Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp344751ybt; Wed, 17 Jun 2020 02:24:38 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzGGA2yIAL0sKBrRAIJ0idwlz8MrCM8L65X9qigTx6KaXF2F19hgXTiYinQY9at5tSZkRe9 X-Received: by 2002:a17:906:3b44:: with SMTP id h4mr1953357ejf.463.1592385878502; Wed, 17 Jun 2020 02:24:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592385878; cv=none; d=google.com; s=arc-20160816; b=RAdH0uyy5eyGmd06D25sSw8jjcqNSgrj+thN6sT8UWBtEHUmajRVeYtoGYVAFtkNBG tMfXU9WbDkIeUSzd6Dp8FLLaY4xOKeOHu4MRf3ZEjZPw8XjJ+4CaVS2h714XVHJJzitb PlgU/XvJNt9w68MTMnuwHGiJ72pv0Os2SD4AVeoVowOHdXe4vmOfHIeqpKbn0Yfxmn2k 0BTW997U7S6P88HaxyzQ2JU0xgitGgU+WN/8AETgI/amE2Iy6Hr9E9nNNE4B/hB/La9Z eiIMLkpT2V+yYKw1X5sJdbVGBRd+0Ep86ntfXRjnqcdMyfOjiNsWgtZenDYXFeM1SMIG fI1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:in-reply-to :mime-version:user-agent:date:message-id:from:references:cc:to :subject; bh=uP1gWVlDT2V7Ns5V18N/LUINKHePNsxTLvKZTtUDkf4=; b=suXhF6GIOTINs7hry4jHAH54bFP1UbK78AXBRcPRrdLGzt2F3IUhqtw3wWITJgG5th bxSXvPhMkJQqfG62tg5WnDciP1L3W80btBS/p4nexuDSJtx3Lu2/nulSTbS1o9DUUi6v x5pZ81Cc2dWjVUUn5WqeSg9RXV3UDDbSpIJpBUNYCgJZIHxQP9g8G9Sss3chY9+lxm8r /xDhFuKYBbcbAXAcxQ5kcYsBvzmcdqn4GjyHtT5IDvXt3DJ9B9k6YxSYAfkT+02maC+c 9x+qlHUop8c18Oj2Y5X7LkZOUjCZ0eWu58hfTJerdTEiiNznBgLEH1+KM2v+n01GvqHS lNOA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q24si12807042eds.133.2020.06.17.02.24.15; Wed, 17 Jun 2020 02:24:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726817AbgFQJTr (ORCPT + 99 others); Wed, 17 Jun 2020 05:19:47 -0400 Received: from szxga04-in.huawei.com ([45.249.212.190]:6351 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726816AbgFQJTq (ORCPT ); Wed, 17 Jun 2020 05:19:46 -0400 Received: from DGGEMS411-HUB.china.huawei.com (unknown [172.30.72.59]) by Forcepoint Email with ESMTP id 3B258A92749A78F0C949; Wed, 17 Jun 2020 17:19:44 +0800 (CST) Received: from [10.166.213.22] (10.166.213.22) by smtp.huawei.com (10.3.19.211) with Microsoft SMTP Server (TLS) id 14.3.487.0; Wed, 17 Jun 2020 17:19:35 +0800 Subject: Re: [PATCH linux-next] kernel/fork.c: annotate data races for copy_process To: Chenweilong , Christian Brauner CC: "akpm@linux-foundation.org" , "tglx@linutronix.de" , "linux-kernel@vger.kernel.org" , "dvyukov@google.com" References: From: Zefan Li Message-ID: <9b8346c8-c3b8-b0bd-b925-9545aa3482f9@huawei.com> Date: Wed, 17 Jun 2020 17:19:35 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit X-Originating-IP: [10.166.213.22] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2020/6/17 17:08, Chenweilong wrote: >> On Tue, Jun 09, 2020 at 11:08:01AM +0800, Weilong Chen wrote: >>> The check is only there to stop root fork bombs. >>> >>> BUG: KCSAN: data-race in copy_process / copy_process >>> >>> write to 0xffffffff86f87d20 of 4 bytes by task 7121 on cpu 5: >>> copy_process+0x2e1a/0x3af0 kernel/fork.c:2285 >>> _do_fork+0xf7/0x790 kernel/fork.c:2430 >>> __do_sys_clone+0xf9/0x130 kernel/fork.c:2585 __se_sys_clone >>> kernel/fork.c:2566 [inline] >>> __x64_sys_clone+0x6c/0x80 kernel/fork.c:2566 >>> do_syscall_64+0xc7/0x3b0 arch/x86/entry/common.c:295 >>> entry_SYSCALL_64_after_hwframe+0x44/0xa9 >>> >>> read to 0xffffffff86f87d20 of 4 bytes by task 7125 on cpu 3: >>> copy_process+0x9eb/0x3af0 kernel/fork.c:1967 >>> _do_fork+0xf7/0x790 kernel/fork.c:2430 >>> __do_sys_clone+0xf9/0x130 kernel/fork.c:2585 __se_sys_clone >>> kernel/fork.c:2566 [inline] >>> __x64_sys_clone+0x6c/0x80 kernel/fork.c:2566 >>> do_syscall_64+0xc7/0x3b0 arch/x86/entry/common.c:295 >>> entry_SYSCALL_64_after_hwframe+0x44/0xa9 >>> >>> Signed-off-by: Weilong Chen >> >> Plumbing data_race() in there just to taper over this seems ugly. >> Before we do that we should probably simply make nr_threads atomic_t. > Will using atomic_t cause performance degradation ? I don’t know why atomic was not used in the beginning. > >> Also, where's the link to the syzbot/kcsan report? Or did you get this report from somewhere else? > I got this from local test. There is a comment just above the if statement to explain this race: /* * If multiple threads are within copy_process(), then this check * triggers too late. This doesn't hurt, the check is only there * to stop root fork bombs. */ This race won't go away by making nr_threads atomic, because I think it is tasklist_lock that protects nr_thread. Adding data_race() here I think makes the code more readable, as a supplementary to the code comment.