lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 27 May 2010 14:06:36 +0400
From:	Sergey Temerkhanov <temerkhanov@...dex.ru>
To:	Jeff Moyer <jmoyer@...hat.com>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	"linux-aio" <linux-aio@...ck.org>,
	LKML <linux-kernel@...r.kernel.org>,
	Benjamin LaHaise <bcrl@...ck.org>,
	Zach Brown <zach.brown@...cle.com>,
	Suparna Bhattacharya <suparna@...ibm.com>
Subject: Re: [PATCH][RFC] AIO: always reinitialize iocb->ki_run_list at the end of aio_run_iocb()

On Wednesday 26 May 2010 23:38:35 Jeff Moyer wrote:
...
> I can vaguely recall discussion surrounding the reference counting of
> cancel methods, but I have no idea what the actual contents of those
> discussions were.  Sorry, my memory has failed me.  Either Zach or
> Suparna might remember better.
> 
> Sergey, the cancellation path, unfortunately, is not well exercised as
> I'm sure you are aware.  As you pointed out, the only implementation of
> a cancel method is the usb gadget interface.  Now, given that they've
> worked fine with the extra put in their cancel method, I'm not sure why
> you can't do the same. 
Well, in fact, they have only one aio_put_req() in their cancel method. This 
is the code from 2.6.34:

static int ep_aio_cancel(struct kiocb *iocb, struct io_event *e)
{
	struct kiocb_priv	*priv = iocb->private;
	struct ep_data		*epdata;
	int			value;

	local_irq_disable();
	epdata = priv->epdata;
	// spin_lock(&epdata->dev->lock);
	kiocbSetCancelled(iocb);
	if (likely(epdata && epdata->ep && priv->req))
		value = usb_ep_dequeue (epdata->ep, priv->req);
	else
		value = -EINVAL;
	// spin_unlock(&epdata->dev->lock);
	local_irq_enable();

	aio_put_req(iocb);
	return value;
}

And adding extra aio_put_req() to the cancel method will not fix failing 
kick_iocb() which is another problem and this patch is supposed to address it.

> I'd rather not muddy these waters even further.  Unless there is a
> compelling reason why the patch author cannot do an extra put in his
> cancel method, I'd say that is the best way forward.
> 

This patch is not about reference counting - it's about kick_iocb() failing 
due to NULL values of iocb->ki_run_list.next and iocb->ki_run_list.prev which 
are left after aio_run_iocb().

> Cheers,
> Jeff
> 

-- 
Regards, Sergey Temerkhanov,
Cifronic ZAO
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ