lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 7 May 2015 13:08:28 +0200
From:	Ingo Molnar <mingo@...nel.org>
To:	Christian Borntraeger <borntraeger@...ibm.com>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	David Hildenbrand <dahi@...ux.vnet.ibm.com>,
	linux-kernel@...r.kernel.org, mingo@...hat.com,
	peterz@...radead.org, yang.shi@...driver.com,
	bigeasy@...utronix.de, benh@...nel.crashing.org, paulus@...ba.org,
	heiko.carstens@...ibm.com, schwidefsky@...ibm.com, mst@...hat.com,
	tglx@...utronix.de, David.Laight@...LAB.COM, hughd@...gle.com,
	hocko@...e.cz, ralf@...ux-mips.org, herbert@...dor.apana.org.au,
	linux@....linux.org.uk, airlied@...ux.ie, daniel.vetter@...el.com,
	linux-mm@...ck.org, linux-arch@...r.kernel.org
Subject: Re: [PATCH RFC 00/15] decouple pagefault_disable() from
 preempt_disable()


* Christian Borntraeger <borntraeger@...ibm.com> wrote:

> Am 07.05.2015 um 11:48 schrieb Ingo Molnar:
> > 
> > * Andrew Morton <akpm@...ux-foundation.org> wrote:
> > 
> >> On Wed,  6 May 2015 19:50:24 +0200 David Hildenbrand <dahi@...ux.vnet.ibm.com> wrote:
> >>
> >>> As Peter asked me to also do the decoupling in one shot, this is
> >>> the new series.
> >>>
> >>> I recently discovered that might_fault() doesn't call might_sleep()
> >>> anymore. Therefore bugs like:
> >>>
> >>>   spin_lock(&lock);
> >>>   rc = copy_to_user(...);
> >>>   spin_unlock(&lock);
> >>>
> >>> would not be detected with CONFIG_DEBUG_ATOMIC_SLEEP. The code was
> >>> changed to disable false positives for code like:
> >>>
> >>>   pagefault_disable();
> >>>   rc = copy_to_user(...);
> >>>   pagefault_enable();
> >>>
> >>> Whereby the caller wants do deal with failures.
> >>
> >> hm, that was a significant screwup.  I wonder how many bugs we
> >> subsequently added.
> > 
> > So I'm wondering what the motivation was to allow things like:
> > 
> >    pagefault_disable();
> >    rc = copy_to_user(...);
> >    pagefault_enable();
> > 
> > and to declare it a false positive?
> > 
> > AFAICS most uses are indeed atomic:
> > 
> >         pagefault_disable();
> >         ret = futex_atomic_cmpxchg_inatomic(curval, uaddr, uval, newval);
> >         pagefault_enable();
> > 
> > so why not make it explicitly atomic again?
> 
> Hmm, I am probably misreading that, but it sound as you suggest to go back
> to Davids first proposal
> https://lkml.org/lkml/2014/11/25/436
> which makes might_fault to also contain might_sleep. Correct?

Yes, but I'm wondering what I'm missing: is there any deep reason for 
making pagefaults-disabled sections non-atomic?

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ