lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 5 Feb 2015 17:27:25 +0100
From:	Peter Zijlstra <peterz@...radead.org>
To:	Oleg Nesterov <oleg@...hat.com>
Cc:	Darren Hart <darren@...art.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Jerome Marchand <jmarchan@...hat.com>,
	Larry Woodman <lwoodman@...hat.com>,
	Mateusz Guzik <mguzik@...hat.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 0/1] futex: check PF_KTHREAD rather than !p->mm to filter
 out kthreads

On Wed, Feb 04, 2015 at 09:25:09PM +0100, Oleg Nesterov wrote:
> > I'm not entire sure why we need two PF flags for this; once PF_EXITING
> > is set userspace is _dead_ and it doesn't make sense to keep adding
> > (futex) PI-state to the task.
> 
> This is what I _seem_ to understand: exit_robust_list(). Although I am
> not sure this all is by design...
> 
> And this is the reason why I still can't finish the patch. Perhaps I am
> totally confused, but I think there is yet another problem here.
> 
> Please forget about PF_EXIT.*. attach_to_pi_owner() returns -ESRCH if
> futex_find_get_task() and even this looks wrong. 

You'll have to help me out a little here; where do we unhash the PIDs?
>From what I can find we set PF_EXITING _before_ unhashing ourselves.

In fact, from what I can tell we only unhash after calling both
exit_robust_list and exit_pi_state_list.

> Because handle_futex_death()
> updates *uaddr lockless and does nothing if "pi". This means that the owner
> of PI + robust mutex can go away (or just set PF_EXITPIDONE) and the caller
> of futex_lock_pi() can miss unlock.
> 
> Peter, could you confirm that this problem does exist, or I missed something?

So as long as we unhash _last_ I can't see this happening, we'll always
find the task, the robust list walk doesn't care about PI state.

The exit_pi_state_list() will serialize against any concurrent attach
that might be in progress -- and we nkow there won't be a new one since
we've set PF_EXITING. And kill all the PI owners stuff.

But please, if you suspect, share a little more detail on how you see
this happening, this is not code I've looked at in detail before.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ