->dirty_tx, the WRITE operation in CPU0 is performed with holding a spinlock, but the READ operation in CPU1 is performed without holding this spinlock, so there may exist a data race. ****** Possible race2 ****** CPU0: vortex_boomerang_interrupt line 2510: spin_lock_irqsave() _boomerang_interrupt line 2381: vp->handling_irq = 1 [WRITE] line 2498: vp->handling_irq = 0 [WRITE] CPU1: boomerang_start_xmit line 2134: vp->handling_irq [READ] As for vp->handling_irq, the WRITE operations in CPU0 are performed with holding a spinlock, but the READ operation in CPU1 is performed without holding this spinlock, so there may exist data races. ****** Possible race3 ****** CPU0: vortex_boomerang_interrupt line 2510: spin_lock_irqsave() _boomerang_interrupt boomerang_rx line 2669: skb->ip_summed = ... [WRITE] CPU1: boomerang_start_xmit line 2149: skb->ip_summed [READ] As for skb->ip_summed, the WRITE operation in CPU0 is performed with holding a spinlock, but the READ operation in CPU1 is performed without holding this spinlock, so there may exist data races. These possible races are detected by a runtime testing. A possible fix of these races is protecting the code in boomerang_start_xmit() using the spinlock in vortex_boomerang_interrupt(). But I am not sure whether this fix is correct, so I only report these races. Best wishes, Jia-Ju Bai