| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 Aug 2019 11:22:23 +0200
From: Jan Kara <jack@...e.cz>
To: Thomas Gleixner <tglx@...utronix.de>
Cc: LKML <linux-kernel@...r.kernel.org>,
Peter Zijlstra <peterz@...radead.org>,
Ingo Molnar <mingo@...nel.org>,
Sebastian Siewior <bigeasy@...utronix.de>,
Anna-Maria Gleixner <anna-maria@...utronix.de>,
Steven Rostedt <rostedt@...dmis.org>,
Julia Cartwright <julia@...com>, Jan Kara <jack@...e.com>,
linux-ext4@...r.kernel.org, Theodore Tso <tytso@....edu>,
Jan Kara <jack@...e.cz>, Matthew Wilcox <willy@...radead.org>,
Alexander Viro <viro@...iv.linux.org.uk>,
linux-fsdevel@...r.kernel.org, Mark Fasheh <mark@...heh.com>,
Joseph Qi <joseph.qi@...ux.alibaba.com>,
Joel Becker <jlbec@...lplan.org>
Subject: Re: [patch V2 7/7] fs/jbd2: Free journal head outside of locked
region
On Thu 01-08-19 03:01:33, Thomas Gleixner wrote:
> On PREEMPT_RT bit-spinlocks have the same semantics as on PREEMPT_RT=n,
> i.e. they disable preemption. That means functions which are not safe to be
> called in preempt disabled context on RT trigger a might_sleep() assert.
>
> The journal head bit spinlock is mostly held for short code sequences with
> trivial RT safe functionality, except for one place:
>
> jbd2_journal_put_journal_head() invokes __journal_remove_journal_head()
> with the journal head bit spinlock held. __journal_remove_journal_head()
> invokes kmem_cache_free() which must not be called with preemption disabled
> on RT.
>
> Jan suggested to rework the removal function so the actual free happens
> outside the bit-spinlocked region.
>
> Split it into two parts:
>
> - Do the sanity checks and the buffer head detach under the lock
>
> - Do the actual free after dropping the lock
>
> There is error case handling in the free part which needs to dereference
> the b_size field of the now detached buffer head. Due to paranoia (caused
> by ignorance) the size is retrieved in the detach function and handed into
> the free function. Might be over-engineered, but better safe than sorry.
>
> This makes the journal head bit-spinlock usage RT compliant and also avoids
> nested locking which is not covered by lockdep.
>
> Suggested-by: Jan Kara <jack@...e.com>
> Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
> Cc: linux-ext4@...r.kernel.org
> Cc: "Theodore Ts'o" <tytso@....edu>
> Cc: Jan Kara <jack@...e.com>
Looks mostly good. Just a small suggestion for simplification below:
> @@ -2559,11 +2568,14 @@ void jbd2_journal_put_journal_head(struc
> J_ASSERT_JH(jh, jh->b_jcount > 0);
> --jh->b_jcount;
> if (!jh->b_jcount) {
> - __journal_remove_journal_head(bh);
> + size_t b_size = __journal_remove_journal_head(bh);
> +
> jbd_unlock_bh_journal_head(bh);
> + journal_release_journal_head(jh, b_size);
> __brelse(bh);
The bh is pinned until you call __brelse(bh) above and bh->b_size doesn't
change during the lifetime of the buffer. So there's no need of
fetching bh->b_size in __journal_remove_journal_head() and passing it back.
You can just:
journal_release_journal_head(jh, bh->b_size);
> - } else
> + } else {
> jbd_unlock_bh_journal_head(bh);
> + }
> }
>
Honza
--
Jan Kara <jack@...e.com>
SUSE Labs, CR
Powered by blists - more mailing lists