lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Tue, 18 Mar 2008 12:21:39 +0100
From:	Johannes Weiner <hannes@...urebad.de>
To:	Jan Engelhardt <jengelh@...putergmbh.de>
Cc:	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: vfree with spin_lock_bh

Hi Jan,

Jan Engelhardt <jengelh@...putergmbh.de> writes:

> while transforming some code with big allocations (like 120 KB) from 
> kmalloc to vmalloc — virtual contiguity is sufficient — I hit a
> BUG_ON in mm/vmalloc.c a number of times:
>
> 	void vfree(const void *addr)
> 	{
> 	        BUG_ON(in_interrupt());
> 	        __vunmap(addr, 1);
> 	}
>
> First I was thinking “how could iptables -F run in interrupt context?”,
> but apparently, it does seem to make a difference:
>
> 	...
> 	spin_lock_bh(&a_local_spinlock);
> 	list_del_rcu(&node->list);
> 	printk(KERN_INFO "Interrupt? %lu\n", in_interrupt());
> 	/* vfree not worky here */
> 	spin_unlock_bh(&a_local_spinlock);
> 	printk(KERN_INFO "Interrupt? %lu\n", in_interrupt());
> 	/* now possible */
> 	vfree(node);
> 	...
>
> and this gives (x86_32)
>
> 	Interrupt? 256
> 	Interrupt? 0
>
> So this may be a "property" of spinlocks, but it is a bit strange to me.
> Why should not I be able to call vfree() when I am, in fact, in
> user context (but with a bh spinlock held...).

in_interrupt() checks for both, hard- and softirqs.  Since
spin_lock_bh() disables softirq's you have to be as fast as possible to
avoid softirq latency.

> Do I perhaps need a non-bh spinlock? There's RCU going on on that 
> linked list so I am not sure whether I could just call the normal 
> spin_lock() function.

Perhaps a call_rcu() which vfree()s the node?  But I am just guessing
wildly here.

> Looking at the code of _spin_lock_bh in kernel/spinlock.c reveals that 
> it is actually disabling preempt instead of being in an interrupt. 
> Making an uneducated guess, would
>
> 	BUG_ON(in_interrupt() != 0 && in_interrupt() != 256)

That's basically a lacky in_irq().  The 256 you see here is
1<<SOFTIRQ_SHIFT but softirq disabling can be nested and you can not
check for 256 directly.

> in vfree() be safe?

Can not judge that.

	Hannes
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ