Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp5445629rdb; Wed, 13 Dec 2023 08:51:26 -0800 (PST) X-Google-Smtp-Source: AGHT+IHu0NXVaYHGBg8dwZ5pRESBKCtBWMkQWjIn8Re0VFm6qe9wcdUyjpS6sy/rp+vtMhiwEBzy X-Received: by 2002:a17:90a:3ec2:b0:28a:f321:125f with SMTP id k60-20020a17090a3ec200b0028af321125fmr318091pjc.68.1702486286698; Wed, 13 Dec 2023 08:51:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702486286; cv=none; d=google.com; s=arc-20160816; b=xzjcuiNmU0EJXlfsKPSS8oUh0qjSfuyQpe88OuweL9CaD09pbmseGodwrIY2NTXHRr UwI7eGnANAF1eFoSGyEiYbqZzYoTovW+gDQXHnT4PKanECzIXerL2LizrJTy+woSRs5g JAxWJlCLG6ApgpvZSq1T2i0fSENi2TZvEwAmXkK8gfi1y9IV6McCOkiIy01NUtcD2P3e NcPB7dWNzCy8XhnFLvqyrdV1b64I5KdANrA2bl+TO9me27nm/1DeHF9yqXsmjXcPzBbT aZzHv0kUxrQ+bTP0fPRoPawasF9LqgXjik//SkteNgThn/P/En9SkDJWB/4vP1PavlYn /sBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=+aZ9Gls1BogU2MReoFJauXP2UgnNIXaBIdamecIfCjI=; fh=3FKCVC//Yac2hNhdFRoFMslNZC8BrjZt1RZflXUZVZY=; b=b99/PJIm2bFd+Df5BIIRHI3dRKrVrdCKpVJXj6D9CG6rnc9rEZYOoe8YHYT0awwBYd y71m3/WTgtKC7RYiCdn6KafSRklT8R6pOAfrGGbgJOl7+a6ABhQ0OL0N6ERYoDc9rRcL 2dWOn1xbLaUVEnwdi92sEHMySoCsrm/AY9zdSTFU69+74wYoAqqHcHqNGjC9oMfl2iTG Z1x5/lmMgTGxGlpH/sMJeS0JSbKCJJrC1pmZJAMjvD08mOyrai/saN8yvd+gtqSz1ibG naRK4fgRNPWH10+/8ZhGwwOkyz3s0junL2fUWDk0iZAGqoYCjVciL95RDzVQ95f8dDUF IjhA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=LlP3f+lL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3]) by mx.google.com with ESMTPS id n11-20020a17090a9f0b00b00286b2b6dc96si11222088pjp.59.2023.12.13.08.51.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Dec 2023 08:51:26 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=LlP3f+lL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id A5BE08031107; Wed, 13 Dec 2023 08:51:22 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1378832AbjLMQvK (ORCPT + 99 others); Wed, 13 Dec 2023 11:51:10 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41996 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229458AbjLMQvJ (ORCPT ); Wed, 13 Dec 2023 11:51:09 -0500 Received: from mail-vs1-xe2b.google.com (mail-vs1-xe2b.google.com [IPv6:2607:f8b0:4864:20::e2b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8E796F3 for ; Wed, 13 Dec 2023 08:51:15 -0800 (PST) Received: by mail-vs1-xe2b.google.com with SMTP id ada2fe7eead31-46484f37549so2447759137.1 for ; Wed, 13 Dec 2023 08:51:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1702486274; x=1703091074; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=+aZ9Gls1BogU2MReoFJauXP2UgnNIXaBIdamecIfCjI=; b=LlP3f+lLIPBascCA2+adLBXWKEu/Ue7Y8JXRF0nEayxwk7LWD959xZEtSi8ktJIijE GBxivhUlpImZXMyAyCxvhhcOYGIk2R6YDNEMZMSQOdckB8g+n556UIXbTATnAZkJDthM 7Xg6bBhJ96eEWCyuqVGbL0lH68x3FlDctOOfb4kLHwt8kzhe1ha44+AcdDV3CTqU6PKM Fw87yHuOr3TXqCVW8hMR6oEBa/pq1TrhV5Y6phT3yN4WhHjjS8v/5648cxHQzAw/hcCd HIexjtFwEtTDEqtlJbgP98kiwtigjIjQgMiC6EAJYWO2rC2Kqcg72GM7kHggTB10BKzd RSIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702486274; x=1703091074; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+aZ9Gls1BogU2MReoFJauXP2UgnNIXaBIdamecIfCjI=; b=ftnkEDoA10OfkmFJ33zzj0G39ElAwaMHIJFQzLMkuMjL/41OQruvIFnHTc9rHCaM2P wlZawF1MsHtJruCKyzIXOxhPsQ3TYCD5knIqVfjJlhgCCAKvzhJweG9Y+GeLR0bwLuJM 0aaOUHqt3gutWQPmJoDhG0O2cHzsq0kT25sPDaz3ylr8oKX65Rb+pKjtvlQqn1hMrwhC PFpdK64csXMVrNuVgCiqMWaDr0Df9BBtH0+8kCoFhm5+yPND9hK9BMz5ZRQVobGhMVBi Eqk6ARSHSDnEGkKDev84l7PhfpLIW5xzN6kIRldiaqM2XnVLQkzjQPyb5Gb9JgeSlV1o kPwQ== X-Gm-Message-State: AOJu0Yy7ivBxjTrpAKqzxdf3OLRnoh/5EgYkVsDH9zewTo/kTjeS0dx+ 635xYLMIicHh5ow8P0ZUfw2c98XiiaB9UNtjzkuLuw== X-Received: by 2002:a05:6102:188c:b0:464:498f:3b6 with SMTP id ji12-20020a056102188c00b00464498f03b6mr4870448vsb.22.1702486274436; Wed, 13 Dec 2023 08:51:14 -0800 (PST) MIME-Version: 1.0 References: <432a89fafce11244287c8af757e73a2eb22a5354.1702339432.git.andreyknvl@google.com> In-Reply-To: From: Marco Elver Date: Wed, 13 Dec 2023 17:50:36 +0100 Message-ID: Subject: Re: [PATCH mm 2/4] kasan: handle concurrent kasan_record_aux_stack calls To: Andrey Konovalov Cc: andrey.konovalov@linux.dev, Andrew Morton , Alexander Potapenko , Dmitry Vyukov , Vlastimil Babka , kasan-dev@googlegroups.com, Evgenii Stepanov , Tetsuo Handa , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov , syzbot+186b55175d8360728234@syzkaller.appspotmail.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-8.4 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Wed, 13 Dec 2023 08:51:22 -0800 (PST) On Wed, 13 Dec 2023 at 15:40, Andrey Konovalov wrote= : > > On Tue, Dec 12, 2023 at 8:29=E2=80=AFPM Marco Elver wr= ote: > > > > > - stack_depot_put(alloc_meta->aux_stack[1]); > > > + new_handle =3D kasan_save_stack(0, depot_flags); > > > + > > > + spin_lock_irqsave(&aux_lock, flags); > > > > This is a unnecessary global lock. What's the problem here? As far as > > I can understand a race is possible where we may end up with > > duplicated or lost stack handles. > > Yes, this is the problem. And this leads to refcount underflows in the > stack depot code, as we fail to keep precise track of the stack > traces. > > > Since storing this information is best effort anyway, and bugs are > > rare, a global lock protecting this is overkill. > > > > I'd just accept the racyness and use READ_ONCE() / WRITE_ONCE() just > > to make sure we don't tear any reads/writes and the depot handles are > > valid. > > This will help with the potential tears but will not help with the > refcount issues. > > > There are other more complex schemes [1], but I think they are > > overkill as well. > > > > [1]: Since a depot stack handle is just an u32, we can have a > > > > union { > > depot_stack_handle_t handles[2]; > > atomic64_t atomic_handle; > > } aux_stack; > > (BUILD_BUG_ON somewhere if sizeof handles and atomic_handle mismatch.) > > > > Then in the code here create the same union and load atomic_handle. > > Swap handle[1] into handle[0] and write the new one in handles[1]. > > Then do a cmpxchg loop to store the new atomic_handle. > > This approach should work. If you prefer, I can do this instead of a spin= lock. > > But we do need some kind of atomicity while rotating the aux handles > to make sure nothing gets lost. Yes, I think that'd be preferable. Although note that not all 32-bit architectures have 64-bit atomics, so that may be an issue. Another alternative is to have a spinlock next to the aux_stack (it needs to be initialized properly). It'll use up a little more space, but that's for KASAN configs only, so I think it's ok. Certainly better than a global lock.