lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.64.0803051407310.22243@blonde.site>
Date:	Wed, 5 Mar 2008 14:29:59 +0000 (GMT)
From:	Hugh Dickins <hugh@...itas.com>
To:	Ingo Molnar <mingo@...e.hu>
cc:	Jeremy Fitzhardinge <jeremy@...p.org>,
	"H. Peter Anvin" <hpa@...or.com>, Andi Kleen <ak@...e.de>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: preempt bug in set_pmd_pfn?

On Wed, 5 Mar 2008, Ingo Molnar wrote:
> * Jeremy Fitzhardinge <jeremy@...p.org> wrote:
> > Ingo Molnar wrote:
> >> * Jeremy Fitzhardinge <jeremy@...p.org> wrote:
> >>   
> >>> I think set_pmd_pfn, which is only called by __set_fixmap, might have a 
> >>> preempt bug in it.
> >>>     
> >>
> >> yes, and we had similar preemption bugs in the past. I guess most places 
> >> are either infrequent or have some natural atomicity anyway. Wanna send a 
> >> patch?
> >
> > Sure.  Should it just disable preemption, or take a lock?  It calls 
> > set_pte_at without holding any pte locks; that seems to be relatively 
> > common.  Is it OK when you're operating on init_mm?
> 
> no, it's not OK to modify the kernel pagetable without locking - taking 
> the pgd_lock should do the trick. Could you send the stacktrace that 
> shows the place that is preemptible?

Please, Ingo, could you give an example of where such additional locking
is actually necessary?

I ask because I went over those places when splitting the page_table_lock
for userspace in 2.6.15.  Some things took init_mm.page_table_lock and
some things didn't, and I concluded that actually none of them needed it.

With the userspace pagetables, we need to guard against racing threads
and vmscan/rmap.  But with the kernel pagetables, we'd already be in
serious trouble if two cpus could be modifying the same pte at the
same time - there needs to be other serialization already e.g. vmalloc
has its own locking for parcelling out areas to different uses, so down
at the page table level there should be no conflict.

Allocation of new page tables, yes, that needs locking, and does use
the page_table_lock for kernel space just as for user space.

That was all two years ago, I may have been wrong then, or a lot may
have changed since.  But I've heard of a grand total of 0 problems
from not having such locking.

And on the original topic of flush TLB without preemption disabled:
again I'm not sure there's a bug there, but it's less clear.  Aren't
some of those __flush_tlb_ones just unnecessary, we're simply filling
a previously empty slot?  And if there's a guarantee that preemption
will itself involve a TLB flush (maybe there's no such guarantee for
these kernel entries, it's quite a different case from the userspace
one, and you'll be worrying about the global bit), if, then it'd be
okay to __flush_tlb_one without disabling preemption.

Hugh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ