| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 3 Sep 2009 15:03:00 -0700 From: "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com> To: Christoph Lameter <cl@...ux-foundation.org> Cc: Eric Dumazet <eric.dumazet@...il.com>, Pekka Enberg <penberg@...helsinki.fi>, Zdenek Kabelac <zdenek.kabelac@...il.com>, Patrick McHardy <kaber@...sh.net>, Robin Holt <holt@....com>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Jesper Dangaard Brouer <hawk@...x.dk>, Linux Netdev List <netdev@...r.kernel.org>, Netfilter Developers <netfilter-devel@...r.kernel.org> Subject: Re: [PATCH] slub: fix slab_pad_check() On Thu, Sep 03, 2009 at 05:43:12PM -0500, Christoph Lameter wrote: > On Thu, 3 Sep 2009, Paul E. McKenney wrote: > > > 2. CPU 0 discovers that the slab cache can now be destroyed. > > > > It determines that there are no users, and has guaranteed > > that there will be no future users. So it knows that it > > can safely do kmem_cache_destroy(). > > > > 3. In absence of rcu_barrier(), kmem_cache_destroy() would > > immediately tear down the slab data structures. > > Of course. This has been discussed before. > > You need to ensure that no objects are in use before destroying a slab. In > case of DESTROY_BY_RCU you must ensure that there are no potential > readers. So use a suitable rcu barrier or something else like a > synchronize_rcu... If by "you must ensure" you mean "kmem_cache_destroy must ensure", then we are in complete agreement. Otherwise, not a chance. > > > But going through the RCU period is pointless since no user of the cache > > > remains. > > > > Which is irrelevant. The outstanding RCU callback was posted by the > > slab cache itself, -not- by the user of the slab cache. > > There will be no rcu callbacks generated at kmem_cache_destroy with the > patch I posted. That is true. However, there well might be RCU callbacks generated by kmem_cache_free() that have not yet been invoked. Since kmem_cache_free() generated them, it is ridiculous to insist that the user account for them. That responsibility must instead fall on kmem_cache_destroy(). > > > The dismantling does not need RCU since there are no operations on the > > > objects in progress. So simply switch DESTROY_BY_RCU off for close. > > > > Unless I am missing something, this patch re-introduces the bug that > > the rcu_barrier() was added to prevent. So, in absence of a better > > explanation of what I am missing: > > The "fix" was ill advised. Slab users must ensure that no objects are in > use before destroying a slab. Only the slab users know how the objects > are being used. The slab allocator itself cannot know how to ensure that > there are no pending references. Putting a rcu_barrier in there creates an > inconsistency in the operation of kmem_cache_destroy() and an expectation > of functionality that the function cannot provide. If by "must ensure that no objects are in use", you mean "must have no further references to them", then we are in agreement. And in my scenario above, it is not the -user- who later references the memory, but rather the slab code itself. Put the rcu_barrier() in kmem_cache_free(). Please. Thanx, Paul -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists