| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 15 Sep 2008 00:02:08 +0200 From: Nick Piggin <npiggin@...e.de> To: Ingo Molnar <mingo@...e.hu> Cc: Peter Zijlstra <a.p.zijlstra@...llo.nl>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Greg Kroah-Hartman <gregkh@...e.de>, Andrew Morton <akpm@...ux-foundation.org> Subject: Re: [PATCH] sysfs: fix deadlock On Fri, Sep 12, 2008 at 11:24:11AM +0200, Ingo Molnar wrote: > > [ Greg, please see the sysfs fix further below. ] > > * Nick Piggin <npiggin@...e.de> wrote: > > > > - moved the might_sleep() check outside the in_atomic() check, > > > > Hmm... but then it has the same failure case again in the is_preempt() > > code, does it not? > > > > I guess we should just convert that guy to either use get_user_atomic, > > (which would mean implementing that for x86), or use > > copy_from_user_inatomic. > > i've done the v3 patch below - that seems to have passed all my testing > without any new bugs found. I've reinstated your the clear_user() > might_fault() check, plus i removed it from __[get|put]_user_size, which > the _inatomic() API variants use. That enabled me to utilize the > _inatomic() API in probe_kernel_address(). > > we still have the checks in put_user()/get_user() and in all the > copy_*_user() APIs, which should be strong enough. [ I havent fully > checked whether __get_user_size() might be used by some less frequent > API - if it is then that API should grow a might_fault() check. ] > > > > i've attached the config. > > > > > > at first sight it looks like a genuine bug in fs/sysfs/bin.c? > > > > Yes, it is a real bug by the looks. bin.c takes bb->mutex under > > mmap_sem when it is mmapped, and then does its copy_*_user under > > bb->mutex too. > > ok - second patch attached below, Greg, could you please apply? This is > for v2.6.27 too i think. > > > > i.e. your patches are working as expected and the extended > > > validation mechanism is finding real bugs :-) > > > > Yeah it's nice. I'm just hoping we don't come across one that is as > > difficult to fix as prepare_write/commit_write were ;) > > > > Here is a basic fix for the sysfs lor. > > and that did the trick here - the patch with a tidied up changelog is > attached further below. [ the second patch is standalone and does not > need the first patch which is relative to tip/master ] > > thanks Nick, i think this is a great addition to lockdep! It already > found two real locking bugs within a day. If you can think of any other > proactive methods to widen our lock hierarchy knowledge that would be > great to add. I think what we want is to insert knowledge about other > unlikely lock acquire events, for locks that have a historic pattern of > producing regular locking bugs. Well thanks to Peter as well. Actually I don't suppose this will throw off the lockstat statistics a bit? (although I guess serious lockstat profiling might not have prove locking turned on?). The user fault I guess is the main thing like this in the VM that I can think of. The user fault I guess is the main thing like this in the VM that I can think of. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists