From: Pavel Machek <pavel@ucw.cz>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org,
Eric Dumazet <edumazet@google.com>,
syzbot <syzkaller@googlegroups.com>,
Jay Vosburgh <j.vosburgh@gmail.com>,
Veaceslav Falico <vfalico@gmail.com>,
"David S. Miller" <davem@davemloft.net>
Subject: Re: [PATCH 4.19 29/58] bonding: fix data-races around agg_select_timer
Date: Tue, 22 Feb 2022 16:35:28 +0100 [thread overview]
Message-ID: <20220222153528.GA27262@amd> (raw)
In-Reply-To: <20220221084912.825972694@linuxfoundation.org>
[-- Attachment #1: Type: text/plain, Size: 1019 bytes --]
Hi!
> syzbot reported that two threads might write over agg_select_timer
> at the same time. Make agg_select_timer atomic to fix the races.
Ok, but:
> --- a/drivers/net/bonding/bond_3ad.c
> +++ b/drivers/net/bonding/bond_3ad.c
> @@ -249,7 +249,7 @@ static inline int __check_agg_selection_
> if (bond == NULL)
> return 0;
>
> - return BOND_AD_INFO(bond).agg_select_timer ? 1 : 0;
> + return atomic_read(&BOND_AD_INFO(bond).agg_select_timer) ? 1 : 0;
> }
This could probably use !!.
> +static bool bond_agg_timer_advance(struct bonding *bond)
> +{
> + int val, nval;
> +
> + while (1) {
> + val = atomic_read(&BOND_AD_INFO(bond).agg_select_timer);
> + if (!val)
> + return false;
> + nval = val - 1;
> + if (atomic_cmpxchg(&BOND_AD_INFO(bond).agg_select_timer,
> + val, nval) == val)
> + break;
> + }
> + return nval == 0;
> +}
This should really be atomic_dec_if_positive, no?
Best regards,
Pavel
--
http://www.livejournal.com/~pavelmachek
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
next prev parent reply other threads:[~2022-02-22 15:36 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-21 8:48 [PATCH 4.19 00/58] 4.19.231-rc1 review Greg Kroah-Hartman
2022-02-21 8:48 ` [PATCH 4.19 01/58] Makefile.extrawarn: Move -Wunaligned-access to W=1 Greg Kroah-Hartman
2022-02-21 8:48 ` [PATCH 4.19 02/58] net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup Greg Kroah-Hartman
2022-02-21 8:48 ` [PATCH 4.19 03/58] serial: parisc: GSC: fix build when IOSAPIC is not set Greg Kroah-Hartman
2022-02-21 8:48 ` [PATCH 4.19 04/58] parisc: Fix data TLB miss in sba_unmap_sg Greg Kroah-Hartman
2022-02-21 8:48 ` [PATCH 4.19 05/58] parisc: Fix sglist access in ccio-dma.c Greg Kroah-Hartman
2022-02-21 8:48 ` [PATCH 4.19 06/58] btrfs: send: in case of IO error log it Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 07/58] net: ieee802154: at86rf230: Stop leaking skbs Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 08/58] selftests/zram: Skip max_comp_streams interface on newer kernel Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 09/58] selftests/zram01.sh: Fix compression ratio calculation Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 10/58] selftests/zram: Adapt the situation that /dev/zram0 is being used Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 11/58] ax25: improve the incomplete fix to avoid UAF and NPD bugs Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 12/58] vfs: make freeze_super abort when sync_filesystem returns error Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 13/58] quota: make dquot_quota_sync return errors from ->sync_fs Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 14/58] nvme: fix a possible use-after-free in controller reset during load Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 15/58] nvme-rdma: fix possible use-after-free in transport error_recovery work Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 16/58] Revert "module, async: async_synchronize_full() on module init iff async is used" Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 17/58] iwlwifi: fix use-after-free Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 18/58] drm/radeon: Fix backlight control on iMac 12,1 Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 19/58] xfrm: Dont accidentally set RTO_ONLINK in decode_session4() Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 20/58] taskstats: Cleanup the use of task->exit_code Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 21/58] mmc: block: fix read single on recovery logic Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 22/58] vsock: remove vsock from connected table when connect is interrupted by a signal Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 23/58] iwlwifi: pcie: fix locking when "HW not ready" Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 24/58] iwlwifi: pcie: gen2: " Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 25/58] net: dsa: lan9303: fix reset on probe Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 26/58] net: ieee802154: ca8210: Fix lifs/sifs periods Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 27/58] ping: fix the dif and sdif check in ping_lookup Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 28/58] drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 29/58] bonding: fix data-races around agg_select_timer Greg Kroah-Hartman
2022-02-22 15:35 ` Pavel Machek [this message]
2022-02-22 16:27 ` Eric Dumazet
2022-02-21 8:49 ` [PATCH 4.19 30/58] libsubcmd: Fix use-after-free for realloc(..., 0) Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 31/58] ALSA: hda: Fix regression on forced probe mask option Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 32/58] ALSA: hda: Fix missing codec probe on Shenker Dock 15 Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 33/58] ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 34/58] ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 35/58] powerpc/lib/sstep: fix ptesync build error Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 36/58] ext4: check for out-of-order index extents in ext4_valid_extent_entries() Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 37/58] block/wbt: fix negative inflight counter when remove scsi device Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 38/58] NFS: LOOKUP_DIRECTORY is also ok with symlinks Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 39/58] NFS: Do not report writeback errors in nfs_getattr() Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 40/58] mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 41/58] EDAC: Fix calculation of returned address and next offset in edac_align_ptr() Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 42/58] net: sched: limit TC_ACT_REPEAT loops Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 43/58] dmaengine: sh: rcar-dmac: Check for error num after setting mask Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 44/58] i2c: brcmstb: fix support for DSL and CM variants Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 45/58] mtd: rawnand: brcmnand: Refactored code to introduce helper functions Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 46/58] mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 47/58] Drivers: hv: vmbus: Expose monitor data only when monitor pages are used Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 48/58] Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 49/58] KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW Greg Kroah-Hartman
2022-02-22 15:37 ` Pavel Machek
2022-02-21 8:49 ` [PATCH 4.19 50/58] ARM: OMAP2+: hwmod: Add of_node_put() before break Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 51/58] irqchip/sifive-plic: Add missing thead,c900-plic match string Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 52/58] netfilter: conntrack: dont refresh sctp entries in closed state Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 53/58] arm64: dts: meson-gx: add ATF BL32 reserved-memory region Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 54/58] kconfig: let shell return enough output for deep path names Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 55/58] ata: libata-core: Disable TRIM on M88V29 Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 56/58] tracing: Fix tp_printk option related with tp_printk_stop_on_boot Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 57/58] net: usb: qmi_wwan: Add support for Dell DW5829e Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 58/58] net: macb: Align the dma and coherent dma masks Greg Kroah-Hartman
2022-02-21 12:17 ` [PATCH 4.19 00/58] 4.19.231-rc1 review Samuel Zou
2022-02-21 12:23 ` Pavel Machek
2022-02-21 14:16 ` Greg Kroah-Hartman
2022-02-21 17:44 ` Pavel Machek
2022-02-21 20:32 ` Slade Watkins
2022-02-21 21:18 ` Guenter Roeck
2022-02-21 21:38 ` Shuah Khan
2022-02-22 10:09 ` Naresh Kamboju
2022-02-22 12:02 ` Sudip Mukherjee
2022-02-22 14:34 ` Jeffrin Thalakkottoor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220222153528.GA27262@amd \
--to=pavel@ucw.cz \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=j.vosburgh@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=syzkaller@googlegroups.com \
--cc=vfalico@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox