Revision c403f6a3a792a6601185497c12b0bdf4be880439 authored by Qian Cai on 15 August 2020, 00:31:53 UTC, committed by Linus Torvalds on 15 August 2020, 02:56:57 UTC
BUG: KCSAN: data-race in page_cpupid_xchg_last / put_page write (marked) to 0xfffffc0d48ec1a00 of 8 bytes by task 91442 on cpu 3: page_cpupid_xchg_last+0x51/0x80 page_cpupid_xchg_last at mm/mmzone.c:109 (discriminator 11) wp_page_reuse+0x3e/0xc0 wp_page_reuse at mm/memory.c:2453 do_wp_page+0x472/0x7b0 do_wp_page at mm/memory.c:2798 __handle_mm_fault+0xcb0/0xd00 handle_pte_fault at mm/memory.c:4049 (inlined by) __handle_mm_fault at mm/memory.c:4163 handle_mm_fault+0xfc/0x2f0 handle_mm_fault at mm/memory.c:4200 do_page_fault+0x263/0x6f9 do_user_addr_fault at arch/x86/mm/fault.c:1465 (inlined by) do_page_fault at arch/x86/mm/fault.c:1539 page_fault+0x34/0x40 read to 0xfffffc0d48ec1a00 of 8 bytes by task 94817 on cpu 69: put_page+0x15a/0x1f0 page_zonenum at include/linux/mm.h:923 (inlined by) is_zone_device_page at include/linux/mm.h:929 (inlined by) page_is_devmap_managed at include/linux/mm.h:948 (inlined by) put_page at include/linux/mm.h:1023 wp_page_copy+0x571/0x930 wp_page_copy at mm/memory.c:2615 do_wp_page+0x107/0x7b0 __handle_mm_fault+0xcb0/0xd00 handle_mm_fault+0xfc/0x2f0 do_page_fault+0x263/0x6f9 page_fault+0x34/0x40 Reported by Kernel Concurrency Sanitizer on: CPU: 69 PID: 94817 Comm: systemd-udevd Tainted: G W O L 5.5.0-next-20200204+ #6 Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 07/10/2019 A page never changes its zone number. The zone number happens to be stored in the same word as other bits which are modified, but the zone number bits will never be modified by any other write, so it can accept a reload of the zone bits after an intervening write and it don't need to use READ_ONCE(). Thus, annotate this data race using ASSERT_EXCLUSIVE_BITS() to also assert that there are no concurrent writes to it. Suggested-by: Marco Elver <elver@google.com> Signed-off-by: Qian Cai <cai@lca.pw> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Cc: Paul E. McKenney <paulmck@kernel.org> Cc: David Hildenbrand <david@redhat.com> Cc: Jan Kara <jack@suse.cz> Cc: John Hubbard <jhubbard@nvidia.com> Cc: Ira Weiny <ira.weiny@intel.com> Cc: Dan Williams <dan.j.williams@intel.com> Link: http://lkml.kernel.org/r/1581619089-14472-1-git-send-email-cai@lca.pw Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 parent 7e0cc01
dn_route.h
/* SPDX-License-Identifier: GPL-2.0-or-later */
#ifndef _NET_DN_ROUTE_H
#define _NET_DN_ROUTE_H
/******************************************************************************
(c) 1995-1998 E.M. Serrat emserrat@geocities.com
*******************************************************************************/
struct sk_buff *dn_alloc_skb(struct sock *sk, int size, gfp_t pri);
int dn_route_output_sock(struct dst_entry __rcu **pprt, struct flowidn *,
struct sock *sk, int flags);
int dn_cache_dump(struct sk_buff *skb, struct netlink_callback *cb);
void dn_rt_cache_flush(int delay);
int dn_route_rcv(struct sk_buff *skb, struct net_device *dev,
struct packet_type *pt, struct net_device *orig_dev);
/* Masks for flags field */
#define DN_RT_F_PID 0x07 /* Mask for packet type */
#define DN_RT_F_PF 0x80 /* Padding Follows */
#define DN_RT_F_VER 0x40 /* Version =0 discard packet if ==1 */
#define DN_RT_F_IE 0x20 /* Intra Ethernet, Reserved in short pkt */
#define DN_RT_F_RTS 0x10 /* Packet is being returned to sender */
#define DN_RT_F_RQR 0x08 /* Return packet to sender upon non-delivery */
/* Mask for types of routing packets */
#define DN_RT_PKT_MSK 0x06
/* Types of routing packets */
#define DN_RT_PKT_SHORT 0x02 /* Short routing packet */
#define DN_RT_PKT_LONG 0x06 /* Long routing packet */
/* Mask for control/routing selection */
#define DN_RT_PKT_CNTL 0x01 /* Set to 1 if a control packet */
/* Types of control packets */
#define DN_RT_CNTL_MSK 0x0f /* Mask for control packets */
#define DN_RT_PKT_INIT 0x01 /* Initialisation packet */
#define DN_RT_PKT_VERI 0x03 /* Verification Message */
#define DN_RT_PKT_HELO 0x05 /* Hello and Test Message */
#define DN_RT_PKT_L1RT 0x07 /* Level 1 Routing Message */
#define DN_RT_PKT_L2RT 0x09 /* Level 2 Routing Message */
#define DN_RT_PKT_ERTH 0x0b /* Ethernet Router Hello */
#define DN_RT_PKT_EEDH 0x0d /* Ethernet EndNode Hello */
/* Values for info field in hello message */
#define DN_RT_INFO_TYPE 0x03 /* Type mask */
#define DN_RT_INFO_L1RT 0x02 /* L1 Router */
#define DN_RT_INFO_L2RT 0x01 /* L2 Router */
#define DN_RT_INFO_ENDN 0x03 /* EndNode */
#define DN_RT_INFO_VERI 0x04 /* Verification Reqd. */
#define DN_RT_INFO_RJCT 0x08 /* Reject Flag, Reserved */
#define DN_RT_INFO_VFLD 0x10 /* Verification Failed, Reserved */
#define DN_RT_INFO_NOML 0x20 /* No Multicast traffic accepted */
#define DN_RT_INFO_BLKR 0x40 /* Blocking Requested */
/*
* The fl structure is what we used to look up the route.
* The rt_saddr & rt_daddr entries are the same as key.saddr & key.daddr
* except for local input routes, where the rt_saddr = fl.fld_dst and
* rt_daddr = fl.fld_src to allow the route to be used for returning
* packets to the originating host.
*/
struct dn_route {
struct dst_entry dst;
struct dn_route __rcu *dn_next;
struct neighbour *n;
struct flowidn fld;
__le16 rt_saddr;
__le16 rt_daddr;
__le16 rt_gateway;
__le16 rt_local_src; /* Source used for forwarding packets */
__le16 rt_src_map;
__le16 rt_dst_map;
unsigned int rt_flags;
unsigned int rt_type;
};
static inline bool dn_is_input_route(struct dn_route *rt)
{
return rt->fld.flowidn_iif != 0;
}
static inline bool dn_is_output_route(struct dn_route *rt)
{
return rt->fld.flowidn_iif == 0;
}
void dn_route_init(void);
void dn_route_cleanup(void);
#include <net/sock.h>
#include <linux/if_arp.h>
static inline void dn_rt_send(struct sk_buff *skb)
{
dev_queue_xmit(skb);
}
static inline void dn_rt_finish_output(struct sk_buff *skb, char *dst, char *src)
{
struct net_device *dev = skb->dev;
if ((dev->type != ARPHRD_ETHER) && (dev->type != ARPHRD_LOOPBACK))
dst = NULL;
if (dev_hard_header(skb, dev, ETH_P_DNA_RT, dst, src, skb->len) >= 0)
dn_rt_send(skb);
else
kfree_skb(skb);
}
#endif /* _NET_DN_ROUTE_H */
Computing file changes ...
