lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 7 Dec 2009 10:45:08 +0300
From:	"Nikita V. Youshchenko" <yoush@...msu.su>
To:	Thomas Gleixner <tglx@...utronix.de>
Cc:	linux-kernel@...r.kernel.org
Subject: When it is save to kfree() hrtimer object?

Hi

I'm writing a device driver that processes it's requests.

Each request is described by a request structure. There may be arbitary 
number of requests pending, so I have a kmem_cache for those objects.

Request processing may include "retry after N usecs" on some conditions, so 
I have a struct htrimer embedded into my request structure, and use it to 
implement the delay.

When request processing is complete, I deallocate request structure with 
kmem_cache_free().

I faced an issue when request processing is complete when running inside 
hrtimer callback. I have nothing in my request processing that can't be 
done in atomic context - just several device register accesses and 
wake_up_interruptible() call. So I thought that I may do everything inside 
hrtimer callback. Including kmem_cache_free() the request structure.

But looks like I can't. Hrtimer code does access hrtimer object after 
return from callback, even if HRTIMER_NORESTART is returned. So if request 
object (that is container of hrtimer object in my case) is deallocated, 
slab corruption happens.

Looks like I will have to implement some ugly workaround for that ...  like 
a "garbage-collector" thread that will do nothing but deallocate requests 
from some sort of free list.

I'd like to ask several questions.

- Isn't it a bug that timer object is accessed after it's callback was 
called and returned HRTIMER_NORESTART?

- If that is not a bug, then when it is "officially safe" to deallocate 
struct hrtimer object?

- Are there any recommendations on how to implement "single-shot" timers 
like in my case?

Nikita
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ