28-Aug-2020: Analysis and fixing of race condition warnings in the Linux kernel

Submitted by Vadim Mutilin on Fri, 28/08/2020 - 10:32

Madhuparna Bhowmik has finished the GSoC 2020 Project “Analysis and fixing of race condition warnings in the Linux kernel” for The Linux Foundation. The project involved using Klever interface for finding the race condition related bugs in the v4.18 of the Linux Kernel, and most of them were still present in the latest kernel release which is v5.9. Out of the 301 traces analyzed around 44 of them were either Actual Bugs or Benign bugs. This gives a true positive rate of 14.6%.

Madhuparna is a final year undergraduate student studying at National Institute of Technology Karnataka. She started learning about the Linux Kernel and working with the Linux Community from October 2019. She has previously worked on fixing RCU list API related bugs as part of the Linux Kernel Mentorship Program. Madhuparna plans to continue working with the Linux Community and aspire to become a Linux Kernel developer in the future.

The GSoC project involved analyzing over 300 traces having possible bugs due to race conditions in the device drivers in the Linux kernel. The true bugs identified from the traces were reported to the maintainers and the student also sent patches fixing some of the bugs. The rest of the traces were false positives and were classified based on the kind of error made by the tool so that the tool can be improved based on this.

Overall 28 true positive warnings were identified and 18 of them were successfully fixed. The rest of the bugs either are in obsolete drivers or there was no response from the maintainers. Since some of the bugs were because of different variables in the same driver, they were all fixed by one patch for the corresponding driver.

GSoC 2020 was for a period of 3 months and the student equally divided her work during this time. She analyzed 100 traces for each GSoC evaluation thus completing a total of 300. Since she was busy during the first month of GSoC she had done most of the work earlier and had 4 accepted patches. During the second month, Madhuparna mostly worked on filtering out the false positives which were a huge portion of the work. In the last month, she worked on the remaining bugs and 4 more patches were accepted with many other patches and bug reports sent during this period.

As Madhuparna worked on the project she identified many areas of improvement for the Klever tool. It involves improving the specification and correcting some of the wrong ones. Automatically marking patches that involve read access only in a print function as benign. These can be taken up as a future project along with some general improvements for the Klever Interface. One such example is having a search bar for searching for traces based on driver names. Anyway, the tool was very helpful in keeping track of the traces and provided precise information about the variables and function names. The feature of viewing the code using the eye-shaped button was also very useful for quick reference. It also has information about when something is registered like Interrupt handler registered and then when it is invoked. It also has the feature of automatically assigning tags to similar traces, which is in general helpful but caused some problems at times.

Madhuparna expresses her gratitude to all her mentors: Vadim Mutilin, Alexey Khoroshilov and especially to Pavel Andrianov. Communication over emails and discussion of various cases involving general discussion about the doubts, bug reports, reviews the patches were very helpful.

Accepted Patches:

  1. usb: host: u132-hcd: Remove u132_static_list and list head u132_list
  2. drivers: char: tlclk.c: Avoid data race between init and interrupt handler
  3. drivers: dma: pch_dma.c: Avoid data race between probe and irq handler
  4. rapidio: Avoid data race between file operation callbacks and mport_cdev_add()
  5. drivers: watchdog: rdc321x_wdt: Fix race condition bugs
  6. drivers: crypto: picoxcell_crypto: Fix potential race condition bug
  7. drivers: mmc: host: via-sdmmc: Fix data race bug
  8. drivers/dma/dma-jz4780: Fix race condition between probe and irq handler

Other Patches:

  1. drivers: isdn: capi: Fix data-race bug - Unavoidable data race
  2. drivers: char: applicom.c: Add lock for protecting DeviceErrorCount - Mostly benign as the variable is used for keeping track of number of errors
  3. drivers: watchdog: pc87413_wdt: Fix Race condition bug - Obsolete driver
  4. usb/c67x00/c67x00-drv: Fix Data Race bug - No response