lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 03 Dec 2006 21:34:12 +0100
From:	Eric Dumazet <dada1@...mosbay.com>
To:	Oleg Nesterov <oleg@...sign.ru>
Cc:	"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>,
	Dipankar Sarma <dipankar@...ibm.com>,
	Andrew Morton <akpm@...l.org>,
	Alan Stern <stern@...land.harvard.edu>,
	linux-kernel@...r.kernel.org
Subject: Re: PATCH? rcu_do_batch: fix a pure theoretical memory ordering race

Oleg Nesterov a écrit :
> On 12/03, Eric Dumazet wrote:
>> Oleg Nesterov a ?crit :
>>> On top of rcu-add-a-prefetch-in-rcu_do_batch.patch
>>>
>>> rcu_do_batch:
>>>
>>> 	struct rcu_head *next, *list;
>>>
>>> 	while (list) {
>>> 		next = list->next;	<------ [1]
>>> 		list->func(list);
>>> 		list = next;
>>> 	}
>>>
>>> We can't trust *list after list->func() call, that is why we load 
>>> list->next
>>> beforehand. However I suspect in theory this is not enough, suppose that
>>>
>>> 	- [1] is stalled
>>>
>>> 	- list->func() marks *list as unused in some way
>>>
>>> 	- another CPU re-uses this rcu_head and dirties it
>>>
>>> 	- [1] completes and gets a wrong result
>>>
>>> This means we need a barrier in between. mb() looks more suitable, but I 
>>> think
>>> rmb() should suffice.
>>>
>> Well, hopefully the "list->func()" MUST do the right thing [*], so your 
>> patch is not necessary.
> 
> Yes, I don't claim it is necessary, note the "pure theoretical".
> 
>> For example, most structures are freed with kfree()/kmem_cache_free() and 
>> these functions MUST imply an smp_mb() [if/when exchanging data with other 
>> cpus], or else many uses in the kernel should be corrected as well.
> 
> Yes, mb() is enough (wmb() isn't) and kfree()/kmem_cache_free() are ok.
> And I don't know any example of "unsafe" code in that sense.
> 
> However I believe it is easy to make the code which is correct from the
> RCU's API pov, but unsafe.

Yes, but how is it related to RCU ?
I mean, rcu_do_batch() is just a loop like others in kernel.
The loop itself is not buggy, but can call a buggy function, you are right.
A smp_rmb() wont avoid all possible bugs...

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ