lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200705120216.37814.rjw@sisk.pl>
Date:	Sat, 12 May 2007 02:16:36 +0200
From:	"Rafael J. Wysocki" <rjw@...k.pl>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	Linus Torvalds <torvalds@...ux-foundation.org>,
	Gautham R Shenoy <ego@...ibm.com>,
	LKML <linux-kernel@...r.kernel.org>,
	Oleg Nesterov <oleg@...sign.ru>, Pavel Machek <pavel@....cz>,
	"Eric W. Biederman" <ebiederm@...ssion.com>
Subject: Re: [PATCH 1/7] Freezer: Read PF_BORROWED_MM in a nonracy way

On Saturday, 12 May 2007 01:25, Andrew Morton wrote:
> On Sat, 12 May 2007 01:22:06 +0200
> "Rafael J. Wysocki" <rjw@...k.pl> wrote:
> 
> > On Saturday, 12 May 2007 00:56, Linus Torvalds wrote:
> > > 
> > > On Fri, 11 May 2007, Rafael J. Wysocki wrote:
> > > > 
> > > > For user space processes this condition is always true.
> > > > 
> > > > For kernel threads:
> > > > (1) the change of tsk->mm from NULL to a nonzero value is only made in
> > > > fs/aio.c:use_mm() along with the setting of PF_BORROWED_MM under
> > > > the task_lock(),
> > > > (2) the change of tsk->mm from a nonzero value to NULL is only made in
> > > > fs/aio.c:unuse_mm() along with the resetting of PF_BORROWED_MM
> > > > under the task_lock().
> > > > Therefore, by taking the task_lock() here we make sure that the condition
> > > > is alyways false when we check it for kernel threads.
> > > 
> > > Why *test* it then and return anything?
> > > 
> > > Why not just doa "task_lock(p); task_unlock(p);" with no return value? 
> > > 
> > > As it is, it sounds like either the code is buggy, or it's pointless.
> > 
> > I'm not sure what you mean.
> > 
> > We use this function (ie. kernel/power/process.c:is_user_space()) to
> > distinguish kernel threads from user space processes.  Therefore we make it
> > always return true for user space processes and always return false for kernel
> > threads.  In the latter case we need to use the task_lock() to ensure that the
> > result is as desired (ie. false), because otherwise it might be racing with
> > either fs/aio.c:use_mm() or fs/aio.c:unuse_mm().
> > 
> 
> ah, OK.
> 
> static void use_mm(struct mm_struct *mm)
> {
> 	struct mm_struct *active_mm;
> 	struct task_struct *tsk = current;
> 
> 	task_lock(tsk);
> 	tsk->flags |= PF_BORROWED_MM;
> 	active_mm = tsk->active_mm;
> 	atomic_inc(&mm->mm_count);
> 	tsk->mm = mm;
> 	tsk->active_mm = mm;
> 	/*
> 	 * Note that on UML this *requires* PF_BORROWED_MM to be set, otherwise
> 	 * it won't work. Update it accordingly if you change it here
> 	 */
> 	switch_mm(active_mm, mm, tsk);
> 	task_unlock(tsk);
> 
> So is_user_space() requires that the state of p->mm and p->flags be
> consistent: it doesn't want to be looking at those two things in that
> three-statement window above.
> 
> Good changelogging and commenting save quite a bit of time and email.

Very true.

I have added a comment to the patch, so that we remeber why the task_lock()
is there.  Please replace the original patch with this one (unless you think it's
worse ;-)).

---
From: Rafael J. Wysocki <rjw@...k.pl>

The reading of PF_BORROWED_MM in is_user_space() without task_lock() is racy. 
Fix it.

Signed-off-by: Rafael J. Wysocki <rjw@...k.pl>
Acked-by: Pavel Machek <pavel@....cz>
---
 kernel/power/process.c |   14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

Index: linux-2.6/kernel/power/process.c
===================================================================
--- linux-2.6.orig/kernel/power/process.c
+++ linux-2.6/kernel/power/process.c
@@ -8,6 +8,7 @@
 
 #undef DEBUG
 
+#include <linux/sched.h>
 #include <linux/interrupt.h>
 #include <linux/suspend.h>
 #include <linux/module.h>
@@ -88,7 +89,18 @@ static void cancel_freezing(struct task_
 
 static inline int is_user_space(struct task_struct *p)
 {
-	return p->mm && !(p->flags & PF_BORROWED_MM);
+	int ret;
+
+	/*
+	 * task_lock() is acquired to avoid evaluating the condition while the
+	 * state of p->mm and p->flags is not consistent, which may happen,
+	 * for example, if this function is executed in parallel with
+	 * fs/aio.c:unuse_mm()
+	 */
+	task_lock(p);
+	ret = p->mm && !(p->flags & PF_BORROWED_MM);
+	task_unlock(p);
+	return ret;
 }
 
 static unsigned int try_to_freeze_tasks(int freeze_user_space)

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ