lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20100329125415.GA22451@redhat.com>
Date:	Mon, 29 Mar 2010 14:54:15 +0200
From:	Oleg Nesterov <oleg@...hat.com>
To:	Stanislaw Gruszka <sgruszka@...hat.com>
Cc:	Balbir Singh <balbir@...ux.vnet.ibm.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Americo Wang <xiyou.wangcong@...il.com>,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	Hidetoshi Seto <seto.hidetoshi@...fujitsu.com>,
	Ingo Molnar <mingo@...e.hu>,
	Peter Zijlstra <peterz@...radead.org>,
	Roland McGrath <roland@...hat.com>,
	Spencer Candland <spencer@...ehost.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [RFC,PATCH 1/2] cputimers/proc: do_task_stat()->task_times()
	can race with getrusage()

On 03/29, Stanislaw Gruszka wrote:
>
> On Fri, Mar 26, 2010 at 10:49:06PM +0100, Oleg Nesterov wrote:
> > As for do_task_stat()->thread_group_times(), I think we can make it
> > rc-safe without breaking /bin/top.
> >
> > 	1. add spin_lock_irqsave(&sig->cputimer.lock) around
> > 	   sig->prev_Xtime = max(...)
> The easiest way to avoid that races is move all calls to task_times()
> and thread_group_times() inside ->siglock, but that's a bit crappy.

Yes, and we should avoid overloading ->siglock if possible.

> There is also another impossible race here. On 32-bit machines
> reading/writing sum_exec_runtime is not atomic,

Sure,

> IIRC ->siglock
> protect about that as well.

I don't think so. update_curr/etc updates t->se.sum_exec_runtime without
->siglock, it can't help to read u64 values atomically.

> > 	2. Add a couple of barriers into thread_group_cputime()
> > 	   and __exit_signal() so that without ->siglock we can
> > 	   never overestimate utime/stime if we race with exit.
> > 
> > 	   If we underestimate these values, this should be fine:
> > 
> > 	   - the error can't be "systematic", the next read from
> > 	     /prod/pid/stat will see the updated values
> > 
> > 	   - the prev_Xtime logic in thread_group_times() ensures
> > 	     the reported time can never go back.
> > 
> > 	   IOW: at worse, cat /proc/pid/stat can miss the time
> > 	   which the exited thread spent on CPU after the previous
> > 	   read of /proc/pid/stat. This looks absolutely harmless,
> > 	   the next read will see this time.
> > 
> > 	   Probably we can even detect this case if we look at
> > 	   sig->nr_threads and retry.
> Races with __exit_signal() can lead to count Xtime values twice,
> first: in tsk->Xtime, second: after task exits, in sig->Xtime.

Please see above. This is what should be avoided.

> > I'll try to make patches unless someone has a better idea.
> >
> > I just can't accept the fact that we are doing while_each_thread()
> > under ->siglock here ;)
> Problem is not only in do_task_stat(). We have couple other places
> where we iterate over all threads with ->siglock taken.

Yes sure. I dislike the do_task_stat() case because we always do this,
even if this info is not needed, say, for /bin/ps.

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ