lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 13 Apr 2008 08:22:41 -0600
From:	Matthew Wilcox <matthew@....cx>
To:	Bart Van Assche <bart.vanassche@...il.com>
Cc:	Roland Dreier <rdreier@...co.com>,
	Peter Zijlstra <peterz@...radead.org>,
	Ingo Oeser <ioe-lkml@...eria.de>,
	Daniel Walker <dwalker@...sta.com>,
	linux-kernel@...r.kernel.org, Ingo Molnar <mingo@...e.hu>,
	Linus Torvalds <torvalds@...l.org>
Subject: Re: [PATCH] Replace completions with semaphores

On Sun, Apr 13, 2008 at 03:55:45PM +0200, Bart Van Assche wrote:
> On Sat, Apr 12, 2008 at 9:53 PM, Roland Dreier <rdreier@...co.com> wrote:
> >  Just make sure you don't forget the history of completions...  As
> >  Linus said long ago (http://lwn.net/2001/0802/a/lt-completions.php3):
> >
> >   In case anybody cares, the race was that Linux semaphores only protect the
> >   accesses _inside_ the semaphore, while the accesses by the semaphores
> >   themselves can "race" in the internal implementation. That helps make an
> >   efficient implementation, but it means that the race was:
> >
> >             cpu #1                       cpu #2
> >
> >             DECLARE_MUTEX_LOCKED(sem);
> >             ..
> >             down(&sem);                   up(&sem);
> >             return;
> >                                           wake_up(&sem.wait) /*BOOM*/
> 
> Thanks for bringing this back to attention -- I wasn't aware of the
> message you cited.
> 
> My opinion about the above race is that this race has nothing to do
> with the semaphore concept, but that the race is caused by the way in
> which the semaphore object is used. Using any object after it has been
> destroyed is asking for trouble.

I think you need to re-read more carefully.

The users of the semaphore were doing nothing wrong.  They were not
using the object after it was destroyed.

The i386 implementation of the semaphore was calling wake_up() after
setting the counter to allow cpu #0 to proceed.  That was faster for the
common case, but had this problem.  completions were careful not to do
that, and the semaphore implementation I wrote doesn't do that either.

-- 
Intel are signing my paycheques ... these opinions are still mine
"Bill, look, we understand that you're interested in selling us this
operating system, but compare it to ours.  We can't possibly take such
a retrograde step."
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ