lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 16 Aug 2010 13:25:14 +0200
From:	Peter Zijlstra <peterz@...radead.org>
To:	Salman Qazi <sqazi@...gle.com>
Cc:	paulmck@...ibm.com, nickpiggin@...oo.com.au,
	akpm@...ux-foundation.org, linux-kernel@...r.kernel.org,
	adurbin@...gle.com
Subject: Re: [PATCH] Fixed a mismatch between the users of radix_tree and
 the implementation.

On Fri, 2010-08-13 at 00:20 -0700, Salman Qazi wrote:
> This matters for the lockless page cache, in particular find_get_pages implementation.
> 
> In the following case, we get can get a deadlock:
> 
>     0.  The radix tree contains two items, one has the index 0.
>     1.  The reader (in this case find_get_pages) takes the rcu_read_lock.
>     2.  The reader acquires slot(s) for item(s) including the index 0 item.
>     3.  The non-zero index item is deleted, and as a consequence the other item
>         is moved to the root of the tree.  The place where it used to be is
>         queued for deletion after the readers finish.
>     4.  The reader looks at the index 0 slot, and finds that the page has 0 ref count
>     5.  The reader looks at it again, hoping that the item will either be freed
>         or the ref count will increase.  This never happens, as the slot it
>         is looking at will never be updated.  Also, this slot can never be reclaimed
>         because the reader is holding rcu_read_lock and is in an infinite loop.
> 
> This can be reproduced with reliably by running dbench followed by compilebench under
> autotest.  I have not been able to construct a small targeted repro case.
> 
> There is also a similar potential issue with insertion.  Storing the first
> element in the root and then moving it to a new slot on insertion of a
> second element would potentially lead to a similar problem.
> 
> Both of these issues have been fixed in this change.

Your changelog fails to mention how you fixed it.. 

It also reminds me how much I hate that height hack, I really should get
path-compression working some day...

http://programming.kicks-ass.net/kernel-patches/concurrent-pagecache/23-rc1-rt/radix-tree-path-compression.patch


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ