lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 4 Jun 2008 13:09:18 +0200
From:	"Dmitry Adamushko" <dmitry.adamushko@...il.com>
To:	"Oleg Nesterov" <oleg@...sign.ru>
Cc:	"Ingo Molnar" <mingo@...e.hu>, "Matthew Wilcox" <matthew@....cx>,
	"Peter Zijlstra" <a.p.zijlstra@...llo.nl>,
	linux-kernel@...r.kernel.org
Subject: Re: Q: down_killable() is racy? or schedule() is not right?

2008/6/3 Oleg Nesterov <oleg@...sign.ru>:
> I just noticed we have generic semaphores, a couple of questions.
>
>        down():
>
>                spin_lock_irqsave(&sem->lock, flags);
>                ...
>                __down(sem);
>
> Why _irqsave ? we must not do down() with irqs disabled, and of course
> __down() restores/clears irqs unconditionally.
>
>
> Another question,
>
>        __down_common(TASK_KILLABLE):
>
>                        if (state == TASK_KILLABLE && fatal_signal_pending(task))
>                                goto interrupted;
>
>                        /* --- WINDOW --- */
>
>                        __set_task_state(task, TASK_KILLABLE);
>                        schedule_timeout(timeout);
>
> This looks racy. If SIGKILL comes in the WINDOW above, the event is lost.
> The task will wait for up() or timeout with the fatal signal pending, and
> it is not possible to wakeup it via kill() again.
>
> This is easy to fix, but I wonder if we should change schedule() instead.

[ for what it's worth ] I think, you are definitely right here.

The schedule() would be the right place to fix it. At the very least,
because otherwise callers are obliged to always check for
fatal_signal_pending(task) before scheduling with state ==
TASK_KILLABLE. e.g. schedule_timeout_killable().

Not very nice, IMHO.


>        int signal_pending_state(struct task_struct *tsk)
>        {
>                if (!(state & (TASK_INTERRUPTIBLE | TASK_WAKEKILL)))
>                        return 0;
>                if (signal_pending(tsk))
>                        return 0;

I guess, it should be ! signal_pending(tsk).


>
>                return (state & TASK_INTERRUPTIBLE) ||
>                        __fatal_signal_pending(tsk);
>        }
>
>                if (state == TASK_INTERRUPTIBLE && signal_pending(task))
>                        goto interrupted;
>                if (state == TASK_KILLABLE && fatal_signal_pending(task))


>
> Oleg.
>

-- 
Best regards,
Dmitry Adamushko
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ