lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 1 Feb 2017 19:47:32 +0900
From:   Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To:     oleg@...hat.com
Cc:     dserrg@...il.com, snanda@...omium.org, rientjes@...gle.com,
        linux-kernel@...r.kernel.org
Subject: Question about replacing while_each_thread().

Hello.

I have a question about commit 0c740d0afc3bff0a ("introduce
for_each_thread() to replace the buggy while_each_thread()").

IOPRIO_WHO_USER case in sys_ioprio_set()/sys_ioprio_get() in block/ioprio.c
are using

  rcu_read_lock();
  do_each_thread(g, p) {
    (...snipped...)
  } while_each_thread(g, p);
  rcu_read_unlock();

sequence which is unsafe according to that commit, but
I'm not sure what the correct fix is.

That commit says

  The new for_each_thread(g, t) helper is always safe under
  rcu_read_lock() as long as this task_struct can't go away.

but what is the requirement for "can't go away" ?

Is rcu_read_lock() sufficient (i.e.

  rcu_read_lock();
  for_each_process_thread(g, p) {
    (...snipped...)
  }
  rcu_read_unlock();

is OK) for "can't go away" ?
Is tasklist_lock held for read or write required (i.e.

  read_lock(&tasklist_lock);
  for_each_process_thread(g, p) {
    (...snipped...)
  }
  read_unlock(&tasklist_lock);

is needed) for "can't go away" ?

I hope rcu_read_lock() is sufficient according to usage in
show_state_filter() and check_hung_uninterruptible_tasks().

Likewise, IOPRIO_WHO_PGRP case are using

  rcu_read_lock();
  do {
    if ((pgrp) != NULL)
      hlist_for_each_entry_rcu((p), &(pgrp)->tasks[PIDTYPE_PGID], pids[PIDTYPE_PGID].node) {
        {
          struct task_struct *tg___ = p;
          do {
            (...snipped...)
          } while_each_thread(tg___, p);
          p = tg___;
        }
        if (PIDTYPE_PGID == PIDTYPE_PID)
          break;
      }
  } while (0);
  rcu_read_unlock();

sequence which I guess it is unsafe as well.
In this case updating do_each_pid_thread() to use for_each_thread() and
updating while_each_pid_thread() not to use while_each_thread() is
the correct fix?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ