Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp3649550ybf; Tue, 3 Mar 2020 09:46:40 -0800 (PST) X-Google-Smtp-Source: ADFU+vuOirpMd3q0Py3AWMxnsJID5ricM8gE/6aFmy9uNSudUJbYasTHRJui9OnTd7R3eWj7d1Z4 X-Received: by 2002:aca:abd6:: with SMTP id u205mr3098977oie.12.1583257600043; Tue, 03 Mar 2020 09:46:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1583257600; cv=none; d=google.com; s=arc-20160816; b=xmBVNQ6BKKDNJdbq2dXtGDaX/1mU5KF1nsqKOWkz5kFx1T1h3A1uyoB3oq2werHwfO 2w3N/PXqrgF2tVc+YOjkeIRCwhoI7uYtzHOehoVJdfK1f/jJPHPqa4as2dy9VXBvaLbX ob4sp616yvNIw9hcpQPVfdr58jIhcxzs79LqhXCo5BBXlOFaIjxYHyiN5lXD9QGPzLOE 1Q1RpaI3bD5uVDaVrNy3R6BGtTsQwGdQGVjxpLslgsRGFT5mb40GSQ5lUhQimMUdnIPM uUY7sNgtMIVVTODZcukhQTwR1QXgW4TKM8we4JDwV6UsEW4uJ7BGovjfUbB84SjSCdJf PwkA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature; bh=9+7wdl96+pcZ7KOZjzEhoq8+QQtDm+nRL0/PPEraqiQ=; b=SDaeDiR2+Lt3PzS3Qsv0zsut9Ds37p2jPG5IItvp9cWQDDfnLTOgjgMs4e/lmRLWjH mIArHZ4V9Gk+AqL/W++FddjM74ITfDiKZU7OoqE6Ea5LcNnBJleAI+b6Bp2AeHzntYN7 MLpUpgxqq+ObwXsgZFUcSstgs1xpiUqGrY3Syf084VMq82yem87AzmxJMapG50BlsI3s hQ572dNL/KY4pDEcgCElX9ekjmqFyRIUNCMQwv82oyFElKFRm2AgfbE1OObeDqqh3MS8 fGZ2ck1P1vc5XkqQG1LPWJ2KST6+dQEKeJ1tgPASYn2ONHnBzocIXkX+recU4H7yr4Dn 6vEQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lca.pw header.s=google header.b=VwJiMCnW; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e21si8268755otl.83.2020.03.03.09.46.28; Tue, 03 Mar 2020 09:46:40 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@lca.pw header.s=google header.b=VwJiMCnW; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729745AbgCCRVA (ORCPT + 99 others); Tue, 3 Mar 2020 12:21:00 -0500 Received: from mail-qt1-f193.google.com ([209.85.160.193]:44911 "EHLO mail-qt1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729206AbgCCRVA (ORCPT ); Tue, 3 Mar 2020 12:21:00 -0500 Received: by mail-qt1-f193.google.com with SMTP id j23so3379999qtr.11 for ; Tue, 03 Mar 2020 09:21:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lca.pw; s=google; h=from:to:cc:subject:date:message-id; bh=9+7wdl96+pcZ7KOZjzEhoq8+QQtDm+nRL0/PPEraqiQ=; b=VwJiMCnWis/rcKy+sK37kLKIyxblOfMElqg6DvJH9xeK/nZUNJu5E2EhW7KF1ErhGa JLNIlWs+bjd8XmyKfINU0iDzY2PDLC1M2Em69BpDIQiuJi8+2sqDOTv6duqzYhRToaZV CbARpxT3JgbZHmrkGvfXTVZJWz7TfPy9jPF3IzxsdOvofOBa0NQxnzhtw7WesPsqHORl DRsURMwm2c2BDLPJBdQiVW0W10J3+N/Zeh9iE41UZkVCQ+KJpOlX3ZpthLI7I4Tm/gY2 mJufyKsfnGIB7Ld/QtJ6uXwOPGYABB8sptg6B9AwBudDFOsUd71GbJJV1gVI3qz7d0qO UwEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=9+7wdl96+pcZ7KOZjzEhoq8+QQtDm+nRL0/PPEraqiQ=; b=FnJPA0M9JiJwG3XsMDbxlPX9a2PWbDwgVoWc8vHN4U3/UcjwHKTlL2y1TwsnoR1HK+ viD//XTSJvGJtoh02fpnXly4lt7yQzlSreB/HjNRzfG2seO0+seaIn9wKQeQcBjuogxI hnsNVA+bK+26+MWfF1PjO3ZfxfAYFplE6dKqOvkAdU/Obvb+d5mk40Egf7D32BpMVYov aey5NNySBX18IGW6bPAKgjwtl9PUaLJxll6uyhPmlSbXTo51kvWsQzJEfLD1bKbRUg2m imE5rZDHY93uSEYi+JN7gQdNt+WDbZAMCblc/8qn7XwfSsPoY3bIMW7fDPR/KteRflkg IgYA== X-Gm-Message-State: ANhLgQ2JZYr0fsoRmV3zfQVtiQB72ArcuSwxGJmO+WxKX041k4lYn7Zp daX910od4c/f5Ct8mtDvMpqlHsL6J+s= X-Received: by 2002:ac8:3893:: with SMTP id f19mr5376802qtc.46.1583256059513; Tue, 03 Mar 2020 09:20:59 -0800 (PST) Received: from qcai.nay.com (nat-pool-bos-t.redhat.com. [66.187.233.206]) by smtp.gmail.com with ESMTPSA id o127sm12532383qke.92.2020.03.03.09.20.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 03 Mar 2020 09:20:58 -0800 (PST) From: Qian Cai To: akpm@linux-foundation.org Cc: oleg@redhat.com, catalin.marinas@arm.com, elver@google.com, linux-kernel@vger.kernel.org, Qian Cai Subject: [PATCH -next] signal: annotate data races in sys_rt_sigaction Date: Tue, 3 Mar 2020 12:20:49 -0500 Message-Id: <1583256049-15497-1-git-send-email-cai@lca.pw> X-Mailer: git-send-email 1.8.3.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Kmemleak could scan task stacks while plain writes happens to those stack variables which could results in data races. For example, in sys_rt_sigaction and do_sigaction(), it could have plain writes in a 32-byte size. Since the kmemleak does not care about the actual values of a non-pointer and all do_sigaction() call sites only copy to stack variables, annotate them as intentional data races using the data_race() macro. The data races were reported by KCSAN, BUG: KCSAN: data-race in _copy_from_user / scan_block read to 0xffffb3074e61fe58 of 8 bytes by task 356 on cpu 19: scan_block+0x6e/0x1a0 scan_block at mm/kmemleak.c:1251 kmemleak_scan+0xbea/0xd20 kmemleak_scan at mm/kmemleak.c:1482 kmemleak_scan_thread+0xcc/0xfa kthread+0x1cd/0x1f0 ret_from_fork+0x3a/0x50 write to 0xffffb3074e61fe58 of 32 bytes by task 30208 on cpu 2: _copy_from_user+0xb2/0xe0 copy_user_generic at arch/x86/include/asm/uaccess_64.h:37 (inlined by) raw_copy_from_user at arch/x86/include/asm/uaccess_64.h:71 (inlined by) _copy_from_user at lib/usercopy.c:15 __x64_sys_rt_sigaction+0x83/0x140 __do_sys_rt_sigaction at kernel/signal.c:4245 (inlined by) __se_sys_rt_sigaction at kernel/signal.c:4233 (inlined by) __x64_sys_rt_sigaction at kernel/signal.c:4233 do_syscall_64+0x91/0xb05 entry_SYSCALL_64_after_hwframe+0x49/0xbe Signed-off-by: Qian Cai --- kernel/signal.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/kernel/signal.c b/kernel/signal.c index 5b2396350dd1..bf39078c8be1 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -3964,14 +3964,15 @@ int do_sigaction(int sig, struct k_sigaction *act, struct k_sigaction *oact) spin_lock_irq(&p->sighand->siglock); if (oact) - *oact = *k; + /* Kmemleak could scan the task stack. */ + data_race(*oact = *k); sigaction_compat_abi(act, oact); if (act) { sigdelsetmask(&act->sa.sa_mask, sigmask(SIGKILL) | sigmask(SIGSTOP)); - *k = *act; + data_race(*k = *act); /* * POSIX 3.3.1.3: * "Setting a signal action to SIG_IGN for a signal that is @@ -4242,7 +4243,9 @@ int __compat_save_altstack(compat_stack_t __user *uss, unsigned long sp) if (sigsetsize != sizeof(sigset_t)) return -EINVAL; - if (act && copy_from_user(&new_sa.sa, act, sizeof(new_sa.sa))) + if (act && + /* Kmemleak could scan the task stack. */ + data_race(copy_from_user(&new_sa.sa, act, sizeof(new_sa.sa)))) return -EFAULT; ret = do_sigaction(sig, act ? &new_sa : NULL, oact ? &old_sa : NULL); -- 1.8.3.1