lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20070615235912.GA103@tv-sign.ru>
Date:	Sat, 16 Jun 2007 03:59:12 +0400
From:	Oleg Nesterov <oleg@...sign.ru>
To:	john stultz <johnstul@...ibm.com>
Cc:	Ingo Molnar <mingo@...e.hu>,
	"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>,
	Steven Rostedt <rostedt@...dmis.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH -rt] Fix TASKLET_STATE_SCHED WARN_ON()

On 06/15, john stultz wrote:
>
> On Fri, 2007-06-15 at 19:52 +0400, Oleg Nesterov wrote:
> > 
> > Could you please look at the message below? I sent it privately near a month
> > ago, but I think these problems are not fixed yet.
> 
> Hmm. Maybe you sent it to others on the cc list, as I can't find it in
> my box. But apologies anyway.

checking my mbox... Oops, you are right, sorry!

> > > +		if (unlikely(atomic_read(&t->count))) {
> > > +out_disabled:
> > > +			/* implicit unlock: */
> > > +			wmb();
> > > +			t->state = TASKLET_STATEF_PENDING;
> > 
> > What if tasklet_enable() happens just before this line ?
> > 
> > After the next schedule_tasklet() we have all bits set: SCHED, RUN, PENDING.
> > The next invocation of __tasklet_action() clears SCHED, but tasklet_tryunlock()
> > below can never succeed because of PENDING.
> 
> Yep. I've only been focusing on races in schedule/action, as I've been
> hunting issues w/ rcu. But I'll agree that the other state changes look
> problematic. I know Paul McKenney was looking at some of the other state
> changes and was seeing some potential problems as well.

OK, thanks. But doesn't this mean your 2-nd patch is questionable?

> +               } else {
> +                       /* This is subtle. If we hit the corner case above
> +                        * It is possible that we get preempted right here,
> +                        * and another task has successfully called
> +                        * tasklet_schedule(), then this function, and
> +                        * failed on the trylock. Thus we must be sure
> +                        * before releasing the tasklet lock, that the
> +                        * SCHED_BIT is clear. Otherwise the tasklet
> +                        * may get its SCHED_BIT set, but not added to the
> +                        * list
> +                        */
> +                       if (!tasklet_tryunlock(t))
> +                               goto again;

Again, tasklet_tryunlock() can fail because _PENDING was set by __tasklet_action().
In that case __tasklet_common_schedule() goes to the endless loop, no?

Oleg.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ