Re: [syzbot] [kernel?] KCSAN: data-race in do_timer_create / do_timer_create (8)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Thomas Gleixner <tglx@linutronix.de>
To: Dmitry Vyukov <dvyukov@google.com>,
	syzbot <syzbot+5c54bd3eb218bb595aa9@syzkaller.appspotmail.com>
Cc: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com,
	Marco Elver <elver@google.com>
Subject: Re: [syzbot] [kernel?] KCSAN: data-race in do_timer_create / do_timer_create (8)
Date: Sat, 22 Apr 2023 00:36:45 +0200	[thread overview]
Message-ID: <87cz3w277m.ffs@tglx> (raw)
In-Reply-To: <CACT4Y+b2Bf6N=Wto686X=BJsjhpDJw7Xm4yJtszgxCSogX+0-g@mail.gmail.com>

On Fri, Apr 21 2023 at 16:49, Dmitry Vyukov wrote:
> int first_free_id = sig->posix_timer_id;
>
> runs concurrently with:
>
> if (++sig->posix_timer_id < 0)
>     sig->posix_timer_id = 0;
> if ((sig->posix_timer_id == first_free_id) && (ret == -ENOENT))
>     /* Loop over all possible ids completed */
>     ret = -EAGAIN;
>
> I am not sure how important/realistic this wrap-around handling is,
> but as the result of the race first_free_id can be negative (if it
> reads the value at just the right moment). Then wrap-around will never
> be detected and the loop will loop forever uninterruptably.

It's probably not that problematic, but that code is silly for other
reasons. I'll have a look.

Thanks,

        tglx

     prev parent reply	other threads:[~2023-04-21 22:38 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-04-21 14:34 [syzbot] [kernel?] KCSAN: data-race in do_timer_create / do_timer_create (8) syzbot
2023-04-21 14:49 ` Dmitry Vyukov
2023-04-21 22:36   ` Thomas Gleixner [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87cz3w277m.ffs@tglx \
    --to=tglx@linutronix.de \
    --cc=dvyukov@google.com \
    --cc=elver@google.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzbot+5c54bd3eb218bb595aa9@syzkaller.appspotmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.