| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 15 May 2013 15:20:35 +0100 From: Mel Gorman <mgorman@...e.de> To: Zhang Yi <wetpzy@...il.com> Cc: linux-kernel@...r.kernel.org, 'Thomas Gleixner' <tglx@...utronix.de>, 'Darren Hart' <dvhart@...ux.intel.com>, 'Peter Zijlstra' <peterz@...radead.org>, 'Ingo Molnar' <mingo@...nel.org>, zhang.yi20@....com.cn Subject: Re: [PATCH] futex: bugfix for futex-key conflict when futex use hugepage On Wed, May 15, 2013 at 09:57:03PM +0800, Zhang Yi wrote: > The futex-keys of processes share futex determined by page-offset, > mapping-host, and mapping-index of the user space address. User > appications using hugepage for futex may lead to futex-key conflict. > > Assume there are two or more futexes in diffrent normal pages of the > hugepage, and each futex has the same offset in its normal page, > causing all the futexes have the same futex-key. > > This patch adds the normal page index in the compound page into > the pgoff of futex-key. > > Steps to reproduce the bug: > 1. The 1st thread map a file of hugetlbfs, and use the return address > as the 1st mutex's address, and use the return address with PAGE_SIZE > added as the 2nd mutex's address. > 2. The 1st thread initialize the two mutexes with pshared attribute, > and lock the two mutexes. > 3. The 1st thread create the 2nd thread, and the 2nd thread block on > the 1st mutex. > 4. The 1st thread create the 3rd thread, and the 3rd thread block on > the 2nd mutex. > 5. The 1st thread unlock the 2nd mutex, the 3rd thread cannot take > the 2nd mutex, and may block forever. > > > Signed-off-by: Zhang Yi <zhang.yi20@....com.cn> > Tested-by: Ma Chenggong <ma.chenggong@....com.cn> > Reviewed-by: Thomas Gleixner <tglx@...utronix.de> > Reviewed-by: Darren Hart <dvhart@...ux.intel.com> > Reviewed-by: Dave Hansen <dave.hansen@...ux.intel.com> > Reviewed-by: Mel Gorman <mgorman@...e.de> > Reviewed-by: Liu Dong <liu.dong3@....com.cn> > Reviewed-by: Cui Yunfeng <cui.yunfeng@....com.cn> > Reviewed-by: Lu Zhongjun <lu.zhongjun@....com.cn> > Reviewed-by: Jiang Biao <jiang.biao2@....com.cn> > Did all these people really review it? I just whinged about the last patch and didn't put a Reviewed-by on it. That said, I don't actually have a problem with this patch and I assumed it passed your testing so Reviewed-by: Mel Gorman <mgorman@...e.de> The others might not agree though. I note the conversion from int offset to long offset in futex_key appears to have gotten lost. Is that in a separate cleanup patch now? -- Mel Gorman SUSE Labs -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists