| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 19 Nov 2008 19:27:25 +0100 From: Markus Metzger <markus.t.metzger@...glemail.com> To: eranian@...il.com Cc: "Metzger, Markus T" <markus.t.metzger@...el.com>, Markus Metzger <markus.t.metzger@...glemail.com>, Ingo Molnar <mingo@...e.hu>, Andi Kleen <andi@...stfloor.org>, Andrew Morton <akpm@...ux-foundation.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: debugctl msr On Wed, 2008-11-19 at 18:13 +0100, stephane eranian wrote: > Speaking of locking, I also ran into another issue with ds_lock. > Perfmon sessions each have a spinlock for access serialization, but to > prevent from PMU and timers interrupts, interrupts are masked. Thus, > when perfmon > calls ds.c, interrupts are masked. That means that we lock/unlock ds_lock > with interrupts disabled. The lock checker triggered when I ran a simple perfmon > session and warned of possible lock inversion. Suppose you are coming from the > ptrace code into ds. You grab ds_lock, but the same process is also running > a perfmon session with PEBS and a counter overflows, you get into > the PMU interrupt handler which may call into ds.c and try to grab the ds_lock. > For that reason, I think you should use a > spin_lock_irqsave/spin_unlock_irqrestore > pairs to protect your ds context. OK. So far, there was no user that called ds_*() with interrupts disabled. > I found another issue with ds_release(). You need to skip freeing the > buffer when it > is NULL, i.e., was already allocated by caller of ds_request_pebs(). ds_release() is not robust with respect to double release, if that's what you mean. Is that desirable? For a single ds_release() call matching a corresponding successful ds_request() call, the buffer is freed if and only if it had been allocated by ds.c. Kfree() itself handles NULL pointers and scripts/checkpatch.pl warns on a check for NULL around a kfree() call. > I have attached a diff for the ds.c interface. It disables > ds_validate_access(), export > the PEBS functions to modules, fixes ds_release(). > > As for handling the interrupt is ds.c, not clear how this could work > with current perfmon. > I don't know how this work on the BTS side. On the PMU side, that is not because > I am using PEBS, that I don't also use other counters as well. Longer > term, I think, there > needs to be a lower-level PMU interrupt service where you would > register a callback > on PMU interrupts. It would be used by NMI watchdog, perfmon, > Oprofile, ds.c. That's even preferable to having the interrupt code itself in ds.c The point I was trying to make is that buffer overflows should not be handled on higher levels (i.e. users of ds.c). That's why I am so reluctant to expose the interrupt threshold in the ds.c interface. regards, markus. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists