* [PATCH] fs: annotate suspected data race between poll_schedule_timeout() and pollwake()
@ 2025-06-20 6:30 Dmitry Antipov
2025-06-20 15:38 ` Jan Kara
2025-06-23 10:37 ` Christian Brauner
0 siblings, 2 replies; 3+ messages in thread
From: Dmitry Antipov @ 2025-06-20 6:30 UTC (permalink / raw)
To: Alexander Viro, Christian Brauner, Jan Kara; +Cc: linux-fsdevel, Dmitry Antipov
When running almost any select()/poll() workload intense enough,
KCSAN is likely to report data races around using 'triggered' flag
of 'struct poll_wqueues'. For example, running 'find /' on a tty
console may trigger the following:
BUG: KCSAN: data-race in poll_schedule_timeout / pollwake
write to 0xffffc900030cfb90 of 4 bytes by task 97 on cpu 5:
pollwake+0xd1/0x130
__wake_up_common_lock+0x7f/0xd0
n_tty_receive_buf_common+0x776/0xc30
n_tty_receive_buf2+0x3d/0x60
tty_ldisc_receive_buf+0x6b/0x100
tty_port_default_receive_buf+0x63/0xa0
flush_to_ldisc+0x169/0x3c0
process_scheduled_works+0x6fe/0xf40
worker_thread+0x53b/0x7b0
kthread+0x4f8/0x590
ret_from_fork+0x28c/0x450
ret_from_fork_asm+0x1a/0x30
read to 0xffffc900030cfb90 of 4 bytes by task 5802 on cpu 4:
poll_schedule_timeout+0x96/0x160
do_sys_poll+0x966/0xb30
__se_sys_ppoll+0x1c3/0x210
__x64_sys_ppoll+0x71/0x90
x64_sys_call+0x3079/0x32b0
do_syscall_64+0xfa/0x3b0
entry_SYSCALL_64_after_hwframe+0x77/0x7f
According to Jan, "there's no practical issue here because it is hard
to imagine how the compiler could compile the above code using some
intermediate values stored into 'triggered' or multiple fetches from
'triggered'". Nevertheless, silence KCSAN by using WRITE_ONCE() in
__pollwake() and READ_ONCE() in poll_schedule_timeout(), respectively.
Link: https://lore.kernel.org/linux-fsdevel/bwx72orsztfjx6aoftzzkl7wle3hi4syvusuwc7x36nw6t235e@bjwrosehblty
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
---
fs/select.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/select.c b/fs/select.c
index 9fb650d03d52..082cf60c7e23 100644
--- a/fs/select.c
+++ b/fs/select.c
@@ -192,7 +192,7 @@ static int __pollwake(wait_queue_entry_t *wait, unsigned mode, int sync, void *k
* and is paired with smp_store_mb() in poll_schedule_timeout.
*/
smp_wmb();
- pwq->triggered = 1;
+ WRITE_ONCE(pwq->triggered, 1);
/*
* Perform the default wake up operation using a dummy
@@ -237,7 +237,7 @@ static int poll_schedule_timeout(struct poll_wqueues *pwq, int state,
int rc = -EINTR;
set_current_state(state);
- if (!pwq->triggered)
+ if (!READ_ONCE(pwq->triggered))
rc = schedule_hrtimeout_range(expires, slack, HRTIMER_MODE_ABS);
__set_current_state(TASK_RUNNING);
--
2.49.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] fs: annotate suspected data race between poll_schedule_timeout() and pollwake()
2025-06-20 6:30 [PATCH] fs: annotate suspected data race between poll_schedule_timeout() and pollwake() Dmitry Antipov
@ 2025-06-20 15:38 ` Jan Kara
2025-06-23 10:37 ` Christian Brauner
1 sibling, 0 replies; 3+ messages in thread
From: Jan Kara @ 2025-06-20 15:38 UTC (permalink / raw)
To: Dmitry Antipov; +Cc: Alexander Viro, Christian Brauner, Jan Kara, linux-fsdevel
On Fri 20-06-25 09:30:59, Dmitry Antipov wrote:
> When running almost any select()/poll() workload intense enough,
> KCSAN is likely to report data races around using 'triggered' flag
> of 'struct poll_wqueues'. For example, running 'find /' on a tty
> console may trigger the following:
>
> BUG: KCSAN: data-race in poll_schedule_timeout / pollwake
>
> write to 0xffffc900030cfb90 of 4 bytes by task 97 on cpu 5:
> pollwake+0xd1/0x130
> __wake_up_common_lock+0x7f/0xd0
> n_tty_receive_buf_common+0x776/0xc30
> n_tty_receive_buf2+0x3d/0x60
> tty_ldisc_receive_buf+0x6b/0x100
> tty_port_default_receive_buf+0x63/0xa0
> flush_to_ldisc+0x169/0x3c0
> process_scheduled_works+0x6fe/0xf40
> worker_thread+0x53b/0x7b0
> kthread+0x4f8/0x590
> ret_from_fork+0x28c/0x450
> ret_from_fork_asm+0x1a/0x30
>
> read to 0xffffc900030cfb90 of 4 bytes by task 5802 on cpu 4:
> poll_schedule_timeout+0x96/0x160
> do_sys_poll+0x966/0xb30
> __se_sys_ppoll+0x1c3/0x210
> __x64_sys_ppoll+0x71/0x90
> x64_sys_call+0x3079/0x32b0
> do_syscall_64+0xfa/0x3b0
> entry_SYSCALL_64_after_hwframe+0x77/0x7f
>
> According to Jan, "there's no practical issue here because it is hard
> to imagine how the compiler could compile the above code using some
> intermediate values stored into 'triggered' or multiple fetches from
> 'triggered'". Nevertheless, silence KCSAN by using WRITE_ONCE() in
> __pollwake() and READ_ONCE() in poll_schedule_timeout(), respectively.
>
> Link: https://lore.kernel.org/linux-fsdevel/bwx72orsztfjx6aoftzzkl7wle3hi4syvusuwc7x36nw6t235e@bjwrosehblty
> Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Looks good. Feel free to add:
Reviewed-by: Jan Kara <jack@suse.cz>
Honza
> ---
> fs/select.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/fs/select.c b/fs/select.c
> index 9fb650d03d52..082cf60c7e23 100644
> --- a/fs/select.c
> +++ b/fs/select.c
> @@ -192,7 +192,7 @@ static int __pollwake(wait_queue_entry_t *wait, unsigned mode, int sync, void *k
> * and is paired with smp_store_mb() in poll_schedule_timeout.
> */
> smp_wmb();
> - pwq->triggered = 1;
> + WRITE_ONCE(pwq->triggered, 1);
>
> /*
> * Perform the default wake up operation using a dummy
> @@ -237,7 +237,7 @@ static int poll_schedule_timeout(struct poll_wqueues *pwq, int state,
> int rc = -EINTR;
>
> set_current_state(state);
> - if (!pwq->triggered)
> + if (!READ_ONCE(pwq->triggered))
> rc = schedule_hrtimeout_range(expires, slack, HRTIMER_MODE_ABS);
> __set_current_state(TASK_RUNNING);
>
> --
> 2.49.0
>
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] fs: annotate suspected data race between poll_schedule_timeout() and pollwake()
2025-06-20 6:30 [PATCH] fs: annotate suspected data race between poll_schedule_timeout() and pollwake() Dmitry Antipov
2025-06-20 15:38 ` Jan Kara
@ 2025-06-23 10:37 ` Christian Brauner
1 sibling, 0 replies; 3+ messages in thread
From: Christian Brauner @ 2025-06-23 10:37 UTC (permalink / raw)
To: Dmitry Antipov; +Cc: Christian Brauner, linux-fsdevel, Alexander Viro, Jan Kara
On Fri, 20 Jun 2025 09:30:59 +0300, Dmitry Antipov wrote:
> When running almost any select()/poll() workload intense enough,
> KCSAN is likely to report data races around using 'triggered' flag
> of 'struct poll_wqueues'. For example, running 'find /' on a tty
> console may trigger the following:
>
> BUG: KCSAN: data-race in poll_schedule_timeout / pollwake
>
> [...]
Applied to the vfs-6.17.misc branch of the vfs/vfs.git tree.
Patches in the vfs-6.17.misc branch should appear in linux-next soon.
Please report any outstanding bugs that were missed during review in a
new review to the original patch series allowing us to drop it.
It's encouraged to provide Acked-bys and Reviewed-bys even though the
patch has now been applied. If possible patch trailers will be updated.
Note that commit hashes shown below are subject to change due to rebase,
trailer updates or similar. If in doubt, please check the listed branch.
tree: https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git
branch: vfs-6.17.misc
[1/1] fs: annotate suspected data race between poll_schedule_timeout() and pollwake()
https://git.kernel.org/vfs/vfs/c/2b7c9664c3ce
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-06-23 10:37 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-06-20 6:30 [PATCH] fs: annotate suspected data race between poll_schedule_timeout() and pollwake() Dmitry Antipov
2025-06-20 15:38 ` Jan Kara
2025-06-23 10:37 ` Christian Brauner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).