Re: Question about data race related to kernel thread (e.g., irq handling).
10 views
Skip to first unread message
Dmitry Vyukov
Jun 19, 2018, 12:34:23 AM6/19/18
to DaeRyong Jeong, Byoungyoung Lee, Kyungtae Kim, syzk...@googlegroups.com, kt...@googlegroups.com, dvy...@google.com
On Mon, Jun 18, 2018 at 6:43 AM, DaeRyong Jeong <three...@gmail.com> wrote:
> Dear Dmitry Vyukov,
>
> This is Daeryong Jeong, working on RaceFuzzer at KAIST and Purdue University.
> We would like to first thank you for open-sourcing Syzkaller.
> We have learned a lot from Syzkaller and our RaceFuzzer is in fact
> developed based on Syzkaller.
>
> While we are working on RaceFuzzer, we found many race issues seem to
> be related to kernel threads handling irq/softirq/kworker
> ---i.e., at least one of two racing threads is not spawned due to the
> syscall but spawned due to the interrupt (or softirq queue popping).
> Here, our goal is to automatically figure out the root cause of such
> races (i.e., pinpoint racing instructions in the kernel).
>
> We would like to ask if you have observed any race issues in this category.
> If so, would you please point those bugs (it would be the best if it
> is a link to https://syzkaller.appspot.com/)?
+syzkaller and ktsan mailing lists
Hi Daeryong,
Thank you.
I don't have a ready list of such bugs. I definitely saw lots of bugs
caused by races, but I am not sure what percent of them involved
interrupts.
One easy way to locate them is to look for use-after-free bugs with
use and free stacks in different tasks/interrupts.
Another indication of races is threaded reproducers, however, of
course, it does not mean that they involve interrupts.
Btw, are you aware of KTSAN? It a kernel data race detector, as far as
I remember it is capable of detecting races between a task and
interrupt too:
https://github.com/google/ktsan/wiki
--
Dmitry Vyukov
All about lockfree/waitfree algorithms, multicore, scalability,
parallel computing and related topics:
http://www.1024cores.net
> Dear Dmitry Vyukov,
>
> This is Daeryong Jeong, working on RaceFuzzer at KAIST and Purdue University.
> We would like to first thank you for open-sourcing Syzkaller.
> We have learned a lot from Syzkaller and our RaceFuzzer is in fact
> developed based on Syzkaller.
>
> While we are working on RaceFuzzer, we found many race issues seem to
> be related to kernel threads handling irq/softirq/kworker
> ---i.e., at least one of two racing threads is not spawned due to the
> syscall but spawned due to the interrupt (or softirq queue popping).
> Here, our goal is to automatically figure out the root cause of such
> races (i.e., pinpoint racing instructions in the kernel).
>
> We would like to ask if you have observed any race issues in this category.
> If so, would you please point those bugs (it would be the best if it
> is a link to https://syzkaller.appspot.com/)?
+syzkaller and ktsan mailing lists
Hi Daeryong,
Thank you.
I don't have a ready list of such bugs. I definitely saw lots of bugs
caused by races, but I am not sure what percent of them involved
interrupts.
One easy way to locate them is to look for use-after-free bugs with
use and free stacks in different tasks/interrupts.
Another indication of races is threaded reproducers, however, of
course, it does not mean that they involve interrupts.
Btw, are you aware of KTSAN? It a kernel data race detector, as far as
I remember it is capable of detecting races between a task and
interrupt too:
https://github.com/google/ktsan/wiki
--
Dmitry Vyukov
All about lockfree/waitfree algorithms, multicore, scalability,
parallel computing and related topics:
http://www.1024cores.net
DaeRyong Jeong
Jun 20, 2018, 12:27:26 AM6/20/18
to Dmitry Vyukov, Byoungyoung Lee, Kyungtae Kim, syzk...@googlegroups.com, kt...@googlegroups.com, dvy...@google.com
Thank you for your reply.
I looked into the bugs list found by KTSAN.
I have figured out that bugs found by KTSAN are useful for
studying and understanding race bugs in the kernel.
For example, one of the race bugs
(https://lkml.org/lkml/2015/7/22/293)
was caused by a race between irq and kworkder threads.
This bug is exactly what we want to know.
Your comment helps us a lot.
Again, Thank you.
Best regards,
Daeryong Jeong.
I looked into the bugs list found by KTSAN.
I have figured out that bugs found by KTSAN are useful for
studying and understanding race bugs in the kernel.
For example, one of the race bugs
(https://lkml.org/lkml/2015/7/22/293)
was caused by a race between irq and kworkder threads.
This bug is exactly what we want to know.
Your comment helps us a lot.
Again, Thank you.
Best regards,
Daeryong Jeong.
Reply all
Reply to author
Forward
0 new messages