lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 1 Apr 2010 09:13:31 -0700 (PDT)
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	"H. Peter Anvin" <hpa@...or.com>
cc:	Andrew Morton <akpm@...ux-foundation.org>,
	Yinghai Lu <yinghai@...nel.org>, Rabin Vincent <rabin@....in>,
	lkml <linux-kernel@...r.kernel.org>, penberg@...helsinki.fi,
	cl@...ux-foundation.org,
	Benjamin Herrenschmidt <benh@...nel.crashing.org>,
	linux-arch@...r.kernel.org, David Howells <dhowells@...hat.com>
Subject: Re: start_kernel(): bug: interrupts were enabled early



On Wed, 31 Mar 2010, H. Peter Anvin wrote:
> 
> The obvious way to fix this would be to use
> spin_lock_irqsave..spin_lock_irqrestore in __down_read as well as in the
> other locations; I don't have a good feel for what the cost of doing so
> would be, though.  On x86 it's fairly expensive simply because the only
> way to save the state is to push it on the stack, which the compiler
> doesn't deal well with, but this code isn't used on x86.

I think that's what we should just do, with a good comment both in the 
code and the changelog. I'm not entirely happy with it, because obviously 
it's conceptually kind of dubious to take a lock with interrupts disabled 
in the first place, but this is not a new issue per se.

The whole bootup code is special, and we already make similar guarantees 
about memory allocators and friends - just because it's too dang painful 
to have some special code that does GFP_ATOMIC for early bootup when the 
same code is often shared and used at run-time too.

So we've accepted that people can do GFP_KERNEL allocations and we won't 
care about them if we're in the boot phase (and suspend/resume), and we 
have that whole 'gfp_allowed_mask' thing for that.

I think this probably falls under exactly the same heading of "not pretty, 
but let's not blow up".

So making the slow-path do the spin_[un]lock_irq{save,restore}() versions 
sounds like the right thing. It won't be a performance issue: it _is_ the 
slow-path, and we're already doing the expensive part (the spinlock itself 
and the irq thing).

So ACK on the idea. Who wants to write the trivial patch and test it? 
Preferably somebody who sees the problem in the first place - x86 should 
not be impacted, since the irq-disabling slow-path should never be hit 
without contention anyway (and contention cannot/mustnot happen for this 
case).

			Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ