| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 8 Jan 2007 18:56:38 +0300 From: Oleg Nesterov <oleg@...sign.ru> To: Srivatsa Vaddagiri <vatsa@...ibm.com> Cc: Andrew Morton <akpm@...l.org>, David Howells <dhowells@...hat.com>, Christoph Hellwig <hch@...radead.org>, Ingo Molnar <mingo@...e.hu>, Linus Torvalds <torvalds@...l.org>, linux-kernel@...r.kernel.org, Gautham shenoy <ego@...ibm.com> Subject: Re: [PATCH] fix-flush_workqueue-vs-cpu_dead-race-update On 01/08, Srivatsa Vaddagiri wrote: > > On Mon, Jan 08, 2007 at 12:51:03AM +0300, Oleg Nesterov wrote: > > Change flush_workqueue() to use for_each_possible_cpu(). This means that > > flush_cpu_workqueue() may hit CPU which is already dead. However in that > > case > > > > if (!list_empty(&cwq->worklist) || cwq->current_work != NULL) > > > > means that CPU_DEAD in progress, it will do kthread_stop() + take_over_work() > > so we can proceed and insert a barrier. We hold cwq->lock, so we are safe. > > > > This patch replaces fix-flush_workqueue-vs-cpu_dead-race.patch which was > > broken by switching to preempt_disable (now we don't need locking at all). > > Note that migrate_sequence (was hotplug_sequence) is incremented under > > cwq->lock. Since flush_workqueue does lock/unlock of cwq->lock on all CPUs, > > it must see the new value if take_over_work() happened before we checked > > this cwq, and this is the case we should worry about: otherwise we added > > a barrier. > > > > Srivatsa? > > This is head-spinning :) Thank you for review! > Spotted atleast these problems: > > 1. run_workqueue()->work.func()->flush_work()->mutex_lock(workqueue_mutex) > deadlocks if we are blocked in cleanup_workqueue_thread()->kthread_stop() > for the same worker thread to exit. > > Looks possible in practice to me. Yes, this is the same (old) problem as we have/had with flush_workqueue(). We can convert flush_work() to use preempt_disable (this is not straightforward, but easy), or forbid to call flush_work() from work.func(). This patch doesn't touch this problem. > 2. > > CPU_DEAD->cleanup_workqueue_thread->(cwq->thread = NULL)->kthread_stop() .. > ^^^^^^^^^^^^^^^^^^^^ > |___ Problematic Hmm... This should not be possible? cwq->thread != NULL on CPU_DEAD event. Event IF it was NULL, we don't call kthread_stop() in that case. > Now while we are blocked here, if a work->func() calls > flush_workqueue->flush_cpu_workqueue, we clearly cant identify that event > thread is trying to flush its own queue (cwq->thread == current test > fails) and hence we will deadlock. Could you clarify? I believe cwq->thread == current test always works, we never "substitute" cwq->thread. > A lock_cpu_hotplug(), or any other ability to block concurrent hotplug > operations from happening, in run_workqueue would have avoided both the above > races. I still don't think this is a good idea. We also need is_cpu_down_waits_for_lock_cpu_hotplug() helper, otherwise we have a deadlock if work->func() sleeps and re-queues itself. > Alternatively, for the second race, I guess we can avoid setting > cwq->thread = NULL in cleanup_workqueue_thread() till the thread has exited, Yes, http://marc.theaimsgroup.com/?l=linux-kernel&m=116818097927685, I believe we can do this later. This way workqueue will have almost zero interaction with cpu-hotplug, and cpu UP/DOWN event won't be delayed by sleeping work.func(). take_over_work() can go away, this also allows us to simplify things. Thanks! Oleg. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists