Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp1094866rwb; Thu, 18 Aug 2022 19:07:42 -0700 (PDT) X-Google-Smtp-Source: AA6agR6MIsXBzvtVZmqrwsiFSEekYD25ZyNg0NQfADEtVtHuc1bna9EXxGpqAay+7KbZe/V70hHv X-Received: by 2002:a17:907:2896:b0:730:983c:4621 with SMTP id em22-20020a170907289600b00730983c4621mr3498670ejc.502.1660874861800; Thu, 18 Aug 2022 19:07:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660874861; cv=none; d=google.com; s=arc-20160816; b=hqRmuSFyCKzYSfJuozJn8+zogDCNGtYa7r4VJi4UzLTfA9+HPjK2VNzp/Q360Zve6z 9PWHDMNXZLBhLXodbJpyAzdPaDMdghkCQTgLB7Bzj1h4kmxj2cYNVqXSOkfavLBBy6lb Y0a2MQl5KqaA5MorL9Exl5yVwUL38i6bUmQWsb329KVCAAQpJRagynB2WemDY1O6hwrc 2b+2ZwmBv5qjFAEnLnKZrHRTGVKutjzqHoBqPWrrOQopuwZmP4OcEDK3C2Z68BqkWGCv QqU2W6wzCoekpUITHICYNxFXTPGnnCRS/E3gnk76Irwr/JRcMkRfIXbe0yhO7db2BxTG RCSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=8i/BbB4J7UUtTj6wSLyEKQkjCMyvGUUhOuI103/eQ5w=; b=APx2u+sl1nip2WiJQNRAa2HfsR+8QkM4tJWhGqjJUS77Acvb1QPv3GKYT4wrZ52oyU SljPgA16itRAvQGJ7YCTJO++m9N7knOxODuiw2aMeEO/WEXr9KUKlVGwN6le6VrgiCtM QHS1wXAMVrqlHjervsG1tN3QiT8ODyvplADnZPo1vathAlFBKkVy4AEzmdnBDnN5eRC0 Rm70NOncwiVjAOKrZ194UlhAcXhXYZvn28vpV/96K0hP4dmqHQeyxw674EyHfreeBucA 9DoR63k3aGkMtWEfepbT+qe8VdMH0Ip5SqD134xQx/r69ogjY1fouiiQDxedOluDlxL6 kIFg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b="61/an7qQ"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ds3-20020a170907724300b00730a63dc36esi2143541ejc.644.2022.08.18.19.07.09; Thu, 18 Aug 2022 19:07:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b="61/an7qQ"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241927AbiHSB7R (ORCPT + 99 others); Thu, 18 Aug 2022 21:59:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49706 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236015AbiHSB7O (ORCPT ); Thu, 18 Aug 2022 21:59:14 -0400 Received: from mail-oa1-x32.google.com (mail-oa1-x32.google.com [IPv6:2001:4860:4864:20::32]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EBC80DC5E5 for ; Thu, 18 Aug 2022 18:59:13 -0700 (PDT) Received: by mail-oa1-x32.google.com with SMTP id 586e51a60fabf-11cab7d7e0fso2619286fac.6 for ; Thu, 18 Aug 2022 18:59:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=8i/BbB4J7UUtTj6wSLyEKQkjCMyvGUUhOuI103/eQ5w=; b=61/an7qQdUYzdYH7mxmknmmDqxAxFZI1I10rEvVJ3eCj2u2oHrR655doSL9QRLZf2E na6v1nEWzpa4ts/qZsNEU/fF3Gtng5HhoF3EEWJE07pWUnkOIFnVXgsRxhMW3QZPfvAS p5Q36U5QlRfwVO0arZrKkpzUoQoOGpjK6q0BQCn47RILME9IDH1jafFXgI+el1NauJJi XwUx0sjdRWzC1Kz9B0ef3wtoJ8XxUwARqyC98DAdC+2KPFktvr2Ndlam+klgSESQTfJ1 rvBhi1AJPeoVtdT2dnR3RCLZwmg0zgiRnjUSt/5OHCVlVicgvvNq9EipvZbQEgwKJMf0 VDMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=8i/BbB4J7UUtTj6wSLyEKQkjCMyvGUUhOuI103/eQ5w=; b=dBQKatQ11zP/cR2JIDvFOtiUhgCxwXd5VY6Oq+qLuv0fVJjO5jo1fNZ07cEAVmalha Ply0Q/q5xyvSnfYqqNDn7CaiMJ0+5lTL8mldJVWFxewcsxPzWKDCCnmhtBJ0J5yrVCzh CNaQMMmAjYmXebMk9M91tpCMSa4Giv3weHu7zrJ1A+Jfp/wvYtvYB34yI43WYieFmdps xlB6r1FwiZJ/3xW4LgWfz67h0hflkPs1pN6amURXOw5mrzx2ZvuGllffH2pWsUAc/bxq djMhiM1IsDOf21RhLPVCX7hBvEPBxpI+e81fZfRZfY+gPf9HPU7RVBQAiHE3ULLMhxcl Si9w== X-Gm-Message-State: ACgBeo0ljxGHDVYmaO9Ybhp5tuA/6BixO4+3ja8ZEF9AAXs6OXUIJX+M a8AS6piaSVAH07o+zBhfte8BkMDbTT78a0VXMepl X-Received: by 2002:a05:6870:a78d:b0:11c:437b:ec70 with SMTP id x13-20020a056870a78d00b0011c437bec70mr2821970oao.136.1660874353259; Thu, 18 Aug 2022 18:59:13 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Paul Moore Date: Thu, 18 Aug 2022 21:59:02 -0400 Message-ID: Subject: Re: data-race in audit_log_start / audit_receive To: abhishek.shah@columbia.edu Cc: eparis@redhat.com, linux-audit@redhat.com, linux-kernel@vger.kernel.org, Gabriel Ryan Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Aug 18, 2022 at 6:23 PM Abhishek Shah wrote: > Hi all, > > We found a data race involving the audit_cmd_mutex.owner variable. We think this bug is concerning because audit_ctl_owner_current is used at a location that controls the scheduling of tasks shown here. Please let us know what you think. > > Thanks! > > -----------------Report---------------------- > > write to 0xffffffff881d0710 of 8 bytes by task 6541 on cpu 0: > audit_ctl_lock kernel/audit.c:237 [inline] ... > read to 0xffffffff881d0710 of 8 bytes by task 6542 on cpu 1: > audit_ctl_owner_current kernel/audit.c:258 [inline] Yes, technically there is a race condition if/when an auditd instance is registering itself the exact same time as another task is attempting to log an audit record via audit_log_start(). The risk being that a *very* limited number of audit records could be mis-handled with respect to their queue priority and that is it; no records would be lost or misplaced. Correcting this would likely involve a more complex locking scheme[1] or a rather severe performance penalty due to an additional lock in the audit_log_start() code path. There may be some value in modifying audit_ctl_owner_current() to use READ_ONCE(), but it isn't clear to me that this would significantly improve things or have no impact on performance. Have you noticed any serious problems on your system due to this? If you have a reproducer which shows actual harm on the system could you please share that? [1] The obvious choice would be to move to a RCU based scheme, but even that doesn't totally solve the problem as there would still be a window where some tasks would have an "old" value. It might actually end up extending the race window on large multi-core systems due to the time needed for all of the critical sections to complete. -- paul-moore.com