lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 29 Mar 2010 13:17:32 +0200
From:	Stanislaw Gruszka <sgruszka@...hat.com>
To:	Oleg Nesterov <oleg@...hat.com>
Cc:	Balbir Singh <balbir@...ux.vnet.ibm.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Americo Wang <xiyou.wangcong@...il.com>,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	Hidetoshi Seto <seto.hidetoshi@...fujitsu.com>,
	Ingo Molnar <mingo@...e.hu>,
	Peter Zijlstra <peterz@...radead.org>,
	Roland McGrath <roland@...hat.com>,
	Spencer Candland <spencer@...ehost.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [RFC,PATCH 1/2] cputimers/proc: do_task_stat()->task_times()
	can race with getrusage()

On Fri, Mar 26, 2010 at 10:49:06PM +0100, Oleg Nesterov wrote:
> As for do_task_stat()->thread_group_times(), I think we can make it
> rc-safe without breaking /bin/top.
> 
> 	1. add spin_lock_irqsave(&sig->cputimer.lock) around
> 	   sig->prev_Xtime = max(...)
The easiest way to avoid that races is move all calls to task_times()
and thread_group_times() inside ->siglock, but that's a bit crappy.

There is also another impossible race here. On 32-bit machines
reading/writing sum_exec_runtime is not atomic, IIRC ->siglock
protect about that as well.

> 	2. Add a couple of barriers into thread_group_cputime()
> 	   and __exit_signal() so that without ->siglock we can
> 	   never overestimate utime/stime if we race with exit.
> 
> 	   If we underestimate these values, this should be fine:
> 
> 	   - the error can't be "systematic", the next read from
> 	     /prod/pid/stat will see the updated values
> 
> 	   - the prev_Xtime logic in thread_group_times() ensures
> 	     the reported time can never go back.
> 
> 	   IOW: at worse, cat /proc/pid/stat can miss the time
> 	   which the exited thread spent on CPU after the previous
> 	   read of /proc/pid/stat. This looks absolutely harmless,
> 	   the next read will see this time.
> 
> 	   Probably we can even detect this case if we look at
> 	   sig->nr_threads and retry.
Races with __exit_signal() can lead to count Xtime values twice,
first: in tsk->Xtime, second: after task exits, in sig->Xtime. As now
we have sig->prev_Xtime, this no longer can break times monotonic,
but still accounting times twice can be problematic. For example let
assume, we have many threads and one, which consume 90% cpu-time of
the process, exits and is accounted twice. Then for long period
sig->prev_Xtime will show value that is much bigger than the estimated
value should be.

> I'll try to make patches unless someone has a better idea.
> 
> I just can't accept the fact that we are doing while_each_thread()
> under ->siglock here ;)
Problem is not only in do_task_stat(). We have couple other places
where we iterate over all threads with ->siglock taken. Maybe we can somehow
redesign things to avoid that. Maybe increase tsk>-signal->Xtime together
with tsk->Xtime is not so bad idea. I'm going to think about that.

Stanislaw
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ