lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20091210053457.GB6720@linux.vnet.ibm.com>
Date:	Wed, 9 Dec 2009 21:34:57 -0800
From:	"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>
To:	Peter Zijlstra <peterz@...radead.org>
Cc:	Linus Torvalds <torvalds@...ux-foundation.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	LKML <linux-kernel@...r.kernel.org>,
	Dipankar Sarma <dipankar@...ibm.com>,
	Ingo Molnar <mingo@...e.hu>, Oleg Nesterov <oleg@...sign.ru>,
	Al Viro <viro@...iv.linux.org.uk>,
	James Morris <jmorris@...ei.org>,
	David Howells <dhowells@...hat.com>,
	Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [patch 0/9] Fix various __task_cred related invalid RCU
	assumptions

On Thu, Dec 10, 2009 at 06:13:51AM +0100, Peter Zijlstra wrote:
> On Wed, 2009-12-09 at 19:15 -0800, Linus Torvalds wrote:
> > 
> > On Wed, 9 Dec 2009, Paul E. McKenney wrote:
> > 
> > > On Thu, Dec 10, 2009 at 12:52:46AM -0000, Thomas Gleixner wrote:
> > > > While auditing the read_lock(&tasklist_lock) sites for a possible
> > > > conversion to rcu-read_lock() I stumbled over an unprotected user of
> > > > __task_cred in kernel/sys.c
> > > > 
> > > > That caused me to audit all the __task_cred usage sites except in
> > > > kernel/exit.c.
> > > > 
> > > > Most of the usage sites are correct, but some of them trip over
> > > > invalid assumptions about the protection which is given by RCU.
> > > > 
> > > > - spinlocked/preempt_disabled regions are equivalent to rcu_read_lock():
> > > > 
> > > >    That's wrong. RCU does not guarantee that. 
> > > > 
> > > >    It has been that way due to implementation details and it still is
> > > >    valid for CONFIG_TREE_PREEMPT_RCU=n, but there is no guarantee that
> > > >    this will be the case forever.
> > > 
> > > To back this up, item #2 from Documentation/RCU/checklist.txt says:
> > 
> > Hmm. This seems to be a difference that the tree-RCU things introduced, 
> > no? I wonder if we have other areas where we just knew that a spinlock 
> > would make an rcu read-lock unnecessary (which used to be true..)
> 
> That failed being true when we merged PREEMPT_RCU,.. which was a long
> time ago.

Ah -- I have a related lockdep question.  Is there a primitive that says
whether or not the current task holds at least one lock of any type?
If so, I would like to make rcu_dereference() do at least a little crude
checking for this problem.

							Thanx, Paul
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ