lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20090330132904.GA2822@redhat.com>
Date:	Mon, 30 Mar 2009 15:29:04 +0200
From:	Oleg Nesterov <oleg@...hat.com>
To:	"Metzger, Markus T" <markus.t.metzger@...el.com>
Cc:	"Kleen, Andi" <andi.kleen@...el.com>, Ingo Molnar <mingo@...e.hu>,
	Roland McGrath <roland@...hat.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Markus Metzger <markus.t.metzger@...glemail.com>
Subject: Re: [rfc] x86, bts: fix crash

On 03/30, Metzger, Markus T wrote:
>
> >The benefit would be that I don't need to hook into do_exit() anymore.

Metzger, I got lost ;) And I didn't sleep today, so most probably I missed
what you mean...

do you mean the helper below will be called under write_lock_irq(tasklist)?
In that case,

> >This would rid us of the nasty ->ptraced loop.
> >I will give it a try.
> >
> >
> >I use something like this to wait for the context switch:
> >  nvcsw = task->nvcsw + 1;
> >  nivcsw = task->nivcsw + 1;
> >  for (;;) {
> >	if (nvcsw < task->nvcsw)
> >		break;
> >	if (nivcsw < task->nivcsw)
> >		break;

Not exactly right, schedule() increments nvcsw/nivcsw before context_switch().
But this is fixable.

However. What if this task spins in TASK_RUNNING waiting for tasklist_lock ?
This is deadlockable even with CONFIG_PREEMPT, we take tasklit for reading
in interrupt context.

Afaics, we can also deadlock if task_cpu(task) sends IPI to us (with wait = 1),
the sender spins with preemption disabled.

> >	if (task->state != TASK_RUNNING)
> >		break;
> >  }
> >
>
> That is not quite right, as well. There's a race on the task state.
> In my example, I got TASK_DEAD before the dying task could complete its
> final schedule(), and the cpu continued tracing.

But we still have the same problems.

If the tracee doesn't call a blocking syscall, its ->state is always RUNNING.

It could be woken right after we see !TASK_RUNNING or !task_running().

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ